IP address: **10.129.125.69
Q: What does the acronym SQL stand for? A: Structured Query Language
Q: What is one of the most common type of SQL vulnerabilities? A: SQL Injection
Q: What does Pii stand for>? A: Personalyl Identifiable Information
Q: What does the OWASP Top 10 list name the classification for this vulnerability A: Ao3:2021-Injection
Q: What service and version are running on port 80 of the target?
A: Apache httpd 2.4.38 ((Debian))
└─$ nmap -sV -sC 10.129.25.69 -Pn
Need to use the flag -Pn because the IP was blocking nmaps ping probs.
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.38 ((Debian))
|_http-title: Login
Q: What is the standard port used for the HTTPS protocol? A: 443
Q: What is one luck-based method of exploiting login pages? A: brute-forcing
Q: What is a folder called in web-application terminology? A: directory
Q: What response code is given for “Not Found” errors? A: 404
Q: What switch do we use with Gobuster to specify we’re looking to discover directories, and not subdomains? A: dir
Q: What symbol do we use to comment out parts of the code? A: #
i tried to brute force the username and password combo with generic parameters such as admin:admin password:password etc however none of them worked.
Note how the box has talked about SQL injectionn which could be a hint. I know that we can trick the box parameters into thinking the statement is done by adding a '# to the first username to comment out the password to get and sql statement that liikes like
SELECT user WHERE username = 'admin' #' && password =
Note how the password and the one ' is commented out? This lets us login because there is no santization of input.