Web page penetration
Task environment description:
Server scenario: Server2120
Server scenario operating system: unknown (closed target machine)
User name: unknown Password: unknown
- Visit the homepage of the server website, guess the length of the library name used in this web page in the background database, and submit the length as a flag;
through scanning, it is found that the target machine opens port 80, and directly accesses the 80
Try entering a 1, submit
The URL changes, we try sqlmap directly
FLAG: 8
This is a sqlmap command, which is used to detect whether the specified URL address is attacked by SQL injection. The meaning of this command is as follows:
• sqlmap: invoke the sqlmap tool.
• -u “http://192.168.94.145/index.php?id=1”: specify the URL address to be tested.
• --batch: Run in batch mode without human interaction.
• --dbs: When the site is detected