# Task 1

Q:What does the acronym SQL stand for?

A:Structured Query Language

# Task 2

Q:What is one of the most common type of SQL vulnerabilities?

A:SQL injection

# Task 3

Q:What does PII stand for?

A:personally identifiable information

# Task 4

Q:What does the OWASP Top 10 list name the classification for this vulnerability?

A:A03:2021-Injection

# Task 5

Q:What service and version are running on port 80 of the target?

nmap -A -p80 10.129.187.181

┌──(root💀kali)-[~]
└─# nmap -A -p80 10.129.187.181
Starting Nmap 7.92 ( https://nmap.org ) at 2022-05-05 08:21 CST
Nmap scan report for 10.129.187.181
Host is up (0.57s latency).
PORT   STATE SERVICE VERSION
80/tcp open  http    Apache httpd 2.4.38 ((Debian))
|_http-title: Login
|_http-server-header: Apache/2.4.38 (Debian)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Aggressive OS guesses: Linux 4.15 - 5.6 (95%), Linux 5.3 - 5.4 (95%), Linux 2.6.32 (95%), Linux 5.0 - 5.3 (95%), Linux 3.1 (95%), Linux 3.2 (95%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (94%), ASUS RT-N56U WAP (Linux 3.4) (93%), Linux 3.16 (93%), Linux 5.0 - 5.4 (93%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 2 hops
TRACEROUTE (using port 80/tcp)
HOP RTT       ADDRESS
1   542.87 ms 10.10.16.1
2   272.14 ms 10.129.187.181
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 36.55 seconds

A:Apache httpd 2.4.38 ((Debian))

# Task 6

Q:What is the standard port used for the HTTPS protocol?

A:443

# Task 7

Q:What is one luck-based method of exploiting login pages?

A:brute-forcing

# Task 8

Q:What is a folder called in web-application terminology?

A:directory

# Task 9

Q:What response code is given for "Not Found" errors?

A:404

# Task 10

Q:What switch do we use with Gobuster to specify we're looking to discover directories, and not subdomains?

A:dir

这个是个工具叫 Gobuster,改天可以下载看看

# Task 11

Q:What symbol do we use to comment out parts of the code?

A: #

# Task 12

这明显是一个 web 服务器

直接打开是一个登录页面

用户名 admin'#
密码随便填就直接注释登录进去了

直接得到 flag