Lessons Learned

This is a relatively easy machine that tries to teach you a lesson, but perhaps you’ve already learned the lesson? Let’s find out.

Get past the login screen and you will find the flag. There are no rabbit holes, no hidden files, just a login page and a flag. Good luck!

Based on the info in the description, not much enumeration is needed. Scanned with nmap anyway to make sure they arent throwing me off

Looks like just http and ssh

Our webpage is just showing a login page. First instinct is to brute force this page. Without the username though it may take some time

Decided to go with some SQL injections. While attempting, I ran across this error when using “admin’ OR 1=1”

Testing different SQL injections from this site, and we have a winner.


1′ UNION SELECT null– –

We get our flag THM{aab02c6b76bb752456a54c80c2d6fb1e}