Academy Sql injection assessment

I have found the injection is time-based blind injection, I haved tried to write common directory, but find nothing. Any advice??

Comments

  • edited February 14

    @BenchDing said:
    I have found the injection is time-based blind injection, I haved tried to write common directory, but find nothing. Any advice??

    It isn't a blind sqli. First you have to login and then you can do the sqli like the previous sections in the module.

  • Thanks, I have got the flag.
  • Guys, I am a noob, can anyone please tell me how to get past the logon page, not looking for a spoon feed, but can you please point me in a direction?

  • Type your comment> @rptester said:

    Guys, I am a noob, can anyone please tell me how to get past the logon page, not looking for a spoon feed, but can you please point me in a direction?

    Bypass the login.

  • ok, I will write here what I tried. I tried to use gobuster and dirbuster - may be I did something wrong, but couldnt get to anything thing other than dashboard and config, but they were empty for me.

    Using Hydra to bruteforce the admin username with rockyou password.

    tried common php files such as info.php, register.php etc no luck

    how can I bypass the login? any pointers or hints please?

  • got it, BenchDing, that was a good hint.

  • I'm confused because by reading the comments I get the feeling that its seems to be pretty obvious.

    First I also was sure its a blind SQLi an I enumerated 3 tables in 2 DB's but ended up with an MD5 hash (still running hashcat, but dont have faith^^).

    Then I interpreted the hint "Try to read files you know to find a location you can write to" that it has to be about a remote shell.

    But now I read that "bypassing the login" is a great tip. And now I'm much more confused xD.
    I'll keep trying - maybe my info will save other users some time

Sign In to comment.