Day 10

Learning Objectives

• Learn to understand and identify SQL injection vulnerabilities

• Exploit stacked queries to turn SQL injection into remote code execution

• Help Elf McRed restore the Best Festival website and save its reputation!

This room is straightforward with all the instructions and commands given to us.

Manually navigate the defaced website to find the vulnerable search form. What is the first webpage you come across that contains the gift-finding feature?
[REDACTED]
Open the website and you will find a gift search option available. 

Analyze the SQL error message that is returned. What ODBC Driver is being used in the back end of the website?
[REDACTED]
One of the given commands will lead us to this error. The answer can be found in the error message

Inject the 1=1 condition into the Gift Search form. What is the last result returned in the database?
[REDACTED]
The command will  retrieve all gift results, regardless of the specified parameters.

What flag is in the note file Gr33dstr left behind on the system?
[REDACTED]
Upon sucessfully getting a reverse shell. We can look around to find the note.txt
The flag can be found inside it.

First flag found in note.txt

The main goal of this room is to restore the defaced website. When we get reverse shell and after manually looking around in the folders we find hints on how to restore the website. We find that the original website and the defaced website have backups.

What is the flag you receive on the homepage after restoring the website?
[REDACTED]
Restore to website and access it again and you will get the flag.

Second flag found after restoring website