Writeup of TryHackMe room”SQLMAP”

Jaman Ahmed

Hi there, Today I’ll discuss the TryHackMe room SQLMAP.

Question: What is the name of the interesting directory ?

First we need to start the machine and get the ip address of the website.

Now we will use nmap to recon the ip address that we got from the machine_ip.

Here we can see port 80 open in http service.

We can use another command to know more details

nmap -A -sV -sC 10.10.79.191

After completing recon we will visit the ip address in our browser…

Now I run the Gobuster tool to find any available directories. I found /blood.

gobuster dir -u http://10.10.79.191 -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt -t64

So the answer of the question “blood”

Question : Who is the current db user?

We need to visit the website and try to login and open Burpsuite to intercept the login page and save it to a db_user.txt file

Now we can use SQLMap to enumerate the Databases for Usernames, Passwords and all data that can be found in it.

To enumerate for current database we will use this command “sqlmap -r db_user.txt — current-user”

So the answer is “root”

Question: What is the final flag?

To find the answer to the question we need to enumerate the Databases we will use this command “sqlmap -r db_user.txt — dbs “

So we got some database name blood,sys and test.

Now we can search tables in the database “blood” using this command “sqlmap -r db_user.txt -D blood — tables”

So we got the tables name “blood_db,flag,users.

Now we can search the columns name using this command “sqlmap -r db_user.txt -D blood -T flag — columns”

Here we got some columns.

Now we can search the flag using this command from the columns name “flag”

Command : “sqlmap -r db_user.txt -D blood -T flag — dump”

Successfully we got the flag.

The answer is “thm{sqlm@p_is_L0ve}”