IFrame Parent XSS - HackTheBox Cyber Apocalypse CTF

Man, i have to say: i love how your vids on these challenges are uncut and honest! It makes me feel less of a fool myself, when i'm stuck on something trivial. At least next time i can say:"It's okay you little doofus, John Hammond forgot to use backticks when setting a JS-variable. Apparently even the best guys out there make mistakes." Thanks for the wonderful content John!

Love the videos where you're doing it for the first time. It's all about learning how other people learn!

.. that satisfaction .. It's priceless

I actually appreciate when John does it the first time and struggles. Bc I know he does “easy rooms” but sometimes when I struggle I feel bad. So seeing John struggle too validated my struggling 😅 thanks again! Learned a lot from your struggle 😂😂

John thanks for this opportunity for us to learn from this

Our failures teach us much more than our successes. Thanks for being so organic in your content. I think it's great to see that people don't always figure things out on the first try.

I'm that Node Guy that laugh at all `back-tick moments`

I understood very little of that but still immensely enjoy your videos.

Nice video , I liked your uncut way of recording this. It makes a lot of sense to me when watching you put all things together.
Thanks for sharing such knowledge. Have a nice day sir.

i just found this channel randomly, and i love the videos 😅

I love watching you do these for the first time. I know the satisfaction you get when solving problems. Keep it up man!

Weird as hell payload.
Love it.

didn't solve this one, looking forward to a detailed walkthrough 😸

I think jsonp is a common technique where cross-domain configurations are not setup, which means you can only basically do GET requests. So you basically send a GET request with a callback name of your choice, and take the response text of the response and eval it which essentially gets you to result passed into your function callback by name.

This is why it's called Hacking!! Great job John!

You call it painful, imo observing the thought process and troubleshooting was great! Congrats on the success

As someone trying to secure my code, I really enjoy watching your web security vids..

Great video man.
Big fan!
Thanks for sharing the knowledge with the community. I appreciate it. 🙏🏻

I WAS SCREAMING TACS JOHN!!!

I don’t understand much on here but it’s still fun to watch and learn

Such a good video. It’s awesome learning with you. Lol.

jsonp was a hacky way of sending data directly via javascript back when all cross site resources were not allowed by browsers. you're supposed to run it as the src of a script tag (script tags ignore CORS policies). That's why it's asking for the name of the callback, you would write a function that expect the data passed as argument.

Love this new style with struggling. ❤️

Bro! You are a genius fam!

DAMNN That was a great video thanks.

You’ve spared no expense

This one was really cool and interesting to me. Loved it!

If the content type is "application/javascript" you cannot use html tags inside it. Browser will ignore it and throw a exception. I think I wasted about 5 hours without knowing this on a bug bounty program. If I made a mistake please correct me. (I am 16 years old noob 😅)

Anxious thinking in backticks, hahaha. Congratulations man!

Why would someone use puppeteer to access some hidden localhost page on the backend after a user post something? Automate administrative work? Feels very risky to do it in that way IMO
Or maybe... It's just an insecure code for people to learn from...

This is gold!!!!

IM SCREAMING FOR THE BACKTICKS CMON

I love this htb apocalypse series.. I can learn not just a black box but also white box testing. Do you have any video or tutorial recomendation for beginner on white box testing?

He is the real Elliot Alderson of Mr. Robot.

thanks

Great content John

Hey john how can we rewatch the hacking game you commented on with ippsec ?

Bro u just so smart i was thinking with you but u always think outside the box and i keep getting stuck hahahaha

never thought a man could suffer so much outside of Purgatory - till now.

Always better problem solving live

A great example to illustrate that CSP is not a cure-all.

Thank you

the backticks of doom

17:22 Eureka!

Hi Hammond, I usually watch your every video and your contents are very rich.
I have a query, suppose my SIEM detect potential cobalt strike on a internal communication (local to local) and as per checking it was detected by JA3 fingerprint. So, how can I locate on the machines, is there any true beacon or just false positive.

Awesome

Awesome 🔥

Does anyone know if you can still download these boxes like John does? Feel like having some nice coding examples would be useful to learn.

Sup people

28:39 ngrok actually put your IP in the X-Forwarded-For header

that was intense

Cool!

I'm definitely not that advanced with BASH to be calling out syntaxes and functions like that. Is there any more entry-level stuff on HTB?

So what did we learn today?
Everything needs to be url encoded😝😝

I did it all for the cookie.

where are you.. ?
i am eagerly waiting for your videos.

❤❤

I wish john know I was yelling the back-ticks, but I didn't skip the video tho.

amazing ty so much i leant a loooooooooooooooot from this tnx:) ... btw i was doing '${val}' and seeing it not working and wondering why until i saw the exact same stackoverflow page and see `` and go like but why?!

Hey John what's your main os ???? Which Linux ??? This is a VM like the original one ??

did you go live or uploaded a video?

No that was not painful that was epic

how do you download an entire website folders and file ?

owsem ❤️

javascript is such a mess. i still cannot believe its the fabric behind most of the ui in the world today

I like the fact that John acting like he has never solved this problem before 😄

~yt algorithm things~

I am also a veteran. I had some questions regarding certifications, and if you paid for them out of pocket and has the VA reimburse you, or had the VA pay for them via the GI Bill, if so, which ones were covered, and which were not ? I found some information. But nothing very clear.
Best regards, TIA
Eddie

Sir which Linux os your are using in this video

Vote for john to be a president.

while true; do nc -klnvp 9000; done

why do you need the display in the payload to trigger the payload?
When the bot visits the /list for the first time via puppeteer, then the feedbacks would be loaded since empty callback would default to display. In one of those feedbacks would also be the payload and that would trigger the src request which loads the /list endpoint again on the localhost and this time the callback function is populated with the window.location which ends up making the GET request to ngrok url.
i don't understand the need for display in the payload. Can someone explain? @johnhammond maybe?