First you need to Connect to Starting Point VPN before starting the machine & after connect, click to **Spawn** the machine. - [x] Task 1 What does the acronym SQL stand for ? ***Answer** : Easy, you can use your google and ask to wiki.* - [x] Task 2 What is one of the most common type of SQL vulnerabilities ? ***Answer** : Try to open **walkthrough**, and read first section **Introduction**.* - [x] Task 3 What does PII stand for? ***Answer** : Easy question, don't be a lazzy if you want to be a Hacker / Pentester. Open **walkthrough**, and read until you find **PII**.* - [x] Task 4 What is the 2021 OWASP Top 10 classification for this vulnerability? ***Answer** : Open https://owasp.org/www-project-top-ten/. and look at this point **A03:2021–Injection**, that's the answer.* - [x] Task 5 What does Nmap report as the service and version that are running on port 80 of the target ? ***Answer** :* Using nmap to scan running port & version target.* - [x] Task 6 What is the standard port used for the HTTPS protocol ? ***Answer** : 443* - [x] Task 7 What is a folder called in web-application terminology ? ***Answer** : Directory* - [x] Task 8 What is the HTTP response code is given for 'Not Found' errors ? ***Answer** : 404* - [x] Task 9 Gobuster is one tool used to brute force directories on a webserver. What switch do we use with Gobuster to specify we're looking to discover directories, and not subdomains ? ***Answer** : dir* - [x] Task 10 What single character can be used to comment out the rest of a line in MySQL ? ***Answer** : #* - [x] Task 11 If user input is not handled carefully, it could be interpreted as a comment. Use a comment to login as admin without knowing the password. What is the first word on the webpage returned ? **Answer** : Open the website using your IP Machine, and input username as **`admin'#`** and input random password. Voila!! you can see the answer (**Congratulation**) + you get FLAG.  - [x] Submit Flag **Answer :** Follow step Task 11