Room: https://tryhackme.com/room/lessonlearned
THM Rating: Easy
Actual Rating: Easy
Summary:
The TryHackMe room ‘Lesson Learned?’ is a quick easy box to test your skills with SQLi. The lesson to learn is not using OR 1=1 as you will see shortly. The webpage has a http login that we need to bypass in order to get the flag.
Start your box and go the website on port 80. http[:]//yourboxip
This is the Login we need to bypass. If you enter the a payload that contains OR 1=1 then the login will no longer work and you will need to restart the box. You will receive the image below as a lesson learned!
The error message says to be like SQLmap which can also cause the same output depending on your command.
I went over to Hacktricks https://book.hacktricks.xyz/pentesting-web/sql-injection and started looking for payloads without OR 1=1.
After using the payload 1' UNION SELECT null— — — in the Username and any value in the Password, I received the flag.
Flag: THM{aab02c6b76bb752456a54c80c2d6fb1e}