Dashboard Articles Playground Discussions More
Follow

Extra SQLi levels

Mario Nascimento [darkarp]
7 years ago | edited 7 years ago

0

Not sure if I’m doing something against the rules but it’s not like I’m advertising since it’s something I don’t gain anything with. Anyway, I’m runing a vm with some SQLi vulnerable pages that you can exploit. There is a username and pass field the idea is to get the “Logged in” response. Here’s the address:

http://itcrash.ddns.net:8888/ or if you can’t access it: http://95.93.162.57:8888

Just browse each directory and open the html files. They are ordered in difficulty (at least according to me). Here’s the difficulty levels:

Sql1-sql3 - Basic
Sql4-Sql6 - Slightly harder
Sql7-Sql9 - Intermediate
Sql10-Sql12 - Slightly Advanced

Haven’t gotten around to adding “levels” with WAFs and such but trying to do it on my free time.
I am also going to add a cool index page to link to all the Sql Levels so it looks pretty :)
PS: I was just made aware that Sql9 is not working properly, I will fix it as soon as I can.

I just thought of doing this because this website was very little and too basic SQLi levels, with this server to the mixture you will have a lot more to practice and improve SQLi.

Enjoy ;)

Btw maybe you could post your solutions here or create another thread or not at all, I don’t know it’s going to be useful but I hope it is!

I would greatly appreciate it if you guys left some feedback whether you think it is useful or not :)

Note: I can’t guarrantee that the server will be up 100% of the time so if it is offline just try again later. also, yes that is my ip but don’t bother going off-scope as the rest of the network is secure and isolated.

 

“You can patch a security vulnerability on a computer but there is no patch for stupidity or, rather, guilibility.”

37replies
8voices
371views
theMunchBox
7 years ago

1

12 SQLi levels?

Hell Yeah.

Manon.xdlol
7 years ago

1

exactly what i need to get fun
thank you

 

non

Manon.xdlol
7 years ago

1

solutions:

http://itcrash.ddns.net:8888/sql1/sql.html :

username= ‘ or 1 –
password= ’ or 1 –[/Spoiler]

http://itcrash.ddns.net:8888/sql2/sql.html :
<!- username= ‘ or 1 –
password= ’ or 1 –

http://itcrash.ddns.net:8888/sql3/sql.html :
[Spoiler]inspect (ctrl+maj+i) / open body,
maxlength=“5/”>
to maxlength=“20/” for username and password
username= ‘ or 1 –
password= ’ or 1 – -!>

i work on next

 

non

Mario Nascimento [darkarp]
7 years ago

0

Nice work! I’m glad you’re enjoying it :p By the way I believe there is an issue with Sql9 but haven’t got around to fix it yet :)

 

“You can patch a security vulnerability on a computer but there is no patch for stupidity or, rather, guilibility.”

L00PeR
7 years ago

0

Nice!!
I’ll check them later :)

 

Human Stupidity , thats why Hackers always win.
? Med Amine Khelifi

L00PeR
7 years ago

1

@Manon.xdlol @darkarp

Found a better solution for http://itcrash.ddns.net:8888/sql3/sql.html

Username: ‘-
Password: ’-

 

Human Stupidity , thats why Hackers always win.
? Med Amine Khelifi

Mario Nascimento [darkarp]
7 years ago

0

Nice stuff :p

 

“You can patch a security vulnerability on a computer but there is no patch for stupidity or, rather, guilibility.”

Mario Nascimento [darkarp]
7 years ago

0

If you can’t access the server try with the ip: http://95.93.162.57:8888

 

“You can patch a security vulnerability on a computer but there is no patch for stupidity or, rather, guilibility.”

L00PeR
7 years ago

0

Thanks for sharing with us your ip :)
(don’t worry we could got it anyway with nmap xD)

 

Human Stupidity , thats why Hackers always win.
? Med Amine Khelifi

Mario Nascimento [darkarp]
7 years ago | edited 7 years ago

0

Yeah as I said it is isolated the only thing you could hack into is the VM :p

PS: You don’t need nmap a simple ping itcrash.ddns.net would have worked ;)

 

“You can patch a security vulnerability on a computer but there is no patch for stupidity or, rather, guilibility.”

alien [Wild_Nature]
7 years ago | edited 7 years ago

2

Hello guys!
Here is the solution for level 4 since no one got it and I did
[Spoiler] \‘ OR 1=1– -

 

No man has a good enough memory to be a successful liar.

Mario Nascimento [darkarp]
7 years ago

0

Thanks Wild Nature for doing it! Try the others as well :)

 

“You can patch a security vulnerability on a computer but there is no patch for stupidity or, rather, guilibility.”

L00PeR
7 years ago | edited 7 years ago

0

nice spoiler :)
please fix that
Edit: ok already done xD

 

Human Stupidity , thats why Hackers always win.
? Med Amine Khelifi

alien [Wild_Nature]
7 years ago

1

Hello guys!
Here is the solution for level 5 since no one got yet again :D
[Spoiler] user: \‘ password: ’ OR 1=1– -

 

No man has a good enough memory to be a successful liar.

L00PeR
7 years ago

0

@darkarp
Are we supposed to see what’s in the .php file?

 

Human Stupidity , thats why Hackers always win.
? Med Amine Khelifi

Reply has been removed
Mario Nascimento [darkarp]
7 years ago | edited 7 years ago

0

L00PeR
Nope, you can try though :p

 

“You can patch a security vulnerability on a computer but there is no patch for stupidity or, rather, guilibility.”

L00PeR
7 years ago

0

ok… so…. I think I should improve my SQL knowledge
actually I’m following a HTML5, PHP & MYSQL and JS course

the three of them at the same time B)

 

Human Stupidity , thats why Hackers always win.
? Med Amine Khelifi

Mario Nascimento [darkarp]
7 years ago

0

ahah that’s good stuff :)

 

“You can patch a security vulnerability on a computer but there is no patch for stupidity or, rather, guilibility.”

L00PeR
7 years ago

0

@darkarp

You could manage to make some code so the people who complete the levels are written on a DB
And posting the DB every week/day

 

Human Stupidity , thats why Hackers always win.
? Med Amine Khelifi

Mario Nascimento [darkarp]
7 years ago

0

L00PeR
True, I could do that, only thing is I can’t know the usernames I only have access to the IPs that connect not the users on this website :p

 

“You can patch a security vulnerability on a computer but there is no patch for stupidity or, rather, guilibility.”

Mario Nascimento [darkarp]
7 years ago

0

Maybe what I could do is when I make the index page and links for all levels so it looks pretty I also add a text field so you can input your HackThis username and I can log tries as well

 

“You can patch a security vulnerability on a computer but there is no patch for stupidity or, rather, guilibility.”

L00PeR
7 years ago | edited 7 years ago

0

Well maybe after they completed the level tou could add like a input so we could write our usernames
Edit: You type faster than me xD

 

Human Stupidity , thats why Hackers always win.
? Med Amine Khelifi

Mario Nascimento [darkarp]
7 years ago

0

Yeah something like that, I’ll work on it !

 

“You can patch a security vulnerability on a computer but there is no patch for stupidity or, rather, guilibility.”

L00PeR
7 years ago

0

Ok good luck !!
I would help you coding but on my course we haven’t reached yet to managing DB’s :(

 

Human Stupidity , thats why Hackers always win.
? Med Amine Khelifi

Mario Nascimento [darkarp]
7 years ago

0

No problem :). I’ll probably take a while because I have loads of projects I’m wotking on right now

 

“You can patch a security vulnerability on a computer but there is no patch for stupidity or, rather, guilibility.”

corneteiro69
7 years ago

0

good stuff will check out

Manon.xdlol
7 years ago | edited 7 years ago

0

can someone explain me the utility of the last >> -[/Spoiler] in this <!- \‘ or 1 – - and this ? [Spoiler]\’ -!>

 

non

Mario Nascimento [darkarp]
7 years ago

1

Sure:

  1. The last - is because sometimes it the comment – or # will not work without you writing something afterwards, it depends on many varibles so it’s always good practice to write something in front of the final line comment while doing sql injection[/Spoiler]

    1. [Spoiler]the \‘ is used because let’s say that the php file is coded so that it tried to disable you from using quotes by entering another quote when you type a quote. So you type ’ and it becomes ‘’
      By typing \‘ you are escaping yourn own quote so that it becomes \’‘ the first quote is escaped and the second works normally.

    Just something that some programmers actually do to protect their code eitehr because they are incompetent or lazy or the company doesn’t have the resources to update it. You see these kinds of things often in old codes when SQL injection wasn’t “a thing” so it remained that way and nowadays they don’t have the resources to pay developers to fix it and/or can’t afford the downtime, etc…

 

“You can patch a security vulnerability on a computer but there is no patch for stupidity or, rather, guilibility.”

L00PeR
7 years ago | edited 7 years ago

0

Perfect explanation :)
A trick for making SQL injections easier would be making some information gathering (on GitHub) and searching the .php file which checks your input, so you know how does the program work and you know how to exploit it.

 

Human Stupidity , thats why Hackers always win.
? Med Amine Khelifi

Manon.xdlol
7 years ago | edited 7 years ago

0

@darkarp i’m so stupid, for the second explain i already know this, i just forget for some minutes… but thank you, really clear

 

non

Mario Nascimento [darkarp]
7 years ago

0

No problem haha :)

 

“You can patch a security vulnerability on a computer but there is no patch for stupidity or, rather, guilibility.”

Mario Nascimento [darkarp]
7 years ago

2

Sorry for the downtime, up and runing again. Soon there will be new design and an option to put your HackThis username!

 

“You can patch a security vulnerability on a computer but there is no patch for stupidity or, rather, guilibility.”

L00PeR
7 years ago

0

Nice !! :)
Try persuading @Mugiwara27 so this levels are added to the Hackthis SQLi levels so you get the “helper” medal xD

 

Human Stupidity , thats why Hackers always win.
? Med Amine Khelifi

Mugi [Mugiwara27]
7 years ago

0

I’m not the one having enough power to do it, only Flabby can do it :p

But I’ll get in touch with him tho

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘\’‘ at line 1

ChrisCode333
7 years ago

1

Hey darkarp! I was checking it out, thanks a lot for these extra levels. Youre definitely doing your part to facilitate curiosity and new challenges. Pardon my possibly novice question, but would we be able to use conventional Kali tools such as sqlmap to scan the links to your SQL inputs sites? I know the link does not have the php? id= that i’m use to seeing with sites most apparently vulnerable to SQL injection. To answer my own question I must say that I dont believe it would work just because we are not actually connected to a database in your extra levels (I dont believe). If that is true, is there anyway to create a vulnerable site that SQL injection automation tools would work with?

Mario Nascimento [darkarp]
7 years ago

0

You can use SQLmap for these levels as well but in a different way. You can use burp suite for instance to capture the request and save it to a txt file. And then use “sqlmap -r request.txt” and you’re set. For other levels you might also want to add some other scripts like tamper scripts and so on.

 

“You can patch a security vulnerability on a computer but there is no patch for stupidity or, rather, guilibility.”

Mario Nascimento [darkarp]
7 years ago | edited 7 years ago

0

I apologise for this being down, I’ve recently taken a big turn in my professional carreer and fear I no longer have the time to update and maintain this any longer

 

“You can patch a security vulnerability on a computer but there is no patch for stupidity or, rather, guilibility.”

You must be logged in to reply to this discussion. Login
1 of 38

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss