ED 103: SQLI Challenges (30 pts + 155 pts extra)


Section 1. Essential SQL Commands

First, click here to reset the server.

Try these commands to see how SQL works.

Query:

ED 103.1.1: SSN (5 pts)

The flag is Steve Jobs' SSN.

ED 103.1.2: YOUNG_MAKE (10 pts)

Find the data shown below. The flag is covered by a green box.
Hint: Use one of the queries listed above.

Section 2. Simple SQLi

First, click here to reset the server.

Search for these names:

Name:

ED 103.2.1: SSN (15 pts)

The flag is Linus' SSN.

ED 103.2.2: Password (20 pts extra)

The flag is Steve Jobs' password.

ED 103.2.3: Sqlmap on an Unprotected Target (10 pts extra)

Execute these commands to install Sqlmap on Debian 9:
sudo apt update
sudo apt install sqlmap
Use Sqlmap on this target:

http://ad.samsclass.info/sqli/chal2.php?u=x

Find the current username, covered by a green box in the image below. That's the flag.

ED 103.2.4: Sqlmap on a Protected Target (10 pts extra)

First, click here to reset the server.

Use Sqlmap on this target:

https://games.samsclass.info/sqli/chal2a.php?u=Steve%20Jobs

Find the current username, covered by a green box in the image below. That's the flag.

Hint: if you get "forbidden" errors, try randomizing the user-agent

ED 103.2.5: Sqlmap: Retrieving Data (20 pts extra)

Use Sqlmap on this target:

https://games.samsclass.info/sqli/chal2a.php?u=Steve%20Jobs

Recover the data from the tables. The flag is Steve Jobs' SSN.

ED 103.2.6: Sqlmap (20 pts extra)

Use Sqlmap on this target:

https://games.samsclass.info/sqli/chal2a.php?u=Steve%20Jobs

The flag is the number indicating the highest-privilege user.

Hint: Explore all the tables.


Section 3. Blind SQLi

First, click here to reset the server.

Try these values:

Name:

ED 103.3.1 Database Name Length (5 pts extra)

The flag is the length of the database's name.

ED 103.3.2 SSN (10 pts extra)

Try these values: The flag is the first three digits of Bill Gates' SSN.

ED 103.3.3 ID (5 pts extra)

The flag is admin's ID.

ED 103.3.4 Length (5 pts extra)

The flag is the length of Bill Gates' password.

Hint: First find BIll Gates' ID. Then guess at the name of the field and table containing passwords. Error messages will tell you if your guess is wrong.

ED 103.3.5 Bill's Password (20 pts extra)

The flag is Bill Gates' password.

ED 103.3.6 Password (30 pts extra)

The flag is admin's password.


Updated 5-20-19
Hint about user-agent added 5-21-19
Hint added to 103.3.4
Point total corrected 9-9-19
Hint added to 103.1.2 9-11-19