ED 103: SQLI Challenges (205 pts)


Section 1. Essential SQL Commands

First, click here to reset the server.

Try these commands to see how SQL works.

Query:

ED 103.1.1: SSN (5 pts)

The flag is Steve Jobs' SSN.

ED 103.1.2: YOUNG_MAKE (10 pts)

Find the data shown below. The flag is covered by a green box.

Section 2. Simple SQLi

First, click here to reset the server.

Search for these names:

Name:

ED 103.2.1: SSN (15 pts)

The flag is Linus' SSN.

ED 103.2.2: Password (20 pts)

The flag is Steve Jobs' password.

ED 103.2.3: Sqlmap (10 pts)

Use Sqlmap on this target:

http://ad.samsclass.info/sqli/chal2.php?u=x

The flag is the username, covered by a green box in the image below.

Hint: if you get "forbidden" errors, try randomizing the user-agent

ED 103.2.4: Sqlmap (20 pts)

First, click here to reset the server.

Use Sqlmap on this target:

https://games.samsclass.info/sqli/chal2a.php?u=Steve%20Jobs

The flag is in the output, covered by a green box in the image below.

Warning: I used version {1.3#stable} -- a later version may not show the flag value.

ED 103.2.5: Sqlmap (20 pts)

Use Sqlmap on this target:

https://games.samsclass.info/sqli/chal2a.php?u=Steve%20Jobs

The flag is Steve Jobs' SSN.

ED 103.2.6: Sqlmap (20 pts)

Use Sqlmap on this target:

https://games.samsclass.info/sqli/chal2a.php?u=Steve%20Jobs

The flag is the number indicating the highest-privilege user.


Section 3. Blind SQLi

First, click here to reset the server.

Try these values:

Name:

ED 103.3.1 Database Name Length (5 pts)

The flag is the length of the database's name.

ED 103.3.2 SSN (10 pts)

Try these values: The flag is the first three digits of Bill Gates' SSN.

ED 103.3.3 ID (5 pts)

The flag is admin's ID.

ED 103.3.4 Length (5 pts)

The flag is the length of Bill Gates' password.

ED 103.3.5 Bill's Password (20 pts)

The flag is Bill Gates' password.

ED 103.3.6 Password (30 pts)

The flag is admin's password.


Updated 5-20-19
Hint about user-agent added 5-21-19