← Back
Appointment | Avishai’s CTF Writeups

Avishai's CTF Writeups

Yalla Balagan! A collection of my CTF writeups and solutions.

View on GitHub

TL;DR

Using SQL Injection we enter the system and get the flag

Recon

first, we’ll start with the nmap:

nmap -p- -sVC --min-rate=10000 $target

As we can see, the only open port is 80.

nmap

We can see there is an apache server on this port, and it serves a page that its title is login, so it’s probably some sort of login page.

PORT      STATE    SERVICE VERSION
80/tcp    open     http    Apache httpd 2.4.38 ((Debian))
|_http-server-header: Apache/2.4.38 (Debian)
|_http-title: Login

SQL Injection to accessing

Okay, when i try to give some dummy credentials, nothing happens. Let’s try to do SQL Injection here.

we’ll give something like: 2' or '1'='1'# as a username, and password as password.

login

And we get the flag!

flag

Flag:e3d0796d002a446c0e622226f42e9672