Task 1
Q:What does the acronym SQL stand for?
A:Structured Query Language
Task 2
Q:What is one of the most common type of SQL vulnerabilities?
A:SQL injection
Task 3
Q:What does PII stand for?
A:personally identifiable information
Task 4
Q:What does the OWASP Top 10 list name the classification for this vulnerability?
A:A03:2021-Injection
Task 5
Q:What service and version are running on port 80 of the target?
nmap -A -p80 10.129.187.181
┌──(root💀kali)-[~]
└─# nmap -A -p80 10.129.187.181
Starting Nmap 7.92 ( https://nmap.org ) at 2022-05-05 08:21 CST
Nmap scan report for 10.129.187.181
Host is up (0.57s latency).
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.38 ((Debian))
|_http-title: Login
|_http-server-header: Apache/2.4.38 (Debian)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Aggressive OS guesses: Linux 4.15 - 5.6 (95%), Linux 5.3 - 5.4 (95%), Linux 2.6.32 (95%), Linux 5.0 - 5.3 (95%), Linux 3.1 (95%), Linux 3.2 (95%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (94%), ASUS RT-N56U WAP (Linux 3.4) (93%), Linux 3.16 (93%), Linux 5.0 - 5.4 (93%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 2 hops
TRACEROUTE (using port 80/tcp)
HOP RTT ADDRESS
1 542.87 ms 10.10.16.1
2 272.14 ms 10.129.187.181
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 36.55 seconds
A:Apache httpd 2.4.38 ((Debian))
Task 6
Q:What is the standard port used for the HTTPS protocol?
A:443
Task 7
Q:What is one luck-based method of exploiting login pages?
A:brute-forcing
Task 8
Q:What is a folder called in web-application terminology?
A:directory
Task 9
Q:What response code is given for "Not Found" errors?
A:404
Task 10
Q:What switch do we use with Gobuster to specify we're looking to discover directories, and not subdomains?
A:dir
这个是个工具叫Gobuster,改天可以下载看看
Task 11
Q:What symbol do we use to comment out parts of the code?
A:#
Task 12
这明显是一个web服务器
直接打开是一个登录页面
用户名admin'#
密码随便填就直接注释登录进去了
直接得到flag