What is SQL Injection?

SQL Injection, or SQLi, is a type of an attack on a SQL database through injecting code through user input. Databases can store very important and sensitive information, such as credit card data or username's and passwords'. Normally this information is protected, hidden away, and inaccessible to the general public, but when a hacker can execute commands through common user input, they then can gain access to the database to retrieve, change, or delete data. Hackers can, and have, even locked out owners from their own databases!

Essentially an attacker passes SQL code through user input, allowing an attacker to view, edit, or delete data in a database. This typically happens when user input is not cleaned and validated, preventing the input from passing malicious code.

How to HackMe

Enter the string 'OR''=' as both user name and password. This should get you logged in as a user (thompsonk - the first user in the table). This tells you that Ken Thompson is a user and it allows you to access his account - but it does not tell you his password.

Find out if Ken's password includes the letter 'q'. Enter xxx as user name and enter the following string as the password:

' OR EXISTS(SELECT * FROM users WHERE username='thompsonk' AND password LIKE '%q%') AND ''='

Find out if Ken's password has 'q' as the third letter. Enter xxx as user name and enter the following string as the password:

' OR EXISTS(SELECT * FROM users WHERE username='thompsonk' AND password LIKE '__q%') AND ''='

You should be able to see that you can guess every character in the password, but only one at a time. A way to speed up this process is to created code to do the work for you.

With this guessing method, can you figure out Ken's password and login the "Hardened" site?

Hack me and find out Ken's password.

Hint: Its a famous 9 character password...