Hack The Box's Introduction to Penetration ing: Appointment

Projects Details

Hack The Box's Introduction to Penetration Testing: Appointment

Appointment is a machine located in Hack The Box's Starting Point Tier 1. This box offers an opportunity to practice executing an SQL injection on a web application that utilizes an SQL database.

Project information

Title: Appointment
Organizer: Hack The Box
Project date: May, 2023
URL: www.hackthebox.com

To obtain the VPN profile for connecting to Hack The Box, please follow these steps:

Click on the "HTB" button located in the top right corner.
From the options, select "Starting Point".
Choose "OpenVPN" and click on it.
Finally, click on the "Download VPN" button to acquire the VPN profile.

To connect to HTB, for Windows users, download and install OpenVPN Connect and load the VPN profile into the application. Linux users can connect by opening a Terminal and entering the provided command below. Please allow a few minutes for the HTB website to acknowledge the connection.

Begin by initiating a connection to the Starting Point VPN.

sudo openvpn [filename].ovpn

Launch a new tab on your Kali Linux terminal while keeping the current tab connected to your lab session.

Click the green "Spawn Machine" button to start the target machine's spawning process. Remember that the IP address for the target machine is 10.129.64.105. However, use the IP address you have received, as it may differ from the provided one.

Take a look at the IP address in a web browser to get an idea of how the website appears.

Subsequently, you will be presented with a question that will serve as a prompt for the subsequent task. This will continue until you've completed all the tasks.

Task 1 inquires, “What does the acronym SQL stand for?”

The answer is Structured Query Language. Feel free to conduct a Google search for the acronym to uncover the answer, or you can also refer to the hint, which suggests utilizing Google search as well.

Task 2 inquires, “What is one of the most common type of SQL vulnerabilities?

Intrigued by the hint, I decided to download the Appointment's Walkthrough to satisfy my curiosity. As indicated, I specifically sought out the Introduction section, which disclosed the presence of "SQL Injection".

Hence the answer is SQL Injection.

Task 3 inquires, “What does PII stand for?”

Interestingly, this particular question is included in the CompTIA Security+ exam.PII is an acronym that stands for Personally Identifiable Information.

Task 4 inquires, "What is the 2021 OWASP Top 10 classification for this vulnerability?"

After referring to the provided hint, it states, "It ranks third (previously first) on the OWASP Top 10 list of frequently encountered web vulnerabilities. Utilize the full classification name." Following the hint, I reviewed the downloaded walkthrough from HTB, which directed me to the OWASP website containing the Top 10 Web Application Security Risks.

The answer is A03:2021-Injection

Task 5 inquires, “What does Nmap report as the service and version that are running on port 80 of the target?"

To determine the service and version running on port 80 of the target IP address, I will perform an nmap scan using the following command.
nmap -sV 10.129.64.105
This will provide information about the specific service and its corresponding version.

Apache httpd 2.4.38 ((Debian)) is the answer.

Task 6 inquires, “What is the standard port used for the HTTPS protocol?

The correct response is 443, which is the port commonly associated with HTTPS.

Task 7 inquires, “What is a folder called in web-application terminology?”

The correct answer is directory.

Task 8 inquires, “What is the HTTP response code is given for 'Not Found' errors?”

The HTTP response code assigned for "Not Found" errors is 404.

Task 9 inquires, “Gobuster is one tool used to brute force directories on a webserver. What switch do we use with Gobuster to specify we're looking to discover directories, and not subdomains? ”

When our objective is to identify directories rather than subdomains, the appropriate switch to utilize is dir.

Task 10 inquires, “What single character can be used to comment out the rest of a line in MySQL?”

In MySQL, the # symbol can be employed as a single character to comment out the remainder of a line.

Task 11 inquires, “If user input is not handled carefully, it could be interpreted as a comment. Use a comment to login as admin without knowing the password. What is the first word on the webpage returned?”

Congradulations! is the answer

Finally, the last one which is to “Submit root flag.”

To successfully authenticate on this website, I effectively employed SQL injection (SQLi) techniques to overcome the authentication challenge. To acquire reliable and comprehensive information on SQL Injection authentication bypass cheat sheet , I sought guidance from penlab.blog.

I opted to use the hash symbol in the username due to its relevance in Task 10 . The question presented in Task 10 specifically featured the # symbol, prompting me to utilize it accordingly

Projects Details

Hack The Box's Introduction to Penetration Testing: Appointment

Appointment is a machine located in Hack The Box's Starting Point Tier 1. This box offers an opportunity to practice executing an SQL injection on a web application that utilizes an SQL database.

Project information

CyberTalents Catch The Flag: Who is Admin

Hack The Box Starting Point: Sequel

To obtain the VPN profile for connecting to Hack The Box, please follow these steps:

To connect to HTB, for Windows users, download and install OpenVPN Connect and load the VPN profile into the application. Linux users can connect by opening a Terminal and entering the provided command below. Please allow a few minutes for the HTB website to acknowledge the connection.

Begin by initiating a connection to the Starting Point VPN.

Launch a new tab on your Kali Linux terminal while keeping the current tab connected to your lab session.

Click the green "Spawn Machine" button to start the target machine's spawning process. Remember that the IP address for the target machine is 10.129.64.105. However, use the IP address you have received, as it may differ from the provided one.

Take a look at the IP address in a web browser to get an idea of how the website appears.

Subsequently, you will be presented with a question that will serve as a prompt for the subsequent task. This will continue until you've completed all the tasks.

Task 1 inquires, “What does the acronym SQL stand for?”

The answer is Structured Query Language. Feel free to conduct a Google search for the acronym to uncover the answer, or you can also refer to the hint, which suggests utilizing Google search as well.

Task 2 inquires, “What is one of the most common type of SQL vulnerabilities?

Intrigued by the hint, I decided to download the Appointment's Walkthrough to satisfy my curiosity. As indicated, I specifically sought out the Introduction section, which disclosed the presence of "SQL Injection".

Hence the answer is SQL Injection.

Task 3 inquires, “What does PII stand for?”

Interestingly, this particular question is included in the CompTIA Security+ exam.PII is an acronym that stands for Personally Identifiable Information.

Task 4 inquires, "What is the 2021 OWASP Top 10 classification for this vulnerability?"

The answer is A03:2021-Injection

Task 5 inquires, “What does Nmap report as the service and version that are running on port 80 of the target?"

To determine the service and version running on port 80 of the target IP address, I will perform an nmap scan using the following command. nmap -sV 10.129.64.105 This will provide information about the specific service and its corresponding version.

Apache httpd 2.4.38 ((Debian)) is the answer.

Task 6 inquires, “What is the standard port used for the HTTPS protocol?

The correct response is 443, which is the port commonly associated with HTTPS.

Task 7 inquires, “What is a folder called in web-application terminology?”

The correct answer is directory.

Task 8 inquires, “What is the HTTP response code is given for 'Not Found' errors?”

The HTTP response code assigned for "Not Found" errors is 404.

Task 9 inquires, “Gobuster is one tool used to brute force directories on a webserver. What switch do we use with Gobuster to specify we're looking to discover directories, and not subdomains? ”

When our objective is to identify directories rather than subdomains, the appropriate switch to utilize is dir.

Task 10 inquires, “What single character can be used to comment out the rest of a line in MySQL?”

In MySQL, the # symbol can be employed as a single character to comment out the remainder of a line.

Task 11 inquires, “If user input is not handled carefully, it could be interpreted as a comment. Use a comment to login as admin without knowing the password. What is the first word on the webpage returned?”

Congradulations! is the answer

Finally, the last one which is to “Submit root flag.”

To successfully authenticate on this website, I effectively employed SQL injection (SQLi) techniques to overcome the authentication challenge. To acquire reliable and comprehensive information on SQL Injection authentication bypass cheat sheet , I sought guidance from penlab.blog.

I opted to use the hash symbol in the username due to its relevance in Task 10 . The question presented in Task 10 specifically featured the # symbol, prompting me to utilize it accordingly

Upon using the username admin'# and the password admin, I was able to successfully log in and obtain the flag.

Congratulations! Your flag is: e3d0796d002a446c0e622226f42e9672

Achievement

Thank you for taking the time to read this. I can be reached on twitter LinkedIn

To determine the service and version running on port 80 of the target IP address, I will perform an nmap scan using the following command.
nmap -sV 10.129.64.105
This will provide information about the specific service and its corresponding version.

Congratulations!
Your flag is: e3d0796d002a446c0e622226f42e9672

Thank you for taking the time to read this. I can be reached on
twitter

LinkedIn