📦
HTB
  • Machines
    • Starting Point Machines
      • Tier 0 Machines
        • Meow
        • Fawn
        • Dancing
        • Redeemer
        • Explosion
        • Preignition
        • Mongod
        • Synced
      • Tier 1 Machines
        • Appointment
        • Sequel
        • Crocodile
        • Responder
        • Three
        • Ignition
        • Bike
        • Funnel
        • Pennyworth
        • Tactics
      • Tier 2 Machines
        • Archetype
        • Oopsie
        • Vaccine
        • Unified
        • Included
        • Markup
        • Base
    • Easy Machines
      • Nibbles
      • Stocker
      • Lame
        • Findings
        • Recon
          • NMAP
          • FTP
          • SSH
          • SMB Client
        • Exploitation
          • FTP
          • Samba
      • Find the easy Pass
      • Weak RSA
      • Jerry (Windows)
        • Recon
        • Enumeration
        • Vulnerabilities
      • You know 0xDiablos
      • Netmon
      • Blue
      • Precious
      • Optimum
      • Cap
      • Knife
    • Medium Machines
      • Under Construction
  • Getting Started Notes
    • Getting Help
    • SSL/TLS Certificates
    • Tutorial Websites
    • Wayback Machine
    • Wappalyzer
    • Google Hacking/Dorking
    • Blogs
    • Youtube Resources
    • Vulnerable Machines
    • Challenges
    • Parrot
    • Common Terms
    • Common Ports
    • SecLists
    • Shells
    • Enumeration Scripts
    • Escalation
    • Downloading files from Target
    • Knowledge Check
Powered by GitBook
On this page
  1. Machines
  2. Starting Point Machines
  3. Tier 1 Machines

Appointment

PreviousTier 1 MachinesNextSequel

Last updated 2 years ago

Task 1: What does the acronym SQL stand for?

  • Quick google search shows that it is Structured Query Language

Task 2: What is one of the most common type of SQL vulnerabilities?

  • Google search shows SQL Injection

Task 3: What does PII stand for?

  • Google search shows Personally Identifiable Information

Task 4: What is the 2021 OWASP Top 10 classification for this vulnerability?

  • Took a bit more then the other ones. I first googled top 10 owasp vulnerabilities for 2021. It took a while to realize that the answer was the full name like hint suggested.

  • a03:2021-injection

Task 5: What does Nmap report as the service and version that are running on port 80 of the target?

  • I ran the following nmap scan and got the answer:

Task 6: What is the standard port used for the HTTPS protocol?

  • I just know this from memory to be 443.

Task 7: What is a folder called in web-application terminology?

  • Pretty sure it is "directory". Which it is.

Task 8: What is the HTTP response code is given for 'Not Found' errors?

  • Pretty sure this is 404.

  • Which it is.

Task 9: Gobuster is one tool used to brute force directories on a webserver. What switch do we use with Gobuster to specify we're looking to discover directories, and not subdomains?

  • I knew from memory that it is "dir"

Task 10: What single character can be used to comment out the rest of a line in MySQL?

  • It took a couple of tries but recalled that the # comments out text in python which it does the same for SQL

Task 11: If user input is not handled carefully, it could be interpreted as a comment. Use a comment to login as admin without knowing the password. What is the first word on the webpage returned?

  • Go to your web browser and go to the IP address given which should give you a login page.

  • I first tried just the # at the end of the username "admin". But that didn't work.

  • I had to go into the write up to get familiarized with how basic sql injection works.

  • You first use a ' to finish out the string input and then place a # to comment out the rest which would be the password validation.

Username: admin'#
Password: [Put whatever you want because it will be commented out]

  • This will take you to a new page and the first word will be congratualtions.

Capture the Flag:

  • On the same page from the previous task, it gives you the flag:

    • e3d0796d002a446c0e622226f42e9672

4MB
Appointment_Write_Up.pdf
pdf