HTB Academy - SQLMAP ESSENTIALS - Case6 - Non-standard boundaries

Can anyone quide me forward here, I’ve been stuck here for couple of days now, and feel like I’ve tried everything.
I’m not sure anymore whether I’m supposed to use --prefix and --suffix, or just --prefix.
The hint says: Use the prefix ‘`)’. - Do I need to write is as it is, or in HTML URL Encoded version, the instructions say nothing about this.
When I try to inject with ‘spoiler’ after col=id, I get some error atleast
(also tried replacing col=‘spoiler’)

SQL error: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near " at line 1

I’ve tried every single option in SQLmap --level --risk -v to no avail

I already completed the next one too, but this one I think they made little too hard, or the instruction are missing something crucial

EDIT: Editted question to avoid spoiling it for others


You are very close, everything in your post should help you. Start fresh from the beginning doing what the hint says, you should see that it hits something, then increase the options from there. I generally have been using --batch and --dump for most of these exercises.

Edit: To take a stab at the error, try using single quotes when you use --prefix. If you used double quotes it might have taken the backtick or closing parenthesis wrong.

Start simple and build from there.

DM your sqlmap line and I will see if I can push you in a better direction.

1 Like

Man you are a lifesaver, changing to single quotes did the trick, thanks again!

Anyone else struggling with this, It’s like onthesauce said, single quotes (') instead of double quotes (") did the trick for me, also I recommend using URL encoding, might work with just ASCII though!

Hey man,

Sorry to bother you again, but do you have any tips for the:

Bypassing Web Application Protections

  • What’s the contents of table flag8? (Case #8)

I feel like I’ve got the code right, but I cant understand what’s wrong with it:

It says I have to specify token name, and that name “spoiler” I dug from the Burp suite when accessing the page, I’m trying to understand what am I doing wrong here

EDIT: Removed the commands to avoid spoilers for others

No worries!

The SQLMap module was pretty tricky. Before continuing, read the first paragraph of my post above. Start fresh from the beginning. Try following the example provided in the lesson. Be wary of using id=* that might break things.

If you follow the example correctly, you should see that something happens. It won’t give you the flag, but it will be a ray of light. From there you just need one of the commands I mentioned in my last reply. Definitely don’t forget those two, they are life savers. And it is a rare occurrence when they aren’t needed.

Good luck, DM me if you are still stuck.

1 Like

Got it, Thanks again !

I’ve been stuck for 5 days now on Case6. The hint mentions to “Use the prefix ‘`)’.”

With that mention, i’ve issued the following commands:
sqlmap -u “Target URL” --prefix= ‘`)’ --suffix=“-- -”

sqlmap -u “Target URL” --prefix= “‘`)’” --suffix=“-- -”

sqlmap -u “” --prefix=‘%20%27%60%29%27’ --suffix=“-- -”

sqlmap -u “” --prefix=‘%20%27%60%29%27’ --suffix=“-- -” -dump -T flag5 --level=5 --risk=3

None are working. Can you help me properly construct this command or let me know what I need to use?

thank you @onthesauce you are a great help

1 Like

Thanks, G-D I could resolve it, but using the hint, My question is How should I understand that I need the prefix?