I'm learning SQL-injection (and SQL in the first place) by playing a CTF. I'm using sqlmap
and have for my target IP so far found:
Uses: MySQL, PHP
2 databases:
information_schema
users
1 table in users database:
user
if I dump the user
table in the users
database I get:
+------------------------------+----------+
| name | username |
+------------------------------+----------+
| YouWillNeverCrakThisPassword | nochance |
| Jack Bob | jack |
| Bill Sims | bill |
| Bob Browne | Bob |
+------------------------------+----------+
But there isn't any password hashes for me to try and crack. In the tutorial I've been following this is where the hashes were.
Any idea where the password hashes might be? Do they have to be somewhere? I don't know much about the schema, but I didn't really see anything in there.