I know this is a fairly new module but hopefully someone is able to help I’m currently stuck on the first assessment question Identify and exploit the unauthenticated SQL injection.
I’ve downloaded and decompiled Pass2-1.0.3-SNAPSHOT.jar and i believe that the injection point is in an API endpoint used during the auth process. Going through the code i can see that there is a replace function that removes spaces and a number of other keywords/ special characters. I’ve managed to put together a payload which i thought would bypass this and should allow unauth login but its currently not working. I’ve done some tests in a java sandbox and its showing the bypass working //**//Or//**//1=1----//**//
Has anyone attempted this yet? would really appreciated some pointers!
did you succed ?
I’m stuck. I can enumerate required info on the 2 existing users but when I do apply the java function to obtain the missing piece of data in order to be able to login it tells me tthat the value is not valid.
Hey, yes i succeeded in logging in using the java function you mentioned.
I wasn’t able to complete the final question however as it looks as though the current db user has no privileges to be able to read/write or execute commands to use any of the techniques discussed in the course material. A full dump of the database also didn’t yield anything useful. The injection point for this part is an easy spot.
This is probably because you’re using the hashed password rather than the plain text one to calculate the missing piece of data…I’m stuck on the same thing…
Just for the record I finally managed to do this with a lot of help from others…the user that the app connects to the DB with has the necessary DB privileges to do what’s required and get RCE. Where i was going wrong was that my Python scripting for interacting with web apps isn’t as good as it should be, and I missed a key sentence in the learning materials.
Hey, congrats on solving the final RCE stage. After many days battling this I would be really interested to see where I went wrong. Could i have some pointers please?
Hello everyone,
I’ve been stuck on this module for quite some time. In the second part of Skill Assessment. (RCE).
I’ve done a lot of debugging but I still have a problem.
A little help wouldn’t go amiss.
Hey, need help. Stuck on second part of final assessment. Found where to exploit SQLI, but problem on stage with CREATE FUNCTION to run reverse shell. Like there is an error, but which - no idea. Could anyone help with this? could someone provide an advice how to process with this?
I’m currently stuck on the first assessment question Identify and exploit the unauthenticated SQL injection.
I would be interested to know if anyone has got this?