HackTheBox_StartingPoint_Tier1_Appointment

You need to walk before you can run

TASK 1 What does the acronym SQL stand for?

SQL的全称是:Structured Query Language

TASK 2 What is one of the most common type of SQL vulnerabilities?

常见的SQL漏洞之一是:SQL Injection(SQL注入)

TASK 3 What does PII stand for?

PII的全称是:Personally Identifiable Information(个人可验证信息)

TASK 4 What does the OWASP Top 10 list name the classification for this vulnerability?

OWASP Top 10将此漏洞(即SQL注入)命名为:A03:2021-Injection

TASK 5 What service and version are running on port 80 of the target?

靶机上80端口运行的服务和版本为:Apache httpd 2.4.38 ((Debian))

在这里插入图片描述

TASK 6 What is the standard port used for the HTTPS protocol?

HTTPS协议的标准端口是:443

TASK 7 What is one luck-based method of exploiting login pages?

在登录页面碰运气的方法是:brute-forcing(暴力破解)

TASK 8 What is a folder called in web-application terminology?

WEB应用中的文件夹被称为:directory

TASK 9 What response code is given for “Not Found” errors?

“Not Found”对应的响应代码是:404

TASK 10 What switch do we use with Gobuster to specify we’re looking to discover directories, and not subdomains?

在 Gobuster 中用于来指定我们正在寻找目录而不是子域的命令是:dir

TASK 11 What symbol do we use to comment out parts of the code?

用于注释代码的符号:#

Submit root flag

1、直接访问IP,发现登录页面

2、利用万能密码绕过,成功登录拿到flag

username:1’ or 1=1#

password:随便输

在这里插入图片描述

You will never know the mysteries!

支付宝
微信

扫一扫,分享到微信

微信分享二维码

tag:

    缺失模块。
    1、请确保node版本大于6.2
    2、在博客根目录(注意不是yilia根目录)执行以下命令:
    npm i hexo-generator-json-content --save

    3、在根目录_config.yml里添加配置: 

      jsonContent:
    meta: false
    pages: false
    posts:
      title: true
      date: true
      path: true
      text: false
      raw: false
      content: false
      slug: false
      updated: false
      comments: false
      link: false
      permalink: false
      excerpt: false
      categories: false
      tags: true

姓名:米古丽<br>生日:2000-03-03<br>队伍:仰望星空派<br>QQ:2916681908<br><br>一清主义至上者<br>I sense a mystery!