A tip for life: Make a flask app that routes sqlmap’s payload so you can craft the request with the payload however you want, neat.
I enjoyed this and learnt something new
Type your comment> @clubby789 said:
Got something working locally, but breaking on docker…
On same state. but don’t know how to proceed from here.
@f3v3r said:
Type your comment> @clubby789 said:
Got something working locally, but breaking on docker…
On same state. but don’t know how to proceed from here.
Try doing things a bit more manually
Can anyone give me a hint on where to find something private or public?
got a whole bunch of weird behavious and an error message, but no matter what i do, i can’t make sense of what happens behind the scenes. would appreciate a nudge
i tried SQLi but no luck, now using hydra to brute force the user and password… am i on the right track?
Analyze the source to find your way in. Replicate the environment. Some coding may be required.
ah ■■■■, i kept wondering how to get the source and didn’t realise there was a ■■■■■■■ download button under the start instance button m)
EDIT: aaand got it. i tried the right thing from the very beginning before i even had the source, but looks like i did something wrong the first time around :^)
Aaaaand finally, I did it. These are my hints:
- Focus on the things that can be used to extract information. XSS it’s useless.
- Try to run locally the webserver.
- You don’t have the database, but you can imagine how it’s constructed.
- When you know what you have to exploit, search for some tools on the Internet that can be easily modified to do what you need to do.
Great challenge, I enjoyed.
@deetee1 said:
i tried SQLi but no luck, now using hydra to brute force the user and password… am i on the right track?
Don’t waste your time doing those, it’s useless.
would anyone be able to help with this one? i think i’ve worked out a tactic but whenever i sign something with a different algorithm and use the new value, i get an Internal server error.
edit: nm, i did as recommended and ran the app locally. tweaked my tactic and it works now.
worked out my problem. Missed something I should have picked up
So i read the source and know there exists a S*** attack. I’ve started a local instance but am not sure how to properly escape certain chars in sqlite queries.
Any help is appreciated!
I have identified the vector but I think I need a private thing and cannot find it
I got the exploit and (I believe) finished the challenge but I have no idea on how to get the flag
No tools used right now, I’m doing all manually + nodejs coding.
solved! thx to @daverules for the help , I’ve learnt something new about queries
<img src=“https://www.hackthebox.eu/badge/image/137749”; alt=“Hack The Box”>
@daverules said:
would anyone be able to help with this one? i think i’ve worked out a tactic but whenever i sign something with a different algorithm and use the new value, i get an Internal server error.
edit: nm, i did as recommended and ran the app locally. tweaked my tactic and it works now.
Some hint? Same situation. Thx
if you get an internal error then it means the format of something is not quite right. in my case, it was that i was missing a line break at the end of something else . hope that helps
@daverules Yes, fixed the problem. Thx
Edit: Solved, thx again @daverules
It’s really fun.
Thanks @makelarisjr for the challege.