My syntax is as follows:
python sqlmap.py -u http://157.245.46.136:32107/case9.php?id=1&uid=2872607333 --randomize=uid --batch -v 5 | grep URI
the output i receive back is
[1] 13540
bash: --randomize=uid: command not found
Sorry if I answer now. Got a lot of stuff to do. You are very near to the solution. @skiddie762 solve the bash: --randomize=uid: command not found error. Why bash are looking it as a different command? What’s wrong with previous string? What you need to use in order bash can work and parse those strings well?
wow thanks man, sometimes i overlook the issues and miss the small things
1 Like
I don’t understand what the prefix should be, when I picked it up I had the same errors as you, right up to the last one here
SQL error: SQLSTATE[42000]: Syntax error or access violation: 1064 check the manual that corresponds to your MariaDB server version for the right syntax to use near ‘’ at line 1
but nothing came up, I tried a bunch of options, can you give some hint please
Which exercise and which command are u using?
Hi guys, I stayed here for a lot of time trying to resolve challenge #6. Used the hint to solve the problem.
If you are still stuck the secret is in these lines quoted here.
also pay attention to the un-noted hints. for example in the module go to the section that talks about col…col is in the url as well
oh and just to be clear, i figured it out by accident. not because i understand it any better than anyone else.
I got the flag by only using --prefix without using --level flag.
Hello, could you please help me out ?
I’m using this command: sqlmap 178.62.84.158:30717/case6.php?col=1 --prefix=‘`)’ --suffix=“-- -” --risk 3 -v 3 --level 5
It always gives me the error:
“parameter ‘Host’ does not seem to be injectable” – “CRITICAL] all tested parameters do not appear to be injectable”
Any tips please.
EDIT: I got the flag. I read all of your answers and it helped me understand. Thank you!
2 Likes
Could you please help with the command
Could you please Dm me with the command you are using
Hi guys, I am stuck in this exercise for 3 days now.
I have tried everything in this thread and more.
Can anyone give me a hint as to what the underlying SQL statement might be?
Gladly also as DM.
Hi everyone, I received a tip myself and finally solved it.
Please do not think too complex! Also forget the encoding etc. The prefix is really short.
The hint next to the submit button is meant exactly as it says.
Use the prefix command with following syntax:
–prefix=’ ’
Good luck!
4 Likes
I was stuck in this one as well and read all blogs here.
My hints if you get stuck is DON’T over-think it! it is easy level BUT READ the HINT carefully and details matters (as izzo also points out) - that got me out on a wrong learning curve but finally solved it much easier than I tried/contemplated.
Hint if you still are struggling: I used -r (eventually) --level=5, --batch and then the hint from the “hint”.
Happy Hunting
3 Likes
I’ve been stuck for 5 days now on Case6. The hint mentions to “Use the prefix ‘`)’.”
With that mention, i’ve issued the following commands:
sqlmap -u “Target URL” --prefix= ‘`)’ --suffix=“-- -”
sqlmap -u “Target URL” --prefix= “‘`)’” --suffix=“-- -”
sqlmap -u “http://178.128.163.230:31021/case6.php?col=id?q=test” --prefix=‘%20%27%60%29%27’ --suffix=“-- -”
sqlmap -u “http://178.128.163.230:31021/case6.php?col=id?q=test” --prefix=‘%20%27%60%29%27’ --suffix=“-- -” -dump -T flag5 --level=5 --risk=3
None are working. Can you help me properly construct this command or let me know what I need to use?
So I just spent hours on this one. Scoured this thread. Ran sqlmap with all kinds of crazy flags. @Cyberstorm nailed it here. Its SO much simpler than you think. I actually ended up doing this manually, thats how simple it is.
Sqlmap did at first return a payload, but I couldn’t figure out how to get data to return. I think sometimes the information it returns needs to be analyzed manually in order to determine how to craft the vector manually? idk but even trying to modify the returned payload didn’t help. If anyone got an explicit payload that worked while using sqlmap, please let me know.
If you’re stuck here, just remember the methodology taught in SQL Injection Fundamentals; how did you test for SQLi and what characters did you use?
1 Like
Yes, I did only use SQLMAP for this. Long time ago LoL but if it was the one I think it was it was about that SQLMAP does see a difference on which “quotes characters” you use. I kept using " and SQLMAP likes ’
other than the hint I used -r --batch and --level=5 --dump and --prefix… all done with SQLMAP.
When I said it was more simple, I meant there is no need for encoding and what have we. as long as you figure out the prefix (which is in the hint) it’s all business as usual with SQLMAP haha and if still getting weird results - what actually solved it after days of frustration was cut-and-paste the hint (as in are you sure what you type is what you see?) different fonts/browser can sometimes fool you. Anyway short version it is possible to do with SQLMAP and yes SQL essentials is the hint to understanding the prefix as @GuyKazuya said.
2 Likes
Hi, besides all tips from the top, which are correct, here’s one that nobody has mentioned and will save you a ton of time. If you are constantly running with different combinations for the prefix (which is, again, pretty straightforward as the hint says):
- My hint is that the only SQLi technique you need is “Union-query”. How to specify that? Read carefully that same module
You don’t necessarily need to use the hint, I got it without it, the command is very simple indeed, do not overthink it, what I did use was -p col -T (flag) and --dump and that did the trick
I read multiple times the whole thread of comments and took me a long time to find it but in the end it’s not complicated at all
Hello,
After hours of trying, and reading through this thread, I finally screwed up,
My hint is : Don’t overcomplicate it, keep it simple
Hint 2.0 : the comand to get a flag is not much longer than to get flag5 