Member-only story
Light: TryHackMe Answers
Room Introduction: “I am working on a database application called Light! Would you like to try it out?
If so, the application is running on port 1337. You can connect to it usingnc 10.10.254.202 1337.
You can use the usernamesmokeyin order to get started.” This hands-on setup provides an excellent opportunity to interact with a functional database application and practice fundamental cybersecurity techniques.
Introduction:
Platforms like TryHackMe offer an array of such exercises, each designed to simulate real-world scenarios and vulnerabilities. This blog post focuses on one such challenge — the Light database application. By diving into its setup and resolving its vulnerabilities, participants can gain invaluable hands-on experience.
Read my Tryhackme Lo-Fi Writeup at: Lo-Fi: TryHackMe Writeup.. Tackling the Lo-Fi TryHackMe room… | by Ansul Kotadia | Jan, 2025 | Medium
Questions:
#1.1 What is the admin username?
During exploration, enumeration techniques revealed the admin username. For instance, using the payload:
smokey’ Union Select username FROM admintable WHERE username like ‘%Answer: TryHackMeAdmin
#1.2 What is the password to the username mentioned in question
Answer: mamZtAuMlrsEy5bp6q17
#1.3 What is the flag?
Answer: THM{SQLit3_InJ3cTion_is_SimplE_nO?}
Thank you! 🎉
