✍️
CTF / Challenges / Boxes
  • ✍️CTF / Challenges / Boxes
    • 💬About me
  • TryHackMe
    • TryHackMe
      • Easy
        • Anonforce
        • Bounty Hacker
        • Brooklyn Nine Nine
        • Coldbox
        • Dav
        • Gaming Server
        • Ignite
        • Lazy Admin
        • Lian_Yu
        • Library
        • Plotted-TMS v3
        • Root Me
        • Simple CTF
        • Startup
        • Thompson
        • Wgel CTF
        • ToolsRus
        • Road
      • Medium
        • 0day
        • Anonymous
        • Haskell
        • Relevant
        • Mr Robot CTF
        • Road
  • HACK THE BOX
    • Hack the Box
      • Easy
        • Beep
        • Mirai
        • Keeper
        • Sau
        • Blue
        • Cap
        • Knife
        • Bashed
        • Nibbles
        • Cozy Hosting
        • Validation
        • Legacy
        • Antique
        • Pilgrimage
        • Wifinetic
        • ScriptKiddie
        • Explore
        • Horizontall
        • Blocky
        • Bank
        • Blunder
  • LetsDefend
    • LetsDefend
      • PRACTICE WITH SOC ALERTS
        • SOC146
        • SOC140
        • SOC114
        • SOC120
        • SOC141
        • SOC165
        • SOC168
        • SOC167
        • SOC169
        • SOC170
        • SOC104_ID14
      • CHALLANGES
        • Malicious Doc
        • Malicious VBA
Powered by GitBook
On this page
  1. HACK THE BOX
  2. Hack the Box
  3. Easy

Validation

Last updated 1 year ago

  1. Enumeration by using rustscan.

  1. Sending request to the burpsuite and adding ' .

Result:

We can see error, so website it's probably vulnerable for SQLi.

  1. Injection:

Checking if working:

Great, fully works.

  1. Now we have to make a shell:

  1. Getting root.

We can find password in config.php, this is password for root account.

Second flag:

We are inside

First flag

👏
🎉