sábado, 26 de agosto de 2023

Lesson Learned? TryHackMe Writeup

 |  , ,  | 


Scanning

We scan the open ports with the nmap tool, scripts and software versions:


Enumeration

We access the website and we can see a authentication:

We can testing with guessing password, but not working:

We try with login Bypass techniques, we see a SQL Injection protection with "OR" characters, the error message suggests us a "hint" to use techniques that does not require "OR", so we are on the right track...

We find to Tib3rius in Twitter, he has post with mentions about to SQL Injection and not uses "OR" parameter:

Exploitation

We try different payloads, we use 1' union select ''# , we successfully to bypass the authentication and we see the flag:

Share This:    Facebook Twitter Linkedin

Related Posts:

  • Talkative HackTheBox Writeup Scanning We run nmap on ports with scripts and software versions. Enumeration Add the domain "talkative.htb" in the file "/etc/hosts", access t… Read More
  • Scrambled HackTheBox WriteupScanningWe run nmap tool on ports 53, 80, 88, 135, 139, 389, 445, 464, 593, 636, 1433, 3268, 3269, with script and software versions:EnumerationW… Read More
  • Late HackTheBox Writeup Scanning We run nmap on all ports with scripts and software versions. Enumeration We access the web site and find the domain (we put it in our /etc/… Read More
  • Catch HackTheBox Writeup Scanning We run nmap on all ports with scripts and software versions. PORT STATE SERVICE VERSION 22/tcp open ssh … Read More
  • Undetected HackThebox Writeup Scanning We run nmap on all ports with scripts and software versions. Enumeration We access the website and review the different sections and the so… Read More