In a previous post, I wrote about Exploiting Jenkins.  So what is Jenkins?  "The leading open source automation server, Jenkins provides hundreds of plugins to support building, deploying and automating any project."  My interest in Jenkins is purely from the exploitation side and my avenue for entry has either been through Metasploit or the Groovy Scripting Console.  Like most things hacking, if you really want to learn how to exploit something, you install it, configure it, and deploy it -- you will get a much better understanding of the nuts and bolts.  I rarely see Jenkins, I've yet to go down that rabbit hole and it should come as no surprise then that I discovered another way to get a shell.

According to PortSwigger:  "SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution."  And according to the SQLMap description:  "sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers."

This isn't a 101 of SQL Injection, if you're familiar with SQLMap, you've moved past 101.  This is the method I use when I leverage SQLMap.  I've seen other syntax for performing these tasks but I prefer to capture the POST request in Burp, dump the contents into a file, and then point SQLMap to my text file POST request.

This box is described as "Intermediate" and the description states:  "Get the root shell i.e.(root@localhost:~#) and then obtain flag under /root)."

I'll admit, I'm getting a little worn out on the multiple web serving troll ports.  It's basically the same box recycled with a different twist.  That being said, the privilege escalation was excellent.  There are multiple entrances for a low privilege shell and I cover two.