College Exams are over and the results are out! ABC University had released the exam results on the portal developed by their college students.

One of the student found that the portal was vulnerable to Union-based SQL Injection!

Note: The backend database is SQLite.

Objective: Leverage the vulnerability to determine the SQLite version and the dump flag from the database!

Instructions:

• This lab is dedicated to you! No other users are on this network :)
• Once you start the lab, you will have access to a Kali GUI instance.
• Your Kali instance has an interface with IP address 192.X.Y.2. Run "ifconfig" to know the values of X and Y.
• The webapp should be running on port 5000 on the machine located at the IP address 192.X.Y.3.
• Do not attack the gateway located at IP address 192.X.Y.1

The solution for this lab can be found in the following manual: https://assets.ine.com/labs/ad-manuals/walkthrough-2006.pdf