Appointment

Target Information:

  • IP: 10.129.185.13
  • Running Apache 2.4.38 on port 80

=================================================

TASK #1: What does the acronym SQL stand for?

  • A: Structured Query Language

TASK #2: What is one of the most common type of SQL vulnerabilities?

  • A: SQL Injection

TASK #3: What does PII stand for?

  • A: Personally Identifiable Information

TASK #4: What does the OWASP Top 10 list name the classification for this vulnerability?

TASK #5: What service and version are running on port 80 of the target?

  • A: Apache httpd 2.4.38 ((Debian))
  • nmap -A -T4 10.129.185.13

TASK #6: What is the standard port used for the HTTPS protocol?

  • A: 443

TASK #7: What is one luck-based method of exploiting login pages?

  • A: brute-forcing

TASK #8: What is a folder called in web-application terminology?

  • A: Directory

TASK #9: What response code is given for "Not Found" errors?

  • A: 404

TASK #10: What switch do we use with Gobuster to specify we're looking to discover directories, and not subdomains?

  • A: dir
  • Install Go
  • Install gobuster
    • go install github.com/OJ/gobuster/v3@latest
  • wget https://raw.githubusercontent.com/v0re/dirb/master/wordlists/common.txt
  • gobuster dir -u 10.129.185.13 -w common.txt -q -n -e

TASK #11: What symbol do we use to comment out parts of the code?

  • A: #

Root Flag: e3d0796d002a446c0e622226f42e9672

  • SQL injection:
    • Username: admin'#
    • Password: admin123