(I found it few weeks ago on vulnhub.com and now it was a time to do it.) It was again great
pleasure and a lot of fun. Thanks!
So, after quick nmap...
... we can see that there is a nice WWW:
Full request (req.txt) looks like this:
Running sqlmap with --passwords param gives us:
So level2 I will leave for you as an exercise. ;)