# Task 1
Q:What does the acronym SQL stand for?
A:Structured Query Language
# Task 2
Q:What is one of the most common type of SQL vulnerabilities?
A:SQL injection
# Task 3
Q:What does PII stand for?
A:personally identifiable information
# Task 4
Q:What does the OWASP Top 10 list name the classification for this vulnerability?
A:A03:2021-Injection
# Task 5
Q:What service and version are running on port 80 of the target?
nmap -A -p80 10.129.187.181
┌──(root💀kali)-[~] | |
└─# nmap -A -p80 10.129.187.181 | |
Starting Nmap 7.92 ( https://nmap.org ) at 2022-05-05 08:21 CST | |
Nmap scan report for 10.129.187.181 | |
Host is up (0.57s latency). | |
PORT STATE SERVICE VERSION | |
80/tcp open http Apache httpd 2.4.38 ((Debian)) | |
|_http-title: Login | |
|_http-server-header: Apache/2.4.38 (Debian) | |
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port | |
Aggressive OS guesses: Linux 4.15 - 5.6 (95%), Linux 5.3 - 5.4 (95%), Linux 2.6.32 (95%), Linux 5.0 - 5.3 (95%), Linux 3.1 (95%), Linux 3.2 (95%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (94%), ASUS RT-N56U WAP (Linux 3.4) (93%), Linux 3.16 (93%), Linux 5.0 - 5.4 (93%) | |
No exact OS matches for host (test conditions non-ideal). | |
Network Distance: 2 hops | |
TRACEROUTE (using port 80/tcp) | |
HOP RTT ADDRESS | |
1 542.87 ms 10.10.16.1 | |
2 272.14 ms 10.129.187.181 | |
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . | |
Nmap done: 1 IP address (1 host up) scanned in 36.55 seconds |
A:Apache httpd 2.4.38 ((Debian))
# Task 6
Q:What is the standard port used for the HTTPS protocol?
A:443
# Task 7
Q:What is one luck-based method of exploiting login pages?
A:brute-forcing
# Task 8
Q:What is a folder called in web-application terminology?
A:directory
# Task 9
Q:What response code is given for "Not Found" errors?
A:404
# Task 10
Q:What switch do we use with Gobuster to specify we're looking to discover directories, and not subdomains?
A:dir
这个是个工具叫 Gobuster,改天可以下载看看
# Task 11
Q:What symbol do we use to comment out parts of the code?
A: #
# Task 12
这明显是一个 web 服务器
直接打开是一个登录页面
用户名 admin'#
密码随便填就直接注释登录进去了
直接得到 flag