TryHackMe : Lesson Learned
Intro : It is a very Easy CTF type Machine in TryHackMe through little bit tricky. The dangerous thing of this CTF is if you type Wrong Payload your Flag will be deleted and you have to restart the Machine again :) So let’s Hack it.
Web Interface :
After visiting the given IP Address I get a Simple Login Page. In the description they tell us we have to bypass only the Login Page and mentioned not to find any Directories or Hidden Files.
Start Attack :
First I type random Username and Password. But Invalid.
Then I start entering Random SQL Injection Payload.
And it returns an Error.
It is saying we cannot use 1=1. And it also said this Payload might execute DELETE statement on our Flag. Then I try for other SQL Injection Payloads but this time it don’t returns Invalid but this Error Page again and again. I thought my Flag might be deleted so this this Error comes.
I also found a Warning Message in PortSwigger saying about same thing for SQL Injection.
Bypassed Login :
I think my Flag has been gone. So I have to restart the Machine again and visit the Web-Page and after many tries I got this Payload working only. Others are like Dead End.
Tip : ‘ union select null#
And I bypassed the Login Page and get the Flag.
Hope you learned something new.
THANKS FOR READING!
Happy Hacking~
