Am I correct that you need to do Overflown before you can do Secret Message?
Iām able to find the points of entry for 6, 8 (kinda), 9, 10, 11 but canāt find where to start 7.
Iām pretty sure I know what type of attack I need to do to beat Overflown, but I have no experience with this yet.
If anyone could point me to some good 101?
Since it appears some other levels require a similar attack method, Iām kinda stuck.
Ok, so Iām up to Auth Bypass. SQLI is one of my biggest weaknesses so I excitedly thought this would be an excellent opportunity to learn. I have made some slow progress but am now at a bit of a dead end and need to ask for a (hopefully) small prod.
My status is that i have a vulnerable form (lp). Using a 'U S*Tā query with 3 fields, I have r/w on one field. I can also use that field to call functions (db name, make pw hashes, etcā¦). The problem I am struggling to overcome, is that the ācheatsheetā approach of using password() (or md5(), sha1()ā¦) to āforceā a known password hasnāt worked (in a large number of permutations). I also have not managed to nest queries or even figure out a way to enumerate the db schema via the single field I can control and view. Can somebody provide a source of knowledge (or just an angle of thought) where I can learn what is it I am missing?
Many thx in advance.
edit: NM, an ippsec video put me onto the right toolā¦
ola, just started on this today.
I canāt believe that I canāt even get connected
I have found 2 ports where I can ****et to and it lets me some info out but thats about it. unsure on what to do there. little push will be appreciated.
Check the levels and start with the first one.
Youāll need to do at least 1-5 in order before you can do 6+.
As with most CTFs, the name of the challenge might give you a hint at where to look.
thanks @FlatMarsSociet I have made some progress and on to Going Deeper
So Iām working on #8, skipping #6 and #7 for the moment.
For this, I found that the publicly accessible port gives me some information, but I canāt seem to find a method to extract the exact info I need.
I thought it might be useful to connect to a different port (*200), but this one is only accessible to localhost. So I need to do some forwarding.
Could someone help me with the command Iām running via what I found in #5?
Iām trying to get it to work using s***t
Pesky 504ās are killing me
EDIT: looks like I might have to do Overflow first?
EDIT: finished Overflow, but still having issues
So like many people that have posted here I have used dig in every configuration that I can think of and have still had no luck. If someone could provide a helping hand it would be most appreciated. Please PM me.
ok I think I am nearly there with overflow however I am unable to get my code working.
I am still for the life of me canāt get a reverse shell on to jet, tried netcat, socat and whichever.
for overflow, I am running using burp with socat however, failing.
so it took me over 2 days to get my head around buffer overflows and with help from @FlatMarsSociet and @EvilT0r13
I have had good success with other parts however, I am now stuck with following three
Elasticity
Member Manager
Memo - i have a rough idea of what that is
So like many people that have posted here I have used dig in every configuration that I can think of and have still had no luck. If someone could provide a helping hand it would be most appreciated. Please PM me.
unable to get a reverse shell from web ā¦ any nudges pls ?
Nobody says youāre supposed to get a revshell
Huh?
roo@kali:~/hack_the_box/machines$ nc -nvlp 8081
listening on [any] 8081 ā¦
connect to [10.13.14.11] from (UNKNOWN) [10.13.37.10] 36820
bash: cannot set terminal process group (1304): Inappropriate ioctl for device
bash: no job control in this shell
www-data@jet:~/REDACTED$
unable to get a reverse shell from web ā¦ any nudges pls ?
Nobody says youāre supposed to get a revshell
Huh?
roo@kali:~/hack_the_box/machines$ nc -nvlp 8081
listening on [any] 8081 ā¦
connect to [10.13.14.11] from (UNKNOWN) [10.13.37.10] 36820
bash: cannot set terminal process group (1304): Inappropriate ioctl for device
bash: no job control in this shell
www-data@jet:~/REDACTED$
Itās not because you can, that you really need to.
Sometimes people get stuck looking for a way to get a revshell, while everything they need is right in from of them