> For the complete documentation index, see [llms.txt](https://sgtdiddlywink.gitbook.io/htb/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sgtdiddlywink.gitbook.io/htb/machines/starting-point-machines/tier-1-machines/appointment.md).

# Appointment

{% file src="/files/K3h9NuaZTrprkkGLA61Y" %}

**Task 1: What does the acronym SQL stand for?**

* Quick google search shows that it is Structured Query Language

**Task 2: What is one of the most common type of SQL vulnerabilities?**

* Google search shows SQL Injection

**Task 3: What does PII stand for?**

* Google search shows Personally Identifiable Information

**Task 4: What is the 2021 OWASP Top 10 classification for this vulnerability?**

* Took a bit more then the other ones. I first googled top 10 owasp vulnerabilities for 2021. It took a while to realize that the answer was the full name like hint suggested.&#x20;
* a03:2021-injection

**Task 5: What does Nmap report as the service and version that are running on port 80 of the target?**

* I ran the following nmap scan and got the answer:
*

```
<figure><img src="/files/CEyMc0TlkgRi4tR1b4LO" alt=""><figcaption></figcaption></figure>
```

**Task 6: What is the standard port used for the HTTPS protocol?**

* I just know this from memory to be 443.

**Task 7: What is a folder called in web-application terminology?**

* Pretty sure it is "directory". Which it is.

**Task 8: What is the HTTP response code is given for 'Not Found' errors?**

* Pretty sure this is 404.
* Which it is.

**Task 9: Gobuster is one tool used to brute force directories on a webserver. What switch do we use with Gobuster to specify we're looking to discover directories, and not subdomains?**

* I knew from memory that it is "dir"

**Task 10: What single character can be used to comment out the rest of a line in MySQL?**

* It took a couple of tries but recalled that the # comments out text in python which it does the same for SQL

**Task 11: If user input is not handled carefully, it could be interpreted as a comment. Use a comment to login as admin without knowing the password. What is the first word on the webpage returned?**

* Go to your web browser and go to the IP address given which should give you a login page.
* I first tried just the # at the end of the username "admin". But that didn't work.
* I had to go into the write up to get familiarized with how basic sql injection works.
* You first use a ' to finish out the string input and then place a # to comment out the rest which would be the password validation.

```
Username: admin'#
Password: [Put whatever you want because it will be commented out]
```

* This will take you to a new page and the first word will be congratualtions.

**Capture the Flag:**

* On the same page from the previous task, it gives you the flag:
  * **e3d0796d002a446c0e622226f42e9672**
