[Tier1] Appointment (SQLi)

Task

• What does the acronym SQL stand for?
  • Structured Query Language
• What is one of the most common type of SQL vulnerabilities?
  • SQL Injection
• What is the 2021 OWASP Top 10 classification for this vulnerability?
  • A03:2021-Injection
• What does Nmap report as the service and version that are running on port 80 of the target?
  • Apache httpd 2.4.38 ((Debian))
• What is the standard port used for the HTTPS protocol?
  • 443
• What is a folder called in web-application terminology?
  • directory
• What is the HTTP response code is given for 'Not Found' errors?
  • 404
• Gobuster is one tool used to brute force directories on a webserver. What switch do we use with Gobuster to specify we're looking to discover directories, and not subdomains?
  • dir
• What single character can be used to comment out the rest of a line in MySQL?’
  • #
• If user input is not handled carefully, it could be interpreted as a comment. Use a comment to login as admin without knowing the password. What is the first word on the webpage returned?
  • Congratulations

Top 10:2021 List

• A01 Broken Access Control

• A02 Cryptographic Failures

• A03 Injection

• A04 Insecure Design

• A05 Security Misconfiguration

• A06 Vulnerable and Outdated Components

• A07 Identification and Authentication Failures

• A08 Software and Data Integrity Failures

• A09 Security Logging and Monitoring Failures

• A10 Server Side Request Forgery (SSRF)

 

Write Up

`nmap -p- -sV [IP]`

를 이용하여 전체 포트 스캔 + 서비스 버전 확인

대충 들어가자마자 SQLi 해서 문제 해결

`admin' #` 를 이용하여 해결할 수 있다.

추가적으로, gobuster을 사용해봤다.

sudo apt update && sudo apt install gobuster
sudo apt update
sudo apt install dirb -y # /usr/share/dirb/wordlistst/ 에 설치됨
sudo apt install seclists -y # /usr/share/seclists/ 에 설치됨

gobuster와 워드리스트 파일 설치를 해줘야함. (pwnbox에서는 이미 제공해줌)

gobuster dir -u [IP] -w /usr/share/seclists/Discovery/Web-Content/common.txt

대충 seclists의 common.txt를 이용하여 dir scan을 쭉 해줄 수 있음.