TryHackMe Labs

SQL Injection Port Swigger LABS

🚨 TYPES OF SQLI🚨

First, We Will Need the Basics of Databases 📚

Before diving into SQL injection, let's start by setting up MySQL on Kali Linux. 🐧💻

Installing MySQL on Kali Linux 🔧

sudo su 
apt install default-mysql-server
systemctl enable mysql
systemctl start mysql
mysql -u root
# we will add password for our mysql server 
MariaDB [(none)]>  ALTER USER 'root'@'localhost' IDENTIFIED BY 'PASSWORD_HERE';
# add your password in this command. now we have user: root / password: 12345@
# To connect our server
mysql -u root -p
# To show database
MariaDB [(none)]> show databases ;
# it will show default databases
use + [Database_Name] # it will go to the database we need to use
show tables # will show tables in DB
describe + Table_Name # describtion for this table [rows,columns,Type,...]

What is VARCHAR(30)? 🧐

• VARCHAR stands for Variable Character. It is a data type used to store text (strings) in a database.
• (30) indicates the maximum number of characters allowed for the string. So, VARCHAR(30) means the column can hold up to 30 characters in length.

Key Points:

• VARCHAR is for strings or text data.
• (30) represents the maximum length of the string that can be stored. In this case, it can store up to 30 characters.
• If you store a string with fewer than 30 characters, MySQL will use only the necessary space, unlike CHAR (a fixed-length data type).

We entered in session table and look at details

**We need to use some commands. i suggest for you learn mysql from https://www.w3schools.com/MySQL/default.asp**

1- How To create Database ?

create database test;
show databases;
use test
-- we need to create tables in this database
-- Note : To create table you will create columns and table at the same time
create table table_name(
	username varchar(30),
	password varchar(15),
	FirstName varchar(25),
	lastName varchar(25),
	mobilePhone int,
	ID int
	);
	describe username;