academy sqlmap essentials case:10

ecutrigut · August 2, 2021, 8:02pm

I’m a bit stuck on Case 10 for the sqlmap essentials course. It says “What’s the contents of table flag10? (Case #10)” I’ve been banging my head on the wall for a bit. I’m able to perform a scan against the page with an case10.php?id=1 ending, but it says there are no vulnerabilities with the parameter. I’ve tried various techniques, but they haven’t gotten me anywhere. Is the cc column a hash of some other column? I didn’t see any logic for hashing in the response. I could use some hints.

octimus96 · May 2, 2022, 2:00am

Im so stuck there, did u get the flag??

Ragnarito · June 1, 2022, 1:13am

did u solved it? now im stuck i need some hint

Ragnarito · June 1, 2022, 1:41am

nevermind i did it if someone needs help dm me!!!

Hak4maN · July 29, 2022, 5:05am

can you help me?

Hak4maN · July 29, 2022, 6:35am

got it lol, try to be unpredictable

noorstudies · September 18, 2022, 4:26pm

Got it, try to use what you learned on the lesson, use everything in your disposal until it works

Cen4rd · October 8, 2022, 12:29am

Hi man congrats! could you please help me with this, I reaaaally need a hint… I tried everything and nothing works.

–tamper=ALL the options
–random-agent
–chunked
-chunked
–randomize=id
–eval

I also tried to understand the app… trying to figure out what kind of protection it has but I have no idea about that either.

Ludovictor · October 12, 2022, 4:12am

It’s not that hard, the module is called essantials, your commandline should not be that big and complicated. Just try to capture the request on Burpsuite, copy it to file and use it on SQLmap since the url by itself have nothing to inject. After that just use the --dump flag and the -T flag to specify what you are looking for

Cen4rd · October 13, 2022, 12:58am

Yeap Ludu is right, I had the flag but didn’t work so I thought that was another flag. Please check for extra spaces or try log in/out (that last thing was my issue…)

Cyberstorm · November 26, 2022, 7:08pm

Remember -r req.txt and -D and -T and --schema that will help you.

ClassicAxiom · March 9, 2023, 3:00pm

Been stuck on this longer than I like to admit and have tried a copule things talked about in here, but I’m still not understanding how / what I’m doing wrong.

sql -r req.txt doesnt identify the target as vulnerable even with Risk 5 and the other thing 3. Obviously its on the right thing as everyone is talking about it in here but I’m at a loss at this point.

Cyberstorm · March 10, 2023, 8:22am

can you remind me again which one is this? What is the headline of the part of the module?

You might not have the right vulnerable url? As I recall this was NOT a one line but step by step.

Discover databases -D then tables -T etc. step by step. send me a direct massage if you can’t find the solution.