After the machine is up go to machine ip:
QUESTIONS
- Manually navigate the defaced website to find the vulnerable search form. What is the first webpage you come across that contains the gift-finding feature?
Answer
/giftsearch.php
- Analyze the SQL error message that is returned. What ODBC Driver is being used in the back end of the website?
Answer
ODBC Driver 17 for SQL Server]
- Inject the 1=1 condition into the Gift Search form. What is the last result returned in the database?
Answer
THM{a4ffc901c27fb89efe3c31642ece4447}
- What flag is in the note file Gr33dstr left behind on the system?
Answer
THM{b06674fedd8dfc28ca75176d3d51409e}
- What is the flag you receive on the homepage after restoring the website?
Answer
THM{4cbc043631e322450bc55b42c}
