Advanced SQL Injection Tryhackme Writeup
TryHackMe’s Advanced SQL Injection lab expands your SQL injection skillset by delving into advanced techniques that bypass common web application defenses. Whereas the fundamental SQL Injection Lab focused on core concepts, this room dives deeper into methods that attackers leverage in real-world scenarios. https://tryhackme.com/r/room/advancedsqlinjection
Answers for the room:
Task 1
- What is the port on which MySQL service is running?
Ans: 3306
Task 2
2) What type of SQL injection uses the same communication channel for both the injection and data retrieval?
Ans: In-band
3) In out-of-band SQL injection, which protocol is usually used to send query results to the attacker’s server?
Ans: HTTP
Task 3
4) What is the flag value after updating the title of all books to “compromised”?
Ans: THM{SO_HACKED}
5) What is the flag value once you drop the table hello from the database?
Ans: THM{Table_Dropped}
Task 4
6) What is the MySQL error code once an invalid query is entered with bad characters?
Ans: 1064
7) What is the name of the book where book ID=6?
Ans: Animal Series
Task 5
8) What is the password for the username “attacker”?
Ans: tesla
9) Which of the following can be used if the SELECT keyword is banned? Write the correct option only.
Ans: c
Task 6
10) What is the output of the @@version on the MySQL server?
Ans: 10.4.24-MariaDB
11) What is the value of @@basedir variable?
Ans: C:/xampp/mysql
Task 7
12) What is the value of the flag field in the books table where book_id =1?
Ans: THM{HELLO}
13) What field is detected on the server side when extracting the user agent?
Ans: User-Agent
Task 8
14) Does the dynamic nature of SQL queries assist a pentester in identifying SQL injection (yea/nay)?
Ans: nay
Task 9
15) What command does MSSQL support to execute system commands?
Ans: xp_cmdshell
Task 10
16) I have successfully completed the room.
Ans: No Answer needed
Note I do not have a twitter account my only way of contact is https://www.linkedin.com/in/clumsy/
