academy sqlmap essentials case:10

I’m a bit stuck on Case 10 for the sqlmap essentials course. It says “What’s the contents of table flag10? (Case #10)” I’ve been banging my head on the wall for a bit. I’m able to perform a scan against the page with an case10.php?id=1 ending, but it says there are no vulnerabilities with the parameter. I’ve tried various techniques, but they haven’t gotten me anywhere. Is the cc column a hash of some other column? I didn’t see any logic for hashing in the response. I could use some hints.

1 Like

Im so stuck there, did u get the flag??

did u solved it? now im stuck i need some hint

nevermind i did it if someone needs help dm me!!!

can you help me?

got it lol, try to be unpredictable

Got it, try to use what you learned on the lesson, use everything in your disposal until it works

Hi man congrats! could you please help me with this, I reaaaally need a hint… I tried everything and nothing works.

–tamper=ALL the options

I also tried to understand the app… trying to figure out what kind of protection it has but I have no idea about that either.

It’s not that hard, the module is called essantials, your commandline should not be that big and complicated. Just try to capture the request on Burpsuite, copy it to file and use it on SQLmap since the url by itself have nothing to inject. After that just use the --dump flag and the -T flag to specify what you are looking for :slight_smile:


Yeap Ludu is right, I had the flag but didn’t work so I thought that was another flag. Please check for extra spaces or try log in/out (that last thing was my issue…)

Remember -r req.txt and -D and -T and --schema that will help you.

Been stuck on this longer than I like to admit and have tried a copule things talked about in here, but I’m still not understanding how / what I’m doing wrong.

sql -r req.txt doesnt identify the target as vulnerable even with Risk 5 and the other thing 3. Obviously its on the right thing as everyone is talking about it in here but I’m at a loss at this point.

can you remind me again which one is this? What is the headline of the part of the module?

You might not have the right vulnerable url? As I recall this was NOT a one line but step by step.

Discover databases -D then tables -T etc. step by step. send me a direct massage if you can’t find the solution.

This case was different than the rest at the end of the ip address.

sqlmap -u ‘http://server_ip/case10.php’ --data=“id=1”

There are three other paramaters to add after that. For one of them, like Hak4maN said, “don’t forget to be unpredictable.” And you’ll know the other two common parameters if you’d made it this far. (the ones that speed up the process and give you the info you need).

Can someone tell me what the purpose of this question is to examine? I previously modified the curl content to dump it ,and I find the flag ,but I don’t think I have accepted the challenge :disappointed:

yeah i literally did the most basic thing which is copying the curl command and changing it with sqlmap + batch dump and it worked, what was the purpose of flag 10???

1 Like

like the hint even says run sqlmap to see what error it returns, but it returned no error???

yeah this one is frustrating and im def a bit lost to say the least

any ideas?