[WEB] ezpz

pretty sure i know what i’m supposed to be doing, but i’m struggling to get past the second error. if this is built the way i think it is, it should be pretty simple and deserve the rating it got, but something is in the way :confused:
would appreciate a nudge via pm

EDIT: nevermind, i expected this to be the way more complicated option because i’ve been fiddling with it earlier yesterday m)

Spoiler Removed

Hi!
Any hints on bypassing WAF and extract some data ?

Challenge done. Great challenge but it should be worth 50 points imo. Learned some new WAF bypass tricks for this kind of attack.
@snuggles already pointed a useful hint here for the last part.

Stuck on 2nd notice. Found a hint, but not sure what to do with it. Could anyone give a tip what direction to go next? Thank you.

EDIT: I did it :slight_smile:

I was trying to bypass the wrong thing :smiley:

Can anyone give me hint if I’m on right path if I PM them?

I think I might have cocked up a “correct” bypass technique, and now I’m just trying weirder and weirder alternatives that won’t work.

You can PM me guys but please tell me what you have tried so far.

Great challenge @ahmed. That was very tough. Thanks for making it. Learned a lot

Thanks @ahmed for this great chanllenge.
I enjoyed it and learned a lot

Wow, what a challenge, thanks @ahmed, this has been the most difficult web challenge I have done so far on htb, not ezpz at all!!
But learned a lot more thanks.

One thing I want to say, this challenge is not a 20 points challenge, at least not from my noob point of view :expressionless:

Thanks @ahmed, this was a very cool challenge!

Fun challenge, learned a lot about WAF bypassing. But 20 points? I don’t know dude.

Type your comment> @davidlightman said:

Hi, I’m stuck on bypassing the second notice. I’ve tried anything I know about PHP (will not write it here to avoid spoiling). I could use some help in the right direction. Thanks!

same here:"( help me plz!

pm me plz :"(
I’m stuck in second notice…

Would someone mind pm’ing with a bit of assistance on the second notice? been stuck for quite a while now.

I’m stuck in second notice… help pls :frowning:

would be nice if someone would be kind enough to guide me through this challenge.
I also stuck on the 2nd and really wanted to solve this and learn the things that this challenge need.
please PM me!

i’m stuck in sqli i got all databases but can’t extract tables names, it looks like WAF blocks built-in functions like: H**, CR, U*H AND → ifrtn_shm
Do i need to look for more built-in functions in sql that are not blocked by the firewall ??
pm me :slight_smile:

Spoiler Removed

I’m stuck on the challenge, figured out how to send in a simple sqli but can’t get any more. Any help is appreciated :slight_smile: