Exploits Explored: SQL injection
Tools: BurpSuite, SQLMap
Sticking Point: Exporting captures from BurpSuite to SQLMap
Something Learned: Combining BurpSuite and SQLMap
Day 5's challenge involves breaking into Santa's forums using SQLi and dumping the database to find the hidden flag. I got stuck with this room more than the others because I wanted more experience in utilizing BurpSuite and the room describes that it's possible to export BurpSuite results into SQLMap so it'll automatically start applying SQLi. I knew I could probably manually enter the SQLi commands taught in the room to bypass the login but I really wanted to use to the tools to become more familiar with them. So I spent a long time pulling out my hair wondering where the issue was.
I ultimately ended up manually doing SQLi by commenting out the rest of the query in the username field of the login form. I think I wasn't able to use the tools because I wasn't getting back the correct response that I could use with SQLMap.
This challenge I had to refer to the how to video a couple of times to progress. I'm glad I did because I was able to use BurpSuite in conjunction with SQLMap to dump the database and I wouldn't have thought to use it there. My assumption was that SQLMap was only to bypass the login form. Despite entering the same commands as in the video my dump didn't pull all of the values I needed, like Paul's toy, but that information I was able to automatically gleam from the website itself.
I feel I understand the tactics of this room but I need more practice. I'll more than likely come back to this room in the future to get more experience and try to get a better understanding of how everything works.