THM - Light

A writeup for the room Light on TryHackMe

Welcome to the Light database application!

Light

Footprinting

The service is listening on port 1337.

It is a simple socket application that asks for a username and then returns the user’s password.

If the user doesn’t exists it returns instead an error.

nc MACHINE_IP 1337

What is the admin username?

We can try common usernames, but nothing seems to work.

Given that the challenge involves a database and we have free text input, we can check for SQL injection.

We can see that there are some filters applied to our input.

In particular, comments are not allowed at all and some words such as select and union are blocked.