SQL Injection in Search Fields | TryHackMe Cybercrafted Minecraft CTF

In this post, we covered SQL injection in search forms and performed Linux privilege escalation on the screen app. This was part of TryHackMe Cybercrafted room where we pawned a Minecraft server.

Get OSCP Certificate Notes

Task Answers

How many ports are open?
3
What service runs on the highest port?

minecraft
Any subdomains? (Alphabetical order)

admin store www
On what page did you find the vulnerability?

search.php
What is the admin’s username? (Case-sensitive)

xXUltimateCreeperXx
What is the web flag?

THM{bbe315906038c3a62d9b195001f75008}
Can you get the Minecraft server flag?

THM{ba93767ae3db9f5b8399680040a0c99e}
What is the name of the sketchy plugin?

LoginSystem
What is the user’s flag?

THM{b4aa20aaf08f174473ab0325b24a45ca}
Finish the job and give me the root flag!
THM{8bb1eda065ceefb5795a245568350a70}

Video Walkthrough

CTF Writeups, OWASP, Penetration Testing, sql inection, tryhackme

Show Comments

MasterMind Study Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles

Press ESC to close

SQL Injection in Search Fields | TryHackMe Cybercrafted Minecraft CTF

Leave a Reply Cancel reply

MasterMind Study Notes

About the Author

Share Article:

You might also like

OffSec Proving Grounds: Crane Walkthrough | OSCP Prep

HackTheBox Spookypass Challenge Writeup

HackTheBox Permx Writeup