Abusing http misconfigurations

payload0911 · February 23, 2023, 4:10am

I am trying to solve the first modules about Abusing HTTP-misconfigurations But the first one is very difficult and I solved it, I think luckily because I use the same payload, even I have changed a bit but it can’t get the flag for the second time.

maxz · February 27, 2023, 5:22am

I DM’d you. I am working on this module as well.

maxz · March 6, 2023, 10:48pm

I’ve everything except “Bypassing Flawed Validation” which I am stuck on.

Predator · March 10, 2023, 12:28pm

have a look at your /etc/hosts file and maybe you can find another solution for localhost…

maxz · March 10, 2023, 3:28pm

Likely the only single one I didn’t try. Thx

payload0911 · March 11, 2023, 2:53am

When i find the first flag for the fat get, the other one for cloacks is it in the same server ?

XSSDoctor · March 13, 2023, 11:00pm

has anyone done the easy skills assessment? i’ve been trying to solve it for about a week with no luck. I even made a python script which tried every configuration of reset, registration, login etc. no luck

maxz · March 13, 2023, 11:51pm

Yeah, it will be the same IP and specify in the hosts file.

maxz · March 14, 2023, 12:03am

You will need to attempt to access the Admin area with the provided credentials . You will need to have two tabs open. Then you can test the forms found at login (in the second tab) to determine which will get you admin area access.

Don’t overthink it and it can be done with two browser tabs open.

XSSDoctor · March 14, 2023, 12:24am

oh man were you ever right. I overthought that so hard. Thank you!

magipie · March 18, 2023, 11:10am

I am trying this module as well, and I am stuck with two exercises left: Advanced Cache Poisoning Techniques and Skill Assessment - Hard.

In both cases, there seem to be something I don’t control. In the former, I think I have the correct poisoining payload, but the website is escaping all the XSS characters, so I am able to poison the cache, but the XSS payload is escaped.

In the latter, I am able to inject the XSS in cache, but none of my tries to have the admin exfiltrate data to interactsh.local work. The override headers don’t seem to work in this case.

lightz · March 18, 2023, 11:48am

it will be the same IP and specify in the hosts file.

maxz · March 19, 2023, 3:05am

On the hard assessment you might want to create a list of every page/unique url (including logged in) as you might need to skip a step somewhere to get further access. Two browser tabs is all you need as well.