> ## Documentation Index
> Fetch the complete documentation index at: https://rootea.es/llms.txt
> Use this file to discover all available pages before exploring further.

# SQL Injection

> Cross-platform resources for SQL Injection: curated HTB machines, PortSwigger labs and TryHackMe rooms with validated writeups and related skills.

# SQL Injection

This page aggregates **cross-platform resources to practice SQL Injection**: retired Hack The Box machines, PortSwigger Web Security Academy labs and TryHackMe rooms, plus curated resources (HackTricks, PortSwigger, etc.) and related skills.

## Curated resources

| Source      | Link                                                                                                                                               |
| ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------- |
| HackTricks  | [https://book.hacktricks.wiki/en/pentesting-web/sql-injection/index.html](https://book.hacktricks.wiki/en/pentesting-web/sql-injection/index.html) |
| PortSwigger | [https://portswigger.net/web-security/sql-injection](https://portswigger.net/web-security/sql-injection)                                           |

## HTB machines practicing SQL Injection (36)

| Machine                                                     | OS      | Difficulty                                           |
| ----------------------------------------------------------- | ------- | ---------------------------------------------------- |
| [Altered](/en/htb/machines/linux/dificil/altered)           | Linux   | <span className="dbadge dbadge-hard">HARD</span>     |
| [Bankrobber](/en/htb/machines/windows/insano/bankrobber)    | Windows | <span className="dbadge dbadge-insane">INSANE</span> |
| [Bastard](/en/htb/machines/windows/medio/bastard)           | Windows | <span className="dbadge dbadge-medium">MEDIUM</span> |
| [Breadcrumbs](/en/htb/machines/windows/dificil/breadcrumbs) | Windows | <span className="dbadge dbadge-hard">HARD</span>     |
| [Cache](/en/htb/machines/linux/medio/cache)                 | Linux   | <span className="dbadge dbadge-medium">MEDIUM</span> |
| [Cascade](/en/htb/machines/windows/medio/cascade)           | Windows | <span className="dbadge dbadge-medium">MEDIUM</span> |
| [Catch](/en/htb/machines/linux/medio/catch)                 | Linux   | <span className="dbadge dbadge-medium">MEDIUM</span> |
| [Charon](/en/htb/machines/linux/dificil/charon)             | Linux   | <span className="dbadge dbadge-hard">HARD</span>     |
| [Control](/en/htb/machines/windows/dificil/control)         | Windows | <span className="dbadge dbadge-hard">HARD</span>     |
| [Cronos](/en/htb/machines/linux/medio/cronos)               | Linux   | <span className="dbadge dbadge-medium">MEDIUM</span> |
| [EarlyAccess](/en/htb/machines/linux/dificil/earlyaccess)   | Linux   | <span className="dbadge dbadge-hard">HARD</span>     |
| [Enterprise](/en/htb/machines/linux/medio/enterprise)       | Linux   | <span className="dbadge dbadge-medium">MEDIUM</span> |
| [Europa](/en/htb/machines/linux/medio/europa)               | Linux   | <span className="dbadge dbadge-medium">MEDIUM</span> |
| [Falafel](/en/htb/machines/linux/dificil/falafel)           | Linux   | <span className="dbadge dbadge-hard">HARD</span>     |
| [Fighter](/en/htb/machines/windows/insano/fighter)          | Windows | <span className="dbadge dbadge-insane">INSANE</span> |
| [Flujab](/en/htb/machines/linux/dificil/flujab)             | Linux   | <span className="dbadge dbadge-hard">HARD</span>     |
| [Giddy](/en/htb/machines/windows/medio/giddy)               | Windows | <span className="dbadge dbadge-medium">MEDIUM</span> |
| [GoodGames](/en/htb/machines/linux/facil/goodgames)         | Linux   | <span className="dbadge dbadge-easy">EASY</span>     |
| [Holiday](/en/htb/machines/linux/dificil/holiday)           | Linux   | <span className="dbadge dbadge-hard">HARD</span>     |
| [Mango](/en/htb/machines/linux/medio/mango)                 | Linux   | <span className="dbadge dbadge-medium">MEDIUM</span> |
| [MultiMaster](/en/htb/machines/windows/insano/multimaster)  | Windows | <span className="dbadge dbadge-insane">INSANE</span> |
| [Nightmare](/en/htb/machines/linux/insano/nightmare)        | Linux   | <span className="dbadge dbadge-insane">INSANE</span> |
| [NodeBlog](/en/htb/machines/linux/facil/nodeblog)           | Linux   | <span className="dbadge dbadge-easy">EASY</span>     |
| [Overflow](/en/htb/machines/linux/dificil/overflow)         | Linux   | <span className="dbadge dbadge-hard">HARD</span>     |
| [OverGraph](/en/htb/machines/linux/dificil/overgraph)       | Linux   | <span className="dbadge dbadge-hard">HARD</span>     |
| [Oz](/en/htb/machines/linux/dificil/oz)                     | Linux   | <span className="dbadge dbadge-hard">HARD</span>     |
| [Pandora](/en/htb/machines/linux/facil/pandora)             | Linux   | <span className="dbadge dbadge-easy">EASY</span>     |
| [Phoenix](/en/htb/machines/linux/dificil/phoenix)           | Linux   | <span className="dbadge dbadge-hard">HARD</span>     |
| [Scavenger](/en/htb/machines/linux/dificil/scavenger)       | Linux   | <span className="dbadge dbadge-hard">HARD</span>     |
| [SecNotes](/en/htb/machines/windows/medio/secnotes)         | Windows | <span className="dbadge dbadge-medium">MEDIUM</span> |
| [StreamIO](/en/htb/machines/windows/medio/streamio)         | Windows | <span className="dbadge dbadge-medium">MEDIUM</span> |
| [Toolbox](/en/htb/machines/windows/facil/toolbox)           | Windows | <span className="dbadge dbadge-easy">EASY</span>     |
| [Union](/en/htb/machines/linux/medio/union)                 | Linux   | <span className="dbadge dbadge-medium">MEDIUM</span> |
| [Validation](/en/htb/machines/linux/facil/validation)       | Linux   | <span className="dbadge dbadge-easy">EASY</span>     |
| [Writer](/en/htb/machines/linux/medio/writer)               | Linux   | <span className="dbadge dbadge-medium">MEDIUM</span> |
| [Zetta](/en/htb/machines/linux/dificil/zetta)               | Linux   | <span className="dbadge dbadge-hard">HARD</span>     |

## PortSwigger labs practicing SQL Injection (22)

| Lab                                                                                                                                                                                        | Difficulty                                                 | Topic           | Official                                                                                                                        |
| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------- | --------------- | ------------------------------------------------------------------------------------------------------------------------------- |
| [Detecting NoSQL injection](/en/portswigger/labs/nosql-injection/nosql-injection-detection)                                                                                                | <span className="dbadge dbadge-easy">APPRENTICE</span>     | NoSQL Injection | [Open](https://portswigger.net/web-security/nosql-injection/lab-nosql-injection-detection)                                      |
| [Exploiting NoSQL operator injection to bypass authentication](/en/portswigger/labs/nosql-injection/nosql-injection-bypass-authentication)                                                 | <span className="dbadge dbadge-easy">APPRENTICE</span>     | NoSQL Injection | [Open](https://portswigger.net/web-security/nosql-injection/lab-nosql-injection-bypass-authentication)                          |
| [SQL injection vulnerability allowing login bypass](/en/portswigger/labs/sql-injection/login-bypass)                                                                                       | <span className="dbadge dbadge-easy">APPRENTICE</span>     | SQL Injection   | [Open](https://portswigger.net/web-security/sql-injection/lab-login-bypass)                                                     |
| [SQL injection vulnerability in WHERE clause allowing retrieval of hidden data](/en/portswigger/labs/sql-injection/retrieve-hidden-data)                                                   | <span className="dbadge dbadge-easy">APPRENTICE</span>     | SQL Injection   | [Open](https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data)                                             |
| [Blind SQL injection with conditional errors](/en/portswigger/labs/sql-injection/blind-conditional-errors)                                                                                 | <span className="dbadge dbadge-medium">PRACTITIONER</span> | SQL Injection   | [Open](https://portswigger.net/web-security/sql-injection/blind/lab-conditional-errors)                                         |
| [Blind SQL injection with conditional responses](/en/portswigger/labs/sql-injection/blind-conditional-responses)                                                                           | <span className="dbadge dbadge-medium">PRACTITIONER</span> | SQL Injection   | [Open](https://portswigger.net/web-security/sql-injection/blind/lab-conditional-responses)                                      |
| [Blind SQL injection with out-of-band data exfiltration](/en/portswigger/labs/sql-injection/blind-out-of-band-data-exfiltration)                                                           | <span className="dbadge dbadge-medium">PRACTITIONER</span> | SQL Injection   | [Open](https://portswigger.net/web-security/sql-injection/blind/lab-out-of-band-data-exfiltration)                              |
| [Blind SQL injection with out-of-band interaction](/en/portswigger/labs/sql-injection/blind-out-of-band)                                                                                   | <span className="dbadge dbadge-medium">PRACTITIONER</span> | SQL Injection   | [Open](https://portswigger.net/web-security/sql-injection/blind/lab-out-of-band)                                                |
| [Blind SQL injection with time delays](/en/portswigger/labs/sql-injection/blind-time-delays)                                                                                               | <span className="dbadge dbadge-medium">PRACTITIONER</span> | SQL Injection   | [Open](https://portswigger.net/web-security/sql-injection/blind/lab-time-delays)                                                |
| [Blind SQL injection with time delays and information retrieval](/en/portswigger/labs/sql-injection/blind-time-delays-info-retrieval)                                                      | <span className="dbadge dbadge-medium">PRACTITIONER</span> | SQL Injection   | [Open](https://portswigger.net/web-security/sql-injection/blind/lab-time-delays-info-retrieval)                                 |
| [Exploiting NoSQL injection to extract data](/en/portswigger/labs/nosql-injection/nosql-injection-extract-data)                                                                            | <span className="dbadge dbadge-medium">PRACTITIONER</span> | NoSQL Injection | [Open](https://portswigger.net/web-security/nosql-injection/lab-nosql-injection-extract-data)                                   |
| [Exploiting NoSQL operator injection to extract unknown fields](/en/portswigger/labs/nosql-injection/nosql-injection-extract-unknown-fields)                                               | <span className="dbadge dbadge-medium">PRACTITIONER</span> | NoSQL Injection | [Open](https://portswigger.net/web-security/nosql-injection/lab-nosql-injection-extract-unknown-fields)                         |
| [SQL injection attack, listing the database contents on non-Oracle databases](/en/portswigger/labs/sql-injection/examining-the-database-listing-database-contents-non-oracle)              | <span className="dbadge dbadge-medium">PRACTITIONER</span> | SQL Injection   | [Open](https://portswigger.net/web-security/sql-injection/examining-the-database/lab-listing-database-contents-non-oracle)      |
| [SQL injection attack, listing the database contents on Oracle](/en/portswigger/labs/sql-injection/examining-the-database-listing-database-contents-oracle)                                | <span className="dbadge dbadge-medium">PRACTITIONER</span> | SQL Injection   | [Open](https://portswigger.net/web-security/sql-injection/examining-the-database/lab-listing-database-contents-oracle)          |
| [SQL injection attack, querying the database type and version on MySQL and Microsoft](/en/portswigger/labs/sql-injection/examining-the-database-querying-database-version-mysql-microsoft) | <span className="dbadge dbadge-medium">PRACTITIONER</span> | SQL Injection   | [Open](https://portswigger.net/web-security/sql-injection/examining-the-database/lab-querying-database-version-mysql-microsoft) |
| [SQL injection attack, querying the database type and version on Oracle](/en/portswigger/labs/sql-injection/examining-the-database-querying-database-version-oracle)                       | <span className="dbadge dbadge-medium">PRACTITIONER</span> | SQL Injection   | [Open](https://portswigger.net/web-security/sql-injection/examining-the-database/lab-querying-database-version-oracle)          |
| [SQL injection UNION attack, determining the number of columns returned by the query](/en/portswigger/labs/sql-injection/union-attacks-determine-number-of-columns)                        | <span className="dbadge dbadge-medium">PRACTITIONER</span> | SQL Injection   | [Open](https://portswigger.net/web-security/sql-injection/union-attacks/lab-determine-number-of-columns)                        |
| [SQL injection UNION attack, finding a column containing text](/en/portswigger/labs/sql-injection/union-attacks-find-column-containing-text)                                               | <span className="dbadge dbadge-medium">PRACTITIONER</span> | SQL Injection   | [Open](https://portswigger.net/web-security/sql-injection/union-attacks/lab-find-column-containing-text)                        |
| [SQL injection UNION attack, retrieving data from other tables](/en/portswigger/labs/sql-injection/union-attacks-retrieve-data-from-other-tables)                                          | <span className="dbadge dbadge-medium">PRACTITIONER</span> | SQL Injection   | [Open](https://portswigger.net/web-security/sql-injection/union-attacks/lab-retrieve-data-from-other-tables)                    |
| [SQL injection UNION attack, retrieving multiple values in a single column](/en/portswigger/labs/sql-injection/union-attacks-retrieve-multiple-values-in-single-column)                    | <span className="dbadge dbadge-medium">PRACTITIONER</span> | SQL Injection   | [Open](https://portswigger.net/web-security/sql-injection/union-attacks/lab-retrieve-multiple-values-in-single-column)          |
| [SQL injection with filter bypass via XML encoding](/en/portswigger/labs/sql-injection/sql-injection-with-filter-bypass-via-xml-encoding)                                                  | <span className="dbadge dbadge-medium">PRACTITIONER</span> | SQL Injection   | [Open](https://portswigger.net/web-security/sql-injection/lab-sql-injection-with-filter-bypass-via-xml-encoding)                |
| [Visible error-based SQL injection](/en/portswigger/labs/sql-injection/blind-sql-injection-visible-error-based)                                                                            | <span className="dbadge dbadge-medium">PRACTITIONER</span> | SQL Injection   | [Open](https://portswigger.net/web-security/sql-injection/blind/lab-sql-injection-visible-error-based)                          |

## TryHackMe rooms practicing SQL Injection (20)

| Room                                                                   | Difficulty                                         | Type        | Access  | Official                                                  |
| ---------------------------------------------------------------------- | -------------------------------------------------- | ----------- | ------- | --------------------------------------------------------- |
| [25 Days of Cyber Security](/en/tryhackme/rooms/learncyberin25days)    | <span className="dbadge dbadge-easy">EASY</span>   | Walkthrough | 🟢 Free | [Open](https://tryhackme.com/room/learncyberin25days)     |
| [Advent of Cyber 2 \[2020\]](/en/tryhackme/rooms/adventofcyber2)       | <span className="dbadge dbadge-easy">EASY</span>   | Walkthrough | 🟢 Free | [Open](https://tryhackme.com/room/adventofcyber2)         |
| [Advent of Cyber 2022](/en/tryhackme/rooms/adventofcyber4)             | <span className="dbadge dbadge-easy">EASY</span>   | Walkthrough | 🟢 Free | [Open](https://tryhackme.com/room/adventofcyber4)         |
| [Advent of Cyber 3 (2021)](/en/tryhackme/rooms/adventofcyber3)         | <span className="dbadge dbadge-easy">EASY</span>   | Walkthrough | 🟢 Free | [Open](https://tryhackme.com/room/adventofcyber3)         |
| [Avengers Blog](/en/tryhackme/rooms/avengers)                          | <span className="dbadge dbadge-easy">EASY</span>   | Walkthrough | 🔵 VIP  | [Open](https://tryhackme.com/room/avengers)               |
| [Custom Tooling Using Python](/en/tryhackme/rooms/customtoolingpython) | <span className="dbadge dbadge-easy">EASY</span>   | Walkthrough | 🟢 Free | [Open](https://tryhackme.com/room/customtoolingpython)    |
| [NoSQL Injection](/en/tryhackme/rooms/nosqlinjectiontutorial)          | <span className="dbadge dbadge-easy">EASY</span>   | Walkthrough | 🟢 Free | [Open](https://tryhackme.com/room/nosqlinjectiontutorial) |
| [OWASP Juice Shop](/en/tryhackme/rooms/owaspjuiceshop)                 | <span className="dbadge dbadge-easy">EASY</span>   | Walkthrough | 🟢 Free | [Open](https://tryhackme.com/room/owaspjuiceshop)         |
| [Simple CTF](/en/tryhackme/rooms/easyctf)                              | <span className="dbadge dbadge-easy">EASY</span>   | Challenge   | 🟢 Free | [Open](https://tryhackme.com/room/easyctf)                |
| [SQLMap: The Basics](/en/tryhackme/rooms/sqlmapthebasics)              | <span className="dbadge dbadge-easy">EASY</span>   | Walkthrough | 🔵 VIP  | [Open](https://tryhackme.com/room/sqlmapthebasics)        |
| [WAF: Introduction](/en/tryhackme/rooms/wafintroduction)               | <span className="dbadge dbadge-easy">EASY</span>   | Walkthrough | 🟢 Free | [Open](https://tryhackme.com/room/wafintroduction)        |
| [Advanced SQL Injection](/en/tryhackme/rooms/advancedsqlinjection)     | <span className="dbadge dbadge-easy">MEDIUM</span> | Walkthrough | 🟢 Free | [Open](https://tryhackme.com/room/advancedsqlinjection)   |
| [CTF collection Vol.2](/en/tryhackme/rooms/ctfcollectionvol2)          | <span className="dbadge dbadge-easy">MEDIUM</span> | Challenge   | 🟢 Free | [Open](https://tryhackme.com/room/ctfcollectionvol2)      |
| [Prioritise](/en/tryhackme/rooms/prioritise)                           | <span className="dbadge dbadge-easy">MEDIUM</span> | Challenge   | 🟢 Free | [Open](https://tryhackme.com/room/prioritise)             |
| [SQHell](/en/tryhackme/rooms/sqhell)                                   | <span className="dbadge dbadge-easy">MEDIUM</span> | Challenge   | 🟢 Free | [Open](https://tryhackme.com/room/sqhell)                 |
| [SQL Injection](/en/tryhackme/rooms/sqlinjectionlm)                    | <span className="dbadge dbadge-easy">MEDIUM</span> | Walkthrough | 🟢 Free | [Open](https://tryhackme.com/room/sqlinjectionlm)         |
| [TryHack3M: Sch3Ma D3Mon](/en/tryhackme/rooms/sch3mad3mon)             | <span className="dbadge dbadge-easy">MEDIUM</span> | Walkthrough | 🟢 Free | [Open](https://tryhackme.com/room/sch3mad3mon)            |
| [Wekor](/en/tryhackme/rooms/wekorra)                                   | <span className="dbadge dbadge-easy">MEDIUM</span> | Challenge   | 🟢 Free | [Open](https://tryhackme.com/room/wekorra)                |
| [Daily Bugle](/en/tryhackme/rooms/dailybugle)                          | <span className="dbadge dbadge-easy">HARD</span>   | Challenge   | 🔵 VIP  | [Open](https://tryhackme.com/room/dailybugle)             |
| [Sequel Dump](/en/tryhackme/rooms/hfb1sequeldump)                      | <span className="dbadge dbadge-easy">HARD</span>   | Challenge   | 🔵 VIP  | [Open](https://tryhackme.com/room/hfb1sequeldump)         |

## Related skills

* [/en/skills/rce](/en/skills/rce)
* [/en/skills/xss](/en/skills/xss)

***

← [Back to the full glossary](/en/glossary)

<script type="application/ld+json">
  {`{"@context":"https://schema.org","@type":"DefinedTerm","name":"SQL Injection","termCode":"sqli","inLanguage":"en","url":"https://rootea.es/en/skills/sqli","inDefinedTermSet":{"@type":"DefinedTermSet","name":"Tactical pentesting glossary","url":"https://rootea.es/en/glossary"}}`}
</script>

<script type="application/ld+json">
  {`{"@context":"https://schema.org","@type":"ItemList","name":"HTB machines practicing SQL Injection","numberOfItems":36,"itemListElement":[{"@type":"ListItem","position":1,"url":"https://rootea.es/en/htb/machines/linux/dificil/altered","name":"Altered"},{"@type":"ListItem","position":2,"url":"https://rootea.es/en/htb/machines/windows/insano/bankrobber","name":"Bankrobber"},{"@type":"ListItem","position":3,"url":"https://rootea.es/en/htb/machines/windows/medio/bastard","name":"Bastard"},{"@type":"ListItem","position":4,"url":"https://rootea.es/en/htb/machines/windows/dificil/breadcrumbs","name":"Breadcrumbs"},{"@type":"ListItem","position":5,"url":"https://rootea.es/en/htb/machines/linux/medio/cache","name":"Cache"},{"@type":"ListItem","position":6,"url":"https://rootea.es/en/htb/machines/windows/medio/cascade","name":"Cascade"},{"@type":"ListItem","position":7,"url":"https://rootea.es/en/htb/machines/linux/medio/catch","name":"Catch"},{"@type":"ListItem","position":8,"url":"https://rootea.es/en/htb/machines/linux/dificil/charon","name":"Charon"},{"@type":"ListItem","position":9,"url":"https://rootea.es/en/htb/machines/windows/dificil/control","name":"Control"},{"@type":"ListItem","position":10,"url":"https://rootea.es/en/htb/machines/linux/medio/cronos","name":"Cronos"},{"@type":"ListItem","position":11,"url":"https://rootea.es/en/htb/machines/linux/dificil/earlyaccess","name":"EarlyAccess"},{"@type":"ListItem","position":12,"url":"https://rootea.es/en/htb/machines/linux/medio/enterprise","name":"Enterprise"},{"@type":"ListItem","position":13,"url":"https://rootea.es/en/htb/machines/linux/medio/europa","name":"Europa"},{"@type":"ListItem","position":14,"url":"https://rootea.es/en/htb/machines/linux/dificil/falafel","name":"Falafel"},{"@type":"ListItem","position":15,"url":"https://rootea.es/en/htb/machines/windows/insano/fighter","name":"Fighter"},{"@type":"ListItem","position":16,"url":"https://rootea.es/en/htb/machines/linux/dificil/flujab","name":"Flujab"},{"@type":"ListItem","position":17,"url":"https://rootea.es/en/htb/machines/windows/medio/giddy","name":"Giddy"},{"@type":"ListItem","position":18,"url":"https://rootea.es/en/htb/machines/linux/facil/goodgames","name":"GoodGames"},{"@type":"ListItem","position":19,"url":"https://rootea.es/en/htb/machines/linux/dificil/holiday","name":"Holiday"},{"@type":"ListItem","position":20,"url":"https://rootea.es/en/htb/machines/linux/medio/mango","name":"Mango"},{"@type":"ListItem","position":21,"url":"https://rootea.es/en/htb/machines/windows/insano/multimaster","name":"MultiMaster"},{"@type":"ListItem","position":22,"url":"https://rootea.es/en/htb/machines/linux/insano/nightmare","name":"Nightmare"},{"@type":"ListItem","position":23,"url":"https://rootea.es/en/htb/machines/linux/facil/nodeblog","name":"NodeBlog"},{"@type":"ListItem","position":24,"url":"https://rootea.es/en/htb/machines/linux/dificil/overflow","name":"Overflow"},{"@type":"ListItem","position":25,"url":"https://rootea.es/en/htb/machines/linux/dificil/overgraph","name":"OverGraph"}]}`}
</script>

*Last updated: 2026-05-09*
