I created this machine to help others learn some basic CTF hacking strategies
and some tools. I aimed this machine to be very similar in difficulty to those
I was breaking on the OSCP.
Viewing any 404 page rendered:
Inspection of the page source revealed a base64 encoded string, encoded within
The above URL exposed a web form, vulnerable to SQL injection.
Thw following SQLMap commands were leveraged during the SQL enumeration and SQL
injection database dumping.
SQLMap Enumerate Databases
SQLMap Full Command
SQLMap Database Dump
SQLMap Database Table Enumeration
SQLMap Enumerate Columns
SQLMap Dump Passwords
SQLMap Dump MySQL DB and crack hashes
SQLMap hash cracking options
MySQL Local Privilege Escalation
Thanks for the VM :)