I witnessed someone trying to inject on a login form and what was expected and the actual result were night and day.  The idea that if we find an injection point by entering a single tick does not necessarily mean we are going to be able to successfully enter ' or '1'='1 and achieve a positive outcome.  In the example below, there at least two components to this injection, we have a PHP front-end with a MySQL back-end.  The latter may cooperate, and it does, but it's the former that is determining what we can do and where we can do it.

Below, we have a simple login form.  We enter a single tick:

You can't judge a book by its cover.  When I saw that the description was empty, I thought this box was going to be hard.  Again, as always, your definition of hard and mine may differ but this box has few moving parts and in my opinion, it's not hard.  In fact, this box is perfect for a friend who I'm guiding into penetration testing.  He just learned a new skill the other day and there's a component to this box that's right up his alley.  

Moving on, we kick off with Nmap:

Continuing on with the SP series, I'm working my way backwards through the list of boxes I've yet to root and we find Harrison which is described as:  "Can you break free from Harrison's prison?"

From the description, I'm thinking some sort of shell jail but I'm not really sure what's in store for me.  I'll just do my thing, we'll see what obstacles appear and work around them.