HackTheBox - Headless - Walkthrough 2024
Vložit
- čas přidán 1. 04. 2024
- SUBSCRIBE Now To Get More Gaming Videos And Tech Videos!!
Have a Nice Day :)
Pc Specs:
Processor Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Installed RAM 8.00 GB
System type 64-bit operating system
Graphics Card NVIDIA GEFORCE GT630M With 2gb vram
Thank You For Watching,Like & Share
░░░░░░░░░░░░▄▄░░░░░░░░░░░░░░
░░░░░░░░░░░█░░█░░░░░░░░░░░░░
░░░░░░░░░░░█░░█░░░░░░░░░░░░░
░░░░░░░░░░█░░░█░░░░░░░░░░░░░
░░░░░░░░░█░░░░█░░░░░░░░░░░░░
██████▄▄█░░░░░██████▄░░░░░░░
▓▓▓▓▓▓█░░░░░░░░░░░░░░█░░░░░░
▓▓▓▓▓▓█░░░░░░░░░░░░░░█░░░░░░
▓▓▓▓▓▓█░░░░░░░░░░░░░░█░░░░░░
▓▓▓▓▓▓█░░░░░░░░░░░░░░█░░░░░░
▓▓▓▓▓▓█░░░░░░░░░░░░░░█░░░░░░
▓▓▓▓▓▓█████░░░░░░░░░██░░░░░░
█████▀░░░░▀▀████████░░░░░░░░
░░░░░░░░░░░░░░░░░░░░░░░░░░░░
Nice work!
Hey! Thanks for the video. I understood most of it, but could you explain better how you got the admin cookie? You got the web app to pung your machine, but how that got you the admin cookie?
Thanks!!
I've no idea why he puts the onerror line in user agent but if you send that request the admin key pops up 10 secs later
It's a reflected XSS attack. Notice that on the error page when sending something considered to be a hacking attempt it is reflecting the User Agent string along with a few other strings like Accept and others. By placing the image tag in that in the header you can get the web server to show an image in place of the string in the error, thus achieving reflected XSS. I'm having trouble though with the self hosted webserver receiving the request but without the admin cookie stored in document.cookie.
@@corruptbyte same here i get the same cookie i have in my browser from start
estan chidos tus videos, intente instalar las opciones para que el kali me quedara asi pero no deja puedes hacer tuto?
I will bro