first i wonder what the Admin user is ? is that case sensitive ? I only see admin and not Admin as a database user. Then is it the password hash from the password in the database ? seems so but the query only retrieves the fields name and surname and not the password column, so stuck…
also stuck in the question 4, seems to be rather an unix question.
i understood maybe wrongly that if i type 10.10.10.10; xxxxxx xxxxxx being an unix comand it will be executed ?
so the question would be what is the command to tun the flag2.sh
i tried 10.10.10.10; /home/cmd/.flag2.sh but no result, then i tried ./home/cmd/.flag2.sh , same
then i tried to redirect the output in a file and display it
so 10.10.10.10; /home/cmd/.flag2.sh > test.txt
and 10.10.10.10; cat test.txt
but no results either
also tried 10.10.10.10; echo /home/cmd//flag2.sh > /tmp/test.txt
and 10.10.10.10; cat /tmp/test.txt
hi all,
Challenge Q1. SQL Injection: What are the first 8 characters in the the password hash for the user Admin?
Any pointers on how to solve this? I am kinda stuck.
You’ll want to look at using a union query to enumerate all the columns for all the tables, then look for a password column and issue another query filtered to the administrator account.
2 Likes
@CalmQuail2332 thank you for the response. i was able to solve the challenge.
1 Like