Database Version - KnightCTF 2022

As you can guess, The question asked you for the Database version. So to make things easy you need to focus on sql injection attack only. I will share my approach to how I can solve when I know what I am looking for

1. In wireshark, I search for strings and continuously checkout the info section. This is the important part for the packet summary.
2. If you are familiar with manual SQL injection then you definitely know that the attacker find some parameter and then pass the SQL code in it. So in general we need to check for the http request with sql command.
3. Now you guessed it, what kind of packet you need to analysis. Now make it clear and vivid. Search for "select" keyword. Because in SQL it is the most used keyword for query. Now hop through the matched request and eventually you will find a SQL injection where version() is used.
4. Now you find the exact packet what you need to look for. The final step is to inspect that requests corresponding response. And you will find your answer.

for complete beginner here are some instruction: In the info section of your wireshark, begin with GET, POST are the request packet. And begin with number like 200, 302, 404 are the server response. So request comes first and beneath it, you will find its corresponding response. And to find the answer dont use TCP stream otherwise you will lost. As you find the exact packet, the best way to inspect it is to look for the "Lined-Based text data" in your packet details section. You will find the template html and the flag in H1 tag. remember only check the packets with http protocol. Have a nice day. GOOD LUCK