Sql Leakage

MediumDigital Forensics

Overview

Our application has been found to be vulnerable to SQL injection, and as a result, a user was able to exfiltrate the admin creds and use them to login. Your task is to analyze the web server logs to find out what the exhilarated admin credentials were. FLag format: FLAG{username|password}

Lab Details

Prerequisites & Requirements

Basic understanding of SQL databases and queries
Familiarity with SQL injection concepts
Knowledge of log file analysis
Understanding of ASCII encoding and character manipulation
Basic Python scripting skills
Experience with password hash cracking tools

What will you learn?

Analyzing MySQL server logs to identify malicious activity
Recognizing boolean-based blind SQL injection patterns
Understanding time-based and error-based SQL injection exfiltration techniques
Extracting data from SQL injection logs using pattern matching
Writing Python scripts for automated data extraction from logs
Cracking bcrypt password hashes using dictionary attacks
Forensic analysis of database breach incidents

Tools

Python 3 - For scripting and log analysis
Hashcat - For password hash cracking
Text editor - For viewing and analyzing log files

Job Positions

Soc Analyst

Sql Leakage

Overview

Lab Details

Job Positions

Tags