[WEB] ezpz

We welcome some ideas for this challenge

nemen91

«13

Comments

  • Im able to clear the first error. Getting stuck on clearing the second error. Guess im just gonna have to... T R Y H A R D E R *rolleyes

  • same here ... bit hard without the code ...

  • Both errors have been overcome. now touch **F with ***i

    nemen91

  • WAF seems to be blocking usual methods here, although I can extract some data.

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
  • This is a 20 point challenge? Am I going insane?


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • I was wondering the same. Who rated this as easy? Rasmus Lerdorf?

  • @farbs
    No you are not. I am insane from this too.

    snuggles

  • Any hint on how to deal with the WAF? Is blocking everything i try...

  • @Relwarc17
    Find an alternative for Information schema, and there's another thing. I hope this isn't a spoiler, please remove if it is. I still haven't solved.

    snuggles

  • edited December 2019

    GG ahmed
    That was a good challenge, I think it was just rated poorly.

    snuggles

  • edited December 2019

    I already beat it together with @snuggles and @senza. Its not easy and theres some guessing but its a very eyeopening challenge.
    As always PM me on forum for some help :)

    If you need help with something, PM me how far you've got already and what you've tried. I won't respond to profile comments. And remember to +respect me if I helped you <3

  • Great challenge @ahmed , you don't need to guess nothing, just keep things simple.
    Try to understand what the waf is blocking and than enumerate the way snuggleshas pointed out.

  • Great challenge but definitely not easy.

  • Hi, I'm stuck on bypassing the second notice. I've tried anything I know about PHP (will not write it here to avoid spoiling). I could use some help in the right direction. Thanks!

  • Type your comment> @davidlightman said:

    Hi, I'm stuck on bypassing the second notice. I've tried anything I know about PHP (will not write it here to avoid spoiling). I could use some help in the right direction. Thanks!

    I wrote you a PM

    nemen91

  • I am stuck also. PM thanks.

  • People who are stucked on the 2nd error, think something around php datatypes.

  • Pretty stucked with second Notice, can anyone help please?

  • Type your comment> @azuax said:

    Pretty stucked with second Notice, can anyone help please?

    Same here

  • @azuax said:
    Pretty stucked with second Notice, can anyone help please?

    Same here. If you inspect the website closely, you get some good info, but not sure what to do with it

  • WAF is killing me. I got the table and DB but I can't even see what's in there. :(

  • @snuggles there are other ways of doing without it without alternatives ;)

    ahmed

                      Twitter : @ahm3dsec
    
  • WOW! That was really nice fun to solve!

    Thanks @ahmed for making it!!

  • edited December 2019

    Any hints for the very 1st step ?
    The HTML comment doesn't realy help, or I may be blind...

    EDIT : I was dumb... Thanks to @brueh for the pm.
    The HTML comment hint only applies to the 2nd notice. Try multiple data types you know.

  • edited December 2019

    pretty sure i know what i'm supposed to be doing, but i'm struggling to get past the second error. if this is built the way i think it is, it should be pretty simple and deserve the rating it got, but something is in the way :/
    would appreciate a nudge via pm

    EDIT: nevermind, i expected this to be the way more complicated option because i've been fiddling with it earlier yesterday m)

  • Spoiler Removed

  • Hi!
    Any hints on bypassing WAF and extract some data ?

  • Challenge done. Great challenge but it should be worth 50 points imo. Learned some new WAF bypass tricks for this kind of attack.
    @snuggles already pointed a useful hint here for the last part.

  • Stuck on 2nd notice. Found a hint, but not sure what to do with it. Could anyone give a tip what direction to go next? Thank you.

  • edited December 2019

    EDIT: I did it :)

    I was trying to bypass the wrong thing :D

    Can anyone give me hint if I'm on right path if I PM them?

    I think I might have cocked up a "correct" bypass technique, and now I'm just trying weirder and weirder alternatives that won't work.

Sign In to comment.