Appointment

Task 1: What does the acronym SQL stand for?

  • Quick google search shows that it is Structured Query Language

Task 2: What is one of the most common type of SQL vulnerabilities?

  • Google search shows SQL Injection

Task 3: What does PII stand for?

  • Google search shows Personally Identifiable Information

Task 4: What is the 2021 OWASP Top 10 classification for this vulnerability?

  • Took a bit more then the other ones. I first googled top 10 owasp vulnerabilities for 2021. It took a while to realize that the answer was the full name like hint suggested.

  • a03:2021-injection

Task 5: What does Nmap report as the service and version that are running on port 80 of the target?

  • I ran the following nmap scan and got the answer:

Task 6: What is the standard port used for the HTTPS protocol?

  • I just know this from memory to be 443.

Task 7: What is a folder called in web-application terminology?

  • Pretty sure it is "directory". Which it is.

Task 8: What is the HTTP response code is given for 'Not Found' errors?

  • Pretty sure this is 404.

  • Which it is.

Task 9: Gobuster is one tool used to brute force directories on a webserver. What switch do we use with Gobuster to specify we're looking to discover directories, and not subdomains?

  • I knew from memory that it is "dir"

Task 10: What single character can be used to comment out the rest of a line in MySQL?

  • It took a couple of tries but recalled that the # comments out text in python which it does the same for SQL

Task 11: If user input is not handled carefully, it could be interpreted as a comment. Use a comment to login as admin without knowing the password. What is the first word on the webpage returned?

  • Go to your web browser and go to the IP address given which should give you a login page.

  • I first tried just the # at the end of the username "admin". But that didn't work.

  • I had to go into the write up to get familiarized with how basic sql injection works.

  • You first use a ' to finish out the string input and then place a # to comment out the rest which would be the password validation.

Username: admin'#
Password: [Put whatever you want because it will be commented out]
  • This will take you to a new page and the first word will be congratualtions.

Capture the Flag:

  • On the same page from the previous task, it gives you the flag:

    • e3d0796d002a446c0e622226f42e9672

Last updated