HtB - CA2023 - Drobots

HackTheBox Cyber Apocalypse 2023

Pandora’s latest mission as part of her reconnaissance training is to infiltrate the Drobots firm that was suspected of engaging in illegal activities. Can you help pandora with this task?

source_code

Solution

Browsing through the source code we can see a comment referring to the lack of sanitization for logging in, suggesting SQLi is our vector of attack;

So we’ll try a basic SQLi login bypass;

And just like that we retrieved the flag;

Flag HTB{p4r4m3t3r1z4t10n_1s_1mp0rt4nt!!!}