Return to forum
[Hack The Boo] Day 3 Challenges
by - Thursday, January 1, 1970 at 12:00 AM
Member
Member
Posts: 3
Threads: 0
Joined: N/A
Reputation: 0

#61
October 24, 2022 at 6:43 PM
Thanks
Reply
Member
Member
Posts: 4
Threads: 0
Joined: N/A
Reputation: 0

#62
October 24, 2022 at 6:45 PM
test7"="test7" AND (select sleep(10)) AND " 
trying stacked payload
Reply
Member
Member
Posts: 12
Threads: 0
Joined: N/A
Reputation: 0

#63
October 24, 2022 at 6:51 PM
Thanks
Reply
Member
Member
Posts: 43
Threads: 0
Joined: N/A
Reputation: 2

#64
October 24, 2022 at 7:05 PM
(October 24, 2022, 02:37 PM)Hacker2222 Wrote:
(October 24, 2022, 02:32 PM)HTBContestant Wrote: For web: The admin account already exists, but when I try to log in, I get a server error.
Also, in the frontend/dashboard multiple other things are shown if you are logged in as admin, for example {{flag}}. And yea, the MySQL credentials are in the code, too, so if you could connect to it, that might help to get the admin hash. The flag is stored in a config, which is read in routes.py when accessing /dashboard. So in short, we just need to login as admin by getting their password or token.


exploit is prob injecting another sql query to modify admin pass. 

something like 
new_user", "new_hash"); UPDATE users SET password="hash" where username="admin"-- -

or something


"error":{"message":["2014","Commands out of sync; you can't run this command now"],"type":"ProgrammingError"}
Reply
Member
Member
Posts: 6
Threads: 0
Joined: N/A
Reputation: 0

#65
October 24, 2022 at 7:05 PM
(October 24, 2022, 01:50 PM)Hacker2222 Wrote: plz discuss here


reversing challenge:
thanks @HTBContestant


thx ypuuu <3
Reply
Member
Member
Posts: 1
Threads: 0
Joined: N/A
Reputation: 0

#66
October 24, 2022 at 7:11 PM
(October 24, 2022, 01:50 PM)Hacker2222 Wrote: plz discuss here


reversing challenge:
thanks @HTBContestant


thx
Reply
Member
Member
Posts: 20
Threads: 0
Joined: N/A
Reputation: 0

#67
October 24, 2022 at 7:11 PM
anyone got web?
Reply
Member
Member
Posts: 13
Threads: 0
Joined: N/A
Reputation: 0

#68
October 24, 2022 at 7:13 PM
No, got the sqli but still a big question mark ?
Reply
Member
Member
Posts: 24
Threads: 0
Joined: N/A
Reputation: 0

#69
October 24, 2022 at 7:15 PM
(October 24, 2022, 07:13 PM)lifetimelearner Wrote: No, got the sqli but still a big question mark ?


I think we need to take the username and password and forge a JWT token. But with out the key my guess it is pretty useless. The key is 50 characters long in hex, it would take forever to brute force it. I could be completely wrong though.
Reply
Member
Member
Posts: 13
Threads: 0
Joined: N/A
Reputation: 0

#70
October 24, 2022 at 7:20 PM
(October 24, 2022, 07:15 PM)deathfrom Wrote:
(October 24, 2022, 07:13 PM)lifetimelearner Wrote: No, got the sqli but still a big question mark ?


I think we need to take the username and password and forge a JWT token. But with out the key my guess it is pretty useless. The key is 50 characters long in hex, it would take forever to brute force it. I could be completely wrong though.


Yeah, i dont think going with jwt is wise tho, we dont even know the password.
Reply


 Users viewing this thread: [Hack The Boo] Day 3 Challenges: No users currently viewing.