The initial approach to this machine is to use SQL injection due to the lack of data sanitation when entering data.
We are given a user ‘smokey” with an injected quote mark that will help us log in as the admin.
We try to connect to the machine with the payload nc 10.10.226.47 1337'' and we successfully login with admin credentials.
After logging in we get a Command Execution vulnerability, where we can execute python commands without quotes, so we can use python boolean escape characters.
Since we cannot inject UNION due to the backend sqlite3 using the PRAGMA parse_union_ffenums=OFF; flag, we use a boolean OR injection to obtain the flag.