Text: Use the Loading Bay Control System to get the admin key! Problem
Solution: When we open the page we get a page with a username field. Considering the name of the challenge we probably have to do a SQL injection.
We first try the most basic injection:
‘ or 1=1 #
This code will change the “correct” username to a logic operation that checks if either username OR 1=1 is true. Since 1=1 is always true the logic will become username OR true, which is always true as well.
The # in SQL is a comment symbol, everything behind it will become a comment and won’t run as SQL code.
When we inject the code above we get a list of usernames and password hashes. At the bottom of this list we’ll find our flag.
For other challenge write-ups from this CTF see the overview.