[WEB] ezpz

13

Comments

  • A small hint for the last step. You don't really need the column.

  • Someone can give a hint about WAF bypass?
    I can't using union and select, tried to use comments(se/**/lect), Unicode, but everything blocks

  • Type your comment> @VolandRon said:

    Someone can give a hint about WAF bypass?
    I can't using union and select, tried to use comments(se/**/lect), Unicode, but everything blocks

    Read this and take a pen-tester's approach:

    https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/SQL Injection

    For those who are still struggling with this, YES: the challenge is actually easy peasy. But, of course, the injection point needs some thought (the usual "I ran S**m*p against the server and I'm done with it' approach won't work here).

    Sociaslkas

  • what a ride...whoever calls this challange ezpz is drunk or drogged :D :D

    i know that others have pointed to some urls for help but its much more than just that.
    hint:
    as some mentioned before: search for php obj injection and take some parameters from there and start your enumeration
    when you find the right parameter, put your s**i after the ID.
    Now the tricky part begins, follow the suggested github pages but you will need to send the right query to JOIN the game. the waf is picky.
    hope its not to a spooiler.

    i did it manually and it took me 2 days. PM me if you need help.

  • Found the flag via two ways. The more complicated one needs neither u***n nor j***, and in c*se you want to know its just lik* a smart hammer. However two INNOvative things are still needed to find the target.

    Did someone figure out how many cols the target has? My code fails enumeration after ~130. It only needs j*** (and currently u***n) and no information_ but some stats from m***l to get a name. It works at home and for all standard non-filtered stuff on the server. Seems to the waf wants us to be brief. Would appreciate a nudge on how to make my query work or find an alternative way to get colnum of a given thing.

  • Got flag, thanks to @Z1LV3R for a nudge in a right direction!

  • found a python script that you can use to test the commands that the waf will either block or let in..PM for it

  • Thanks, I enjoyed it. I do recommend you write your own python program on this challenge.

  • I managed to get the user, the database, and the table where the website tips come from but I have no idea what to do next. are there other tables im missing?

  • great challenge!

  • I used a bash script, but forgot about removing newlines when preparing the payload. This resulted in me thinking the WAF was blocking requests over a certain length (and me wasting hours) 🤦‍♂️

    Apart from my stupidity, it was a nice challenge.

    Click here for HTB Profile: You are welcome to contact me for a nudge, but if I help you, please consider giving respect.

  • What a rollercoaster so far, this challenge is really addictive. I think I'm almost there give the information I've been able to leak so far, but unable to get the flag.

    Maybe someone can give me a nudge? I've leaked the schema and found two tables in the current database for data which one of them might not be guessable.
    I'm able to get column information but the case is I'm not able to leak the contents or the like with sqli for the flag and complete this ezpz challenge :(

  • anyone PM, i'm stucking

  • edited January 29
    Could it be this challenge is broken? I verified my solution with another user but I'm not able to get the flag. The user is also not able to get the flag with his solution anymore.

    Can maybe some other users who solved this challenge verify their solution is still working?
  • Type your comment> @0xRCE said:

    Could it be this challenge is broken? I verified my solution with another user but I'm not able to get the flag. The user is also not able to get the flag with his solution anymore.

    Can maybe some other users who solved this challenge verify their solution is still working?

    Just did it again and can confirm its working as (I think) intended

    Hack The Box

  • For all the people who sent a PM, many thanks. It's really appreciated.

    I got the flag, it was my own mistake in the end, blind from experience and the assumption casing doesn't make a difference.
    Long story short, always doubt your own assumptions, and validate them even if you are convinced it doesn't make a difference.

  • Hey could someone give me a nudge with bypassing WAF

  • Hi!
    I think there is a problem with the creation of the instances for this challenge. I was working on it yesterday and it was working fine. But now I can't connect to the webserver port when I create a new instance.

    Can someone one validate that it's not just me?

    Thank you!

  • Type your comment> @0ca said:

    Hi!
    I think there is a problem with the creation of the instances for this challenge. I was working on it yesterday and it was working fine. But now I can't connect to the webserver port when I create a new instance.

    Can someone one validate that it's not just me?

    Thank you!

    Same issue with me here

  • Get it, I think this challenge is not worth the time passed on it.
    But anyway, even if i feel that i've wasted my time i've learned a bit of stuff.

    This challenge in an union of error and trial.

    Jugulairel

  • Hi!
    I think there is a problem with the creation of the instances for this challenge. I was working on it yesterday and it was working fine. But now I can't connect to the webserver port when I create a new instance.

    Can someone one validate that it's not just me?

    Thank you!

    Same issue with me here

    Same issue...can't connect to challenge after spawning instance. For what it's worth, filed a support ticket:
    https://hackthebox.atlassian.net/servicedesk/customer/portal/1/HBS-4322

  • Also having the same issue with the instance not being accessible after starting

  • Why ezpz not connecting? Is it not working now? I can access other web challenge except the ezpz.

  • FYI...support starting to look at this challenge...hopefully they can fix soon...

  • edited March 7

    Hey everyone,
    I'm a noob, but how should I have a stable connection with it?? I can't connect to it.
    Notice: I've tried S"L"i

  • Type your comment> @arg1 said:

    FYI...support starting to look at this challenge...hopefully they can fix soon...

    I hope so because I still can't open it from my end too till now.

    Drxxx

  • Support has tried a few changes, but so far it's still not properly working....support ticket still open

  • Yay! Support fixed. Hope it stays up. Happy hacking all!

  • Type your comment> @Crafty said:

    You can PM me guys but please tell me what you have tried so far.

    I got through the first notice but i am unable to clear the second notice and I don't know what to do with the hint provided. Help plz

  • okay this was crazy, its actually pretty easy, the only thing that confused me were all those errors and the waf, but when u pass through this it's really straightforward, thanks for the box

Sign In to comment.