SQLMap essentials - cast #5 flag

Hey,
I am currently on cast #5 on the sqlmap essentials room, I found the ejection and most of the flag, but can’t get the full flag. The hint says to run the command few times to get the correct result, but no mather how many times I ran it and changed commands, it didnt help.

The command I run:
sqlmap -u http://157.245.33.77:30661/case5.php?id=1

What should I do?
Thanks

SOLUTION:
I restarted the target and it worked. If you get a flag that ends with 9, change it to ‘7}’ and that’s it.

1 Like

hey man i am also getting an error. i’ve restarted the target many times and the table dumps but it looks like it could be a HTB issue.

I restarted the machine like 10 times until I got the right flag, HTB should fix it

1 Like

In my case I had to substitute the character ` for _ that was in my flag and it worked.

Hi, i proved the command and give me an error content in the flag5 table dump i guess. Any help?

use the or condition, with --batch --dump

I recommend everyone to watch “Cybr” video on sqlmap’s Risk and Level options explanation.

1 Like

Getting the answer is easier than you think:
1.Intercept the request with burpsuite
2. Execute sqlmap -r case5.txt --no-cast -T flag5 --batch --dump
In this case, neither --risk nor --level is necessary.

If you get a “blank” restart the Box, it’s still an issue.

I dont get it, I tried these commands:

sqlmap -u http://94.237.54.170:58561/case5.php?id=1 --no-cast --dump -T flag5 --level=5 --risk=3

sqlmap -u http://94.237.54.170:58561/case5.php?id=1 --no-cast --batch --dump -T flag5 --level=5 --risk=3

I do actually get the flag for table flag5, but HTB tells me its the wrong answer

  1. Need to try many times. The outputs are not reliable. Sqlmap gives me flags 5 with minor differences.
  2. May need to reset the target
  3. Need to delete the output folder and try again.

Finally, it works!

I would like to share my experience, hopefully it will help those who struggle like me. I ran it 2 days on my laptop, and it never work. I switch to Hack The Box Academy Parrot Attack Box, and it work at first tried.

1 Like

this pretty much explains it. using the pwnbox would have the least latency. you just have to repeat doing the right commands and removing the saved output so it doesnt continue from previous sessions.