02-03-2024, 01:03 PM
Hey, BF new challenge is here
This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Compromised - Malware Logs
Ban Reason: Compromised - Malware Logs
|
HTB - 0xBOverchunked [WEB]
by LOOOP - Saturday February 3, 2024 at 01:03 PM
|
|
02-03-2024, 02:11 PM
02-04-2024, 09:40 AM
Working on it, I figured out you can bypass the waf.php filter to circumvent "OR" by doing "o+r" .
the flag is obivously at id=6 from reading the code which is blocked it doesn't see 5 + 1 as 6 though, just an invalid ID
It can be done with a very well formulated sqlmap query as well. Just don't forget about the flags, level, risk, random agent, etc.
And think about which endpoint, what you want to search for, and dump that shit. It's going to find some injection parameter that can be abused of course...
02-05-2024, 06:01 PM
I read all the code but i couldn't bypass waf ! tried also with sqlmap -r req{http post request `Controllers/Handlers/SearchHandler.php`} with --level 5 --risk 3 --dump
02-07-2024, 09:41 AM
sqlmap is unintended afaik
![[Image: 65c24c1df7c1bf19720b2cf6.gif]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fshare.creavite.co%2F65c24c1df7c1bf19720b2cf6.gif) HackTheBox - 99% Done - Get any flags or pwn you need
https://xan6.mysellix.io/
02-07-2024, 04:10 PM
6' AND CASE WHEN gamedesc LIKE 'HTB{%}' THEN 1 ELSE load_extension(1) END -- -
I dumped the flag with this sqli but its not case sensitive, REGEXP and COLLATE doens't seems to work...
02-08-2024, 06:54 PM
(02-07-2024, 04:10 PM)dhzzz Wrote: 6' AND CASE WHEN gamedesc LIKE 'HTB{%}' THEN 1 ELSE load_extension(1) END -- - how could you dump anything with the request that contains quote? you should get response "SQL Injection attempt identified and prevented by WAF!" because your request contains '
02-09-2024, 05:17 PM
(02-08-2024, 06:54 PM)Steward Wrote:(02-07-2024, 04:10 PM)dhzzz Wrote: 6' AND CASE WHEN gamedesc LIKE 'HTB{%}' THEN 1 ELSE load_extension(1) END -- - Transfer-Encoding: chunked
02-09-2024, 08:48 PM
(02-09-2024, 05:17 PM)dhzzz Wrote:(02-08-2024, 06:54 PM)Steward Wrote:(02-07-2024, 04:10 PM)dhzzz Wrote: 6' AND CASE WHEN gamedesc LIKE 'HTB{%}' THEN 1 ELSE load_extension(1) END -- - It's giving me internal server error. Any idea? |
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
| [MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot | 91 | 7,557 |
Today, 07:45 AM Last Post: |
||
| [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired | 364 | 88,802 |
Yesterday, 07:41 PM Last Post: |
||
| [FREE] HTB-ProLabs APTLABS Just Flags | 23 | 2,357 |
03-28-2026, 03:30 AM Last Post: |
||
| HTB Eloquia User and Root Flags - Insane Box | 13 | 356 |
03-27-2026, 06:14 PM Last Post: |
||
| HTB - ALL Challenges you Stuck in | 2 | 652 |
03-27-2026, 04:24 PM Last Post: |
||