This a is a video walk-through of TryHackMe's Light. If you prefer a written walk-through, you can find it here: https://readysetexploit.gitlab.io/home/thm/light/
Buy Me A Coffee :)
https://www.buymeacoffee.com/hadrian3689
0:00 Intro
1:05 Starrting VPN and connecting to database
1:55 Playing with application and finding SQL injection
2:50 Manually writing out the query
4:30 Getting a successful injection
5:35 Using comments for injection but it fails
7:05 Looking into union injection
8:50 Finding and bypassing the second filter
10:15 Enumerating the database version
11:30 Confirming sqlite database
12:00 Looking into sqlite injection cheatsheet
12:50 Extracting table names
14:40 Extract columns from each table
15:55 Extracting username from table
18:30 Extracting second username from table
