Extra SQLi levels

Mario Nascimento [darkarp]
6 years ago | edited 6 years ago

0

Not sure if I’m doing something against the rules but it’s not like I’m advertising since it’s something I don’t gain anything with. Anyway, I’m runing a vm with some SQLi vulnerable pages that you can exploit. There is a username and pass field the idea is to get the “Logged in” response. Here’s the address:

http://itcrash.ddns.net:8888/ or if you can’t access it: http://95.93.162.57:8888

Just browse each directory and open the html files. They are ordered in difficulty (at least according to me). Here’s the difficulty levels:

Sql1-sql3 - Basic
Sql4-Sql6 - Slightly harder
Sql7-Sql9 - Intermediate
Sql10-Sql12 - Slightly Advanced

Haven’t gotten around to adding “levels” with WAFs and such but trying to do it on my free time.
I am also going to add a cool index page to link to all the Sql Levels so it looks pretty :)
PS: I was just made aware that Sql9 is not working properly, I will fix it as soon as I can.

I just thought of doing this because this website was very little and too basic SQLi levels, with this server to the mixture you will have a lot more to practice and improve SQLi.

Enjoy ;)

Btw maybe you could post your solutions here or create another thread or not at all, I don’t know it’s going to be useful but I hope it is!

I would greatly appreciate it if you guys left some feedback whether you think it is useful or not :)

Note: I can’t guarrantee that the server will be up 100% of the time so if it is offline just try again later. also, yes that is my ip but don’t bother going off-scope as the rest of the network is secure and isolated.

37replies
8voices
349views
theMunchBox
6 years ago

1

12 SQLi levels?

Hell Yeah.

Manon.xdlol
6 years ago

1

exactly what i need to get fun
thank you

Manon.xdlol
6 years ago

1

solutions:

http://itcrash.ddns.net:8888/sql1/sql.html :

username= ‘ or 1 –
password= ’ or 1 –[/Spoiler]

http://itcrash.ddns.net:8888/sql2/sql.html :
<!- username= ‘ or 1 –
password= ’ or 1 –

http://itcrash.ddns.net:8888/sql3/sql.html :
[Spoiler]inspect (ctrl+maj+i) / open body,
maxlength=“5/”>
to maxlength=“20/” for username and password
username= ‘ or 1 –
password= ’ or 1 – -!>

i work on next


0

Nice work! I’m glad you’re enjoying it :p By the way I believe there is an issue with Sql9 but haven’t got around to fix it yet :)

L00PeR
6 years ago

0

Nice!!
I’ll check them later :)

L00PeR
6 years ago

1

@Manon.xdlol @darkarp

Found a better solution for http://itcrash.ddns.net:8888/sql3/sql.html

Username: ‘-
Password: ’-


0

Nice stuff :p


0

If you can’t access the server try with the ip: http://95.93.162.57:8888

L00PeR
6 years ago

0

Thanks for sharing with us your ip :)
(don’t worry we could got it anyway with nmap xD)

Mario Nascimento [darkarp]
6 years ago | edited 6 years ago

0

Yeah as I said it is isolated the only thing you could hack into is the VM :p

PS: You don’t need nmap a simple ping itcrash.ddns.net would have worked ;)

alien [Wild_Nature]
6 years ago | edited 6 years ago

2

Hello guys!
Here is the solution for level 4 since no one got it and I did
[Spoiler] \‘ OR 1=1– -


0

Thanks Wild Nature for doing it! Try the others as well :)

L00PeR
6 years ago | edited 6 years ago

0

nice spoiler :)
please fix that
Edit: ok already done xD

alien [Wild_Nature]
6 years ago

1

Hello guys!
Here is the solution for level 5 since no one got yet again :D
[Spoiler] user: \‘ password: ’ OR 1=1– -

L00PeR
6 years ago

0

@darkarp
Are we supposed to see what’s in the .php file?

Reply has been removed
Mario Nascimento [darkarp]
6 years ago | edited 6 years ago

0

L00PeR
Nope, you can try though :p

L00PeR
6 years ago

0

ok… so…. I think I should improve my SQL knowledge
actually I’m following a HTML5, PHP & MYSQL and JS course

the three of them at the same time B)


0

ahah that’s good stuff :)

L00PeR
6 years ago

0

@darkarp

You could manage to make some code so the people who complete the levels are written on a DB
And posting the DB every week/day


0

L00PeR
True, I could do that, only thing is I can’t know the usernames I only have access to the IPs that connect not the users on this website :p


0

Maybe what I could do is when I make the index page and links for all levels so it looks pretty I also add a text field so you can input your HackThis username and I can log tries as well

L00PeR
6 years ago | edited 6 years ago

0

Well maybe after they completed the level tou could add like a input so we could write our usernames
Edit: You type faster than me xD


0

Yeah something like that, I’ll work on it !

L00PeR
6 years ago

0

Ok good luck !!
I would help you coding but on my course we haven’t reached yet to managing DB’s :(


0

No problem :). I’ll probably take a while because I have loads of projects I’m wotking on right now

corneteiro69
6 years ago

0

good stuff will check out

Manon.xdlol
6 years ago | edited 6 years ago

0

can someone explain me the utility of the last >> -[/Spoiler] in this <!- \‘ or 1 – - and this ? [Spoiler]\’ -!>


1

Sure:

  1. The last - is because sometimes it the comment – or # will not work without you writing something afterwards, it depends on many varibles so it’s always good practice to write something in front of the final line comment while doing sql injection[/Spoiler]

    1. [Spoiler]the \‘ is used because let’s say that the php file is coded so that it tried to disable you from using quotes by entering another quote when you type a quote. So you type ’ and it becomes ‘’
      By typing \‘ you are escaping yourn own quote so that it becomes \’‘ the first quote is escaped and the second works normally.

    Just something that some programmers actually do to protect their code eitehr because they are incompetent or lazy or the company doesn’t have the resources to update it. You see these kinds of things often in old codes when SQL injection wasn’t “a thing” so it remained that way and nowadays they don’t have the resources to pay developers to fix it and/or can’t afford the downtime, etc…

L00PeR
6 years ago | edited 6 years ago

0

Perfect explanation :)
A trick for making SQL injections easier would be making some information gathering (on GitHub) and searching the .php file which checks your input, so you know how does the program work and you know how to exploit it.

Manon.xdlol
6 years ago | edited 6 years ago

0

@darkarp i’m so stupid, for the second explain i already know this, i just forget for some minutes… but thank you, really clear


0

No problem haha :)


2

Sorry for the downtime, up and runing again. Soon there will be new design and an option to put your HackThis username!

L00PeR
6 years ago

0

Nice !! :)
Try persuading @Mugiwara27 so this levels are added to the Hackthis SQLi levels so you get the “helper” medal xD

Mugi [Mugiwara27]
6 years ago

0

I’m not the one having enough power to do it, only Flabby can do it :p

But I’ll get in touch with him tho

ChrisCode333
6 years ago

1

Hey darkarp! I was checking it out, thanks a lot for these extra levels. Youre definitely doing your part to facilitate curiosity and new challenges. Pardon my possibly novice question, but would we be able to use conventional Kali tools such as sqlmap to scan the links to your SQL inputs sites? I know the link does not have the php? id= that i’m use to seeing with sites most apparently vulnerable to SQL injection. To answer my own question I must say that I dont believe it would work just because we are not actually connected to a database in your extra levels (I dont believe). If that is true, is there anyway to create a vulnerable site that SQL injection automation tools would work with?


0

You can use SQLmap for these levels as well but in a different way. You can use burp suite for instance to capture the request and save it to a txt file. And then use “sqlmap -r request.txt” and you’re set. For other levels you might also want to add some other scripts like tamper scripts and so on.

Mario Nascimento [darkarp]
6 years ago | edited 6 years ago

0

I apologise for this being down, I’ve recently taken a big turn in my professional carreer and fear I no longer have the time to update and maintain this any longer

You must be logged in to reply to this discussion. Login
1 of 38

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss