Book

HTB Content Machines
21

It has to be something related to f upload and f****k.php…

22

found an admin page, cant do ■■■■ with it lol

23

I’m planning to start this tomorrow, but the fact that there are no bloods worries me :smiley:

24

I think I found something that might be vulnerable but still working on exploiting it, surprised theres no bloods taken yet ?

26

Just followed another rabbit hole, just to find out the vuln is long closed. :neutral:

27

Have there ever been boxes where XSS was the foothold? I was able to get an XSS trigger to send me a cookie, but it seems the admin user doesn’t interact with the feedback so I can’t get their cookie…

28

Still no first blood. Has anybody managed to get a foothold yet?

29

Type your comment> @Thane121 said:

Have there ever been boxes where XSS was the foothold? I was able to get an XSS trigger to send me a cookie, but it seems the admin user doesn’t interact with the feedback so I can’t get their cookie…

This is a really good question. No box with xss to my knowledge.

30

Type your comment> @init5 said:

found an admin page, cant do ■■■■ with it lol

You can try to BF it :slight_smile:

31

There was one actually

32

Type your comment> @Thane121 said:

Have there ever been boxes where XSS was the foothold? I was able to get an XSS trigger to send me a cookie, but it seems the admin user doesn’t interact with the feedback so I can’t get their cookie…

Yes there has. One of them is still active

33

@bertalting said:
Type your comment> @init5 said:

found an admin page, cant do ■■■■ with it lol

You can try to BF it :slight_smile:

Normally I would, but @MrR3boot said there is no need to, I am taking his word for granted
for now ?

34

Type your comment> @Endoisshy said:

Type your comment> @Thane121 said:

Have there ever been boxes where XSS was the foothold? I was able to get an XSS trigger to send me a cookie, but it seems the admin user doesn’t interact with the feedback so I can’t get their cookie…

Yes there has. One of them is still active

Good to know, thanks.

35

Anyone think that the /d*.php and the /down****.php could be related or could that be a rabbit hole?

36

Type your comment> @durante said:

Anyone think that the /d*.php and the /down****.php could be related or could that be a rabbit hole?

That’s what I’ve been working at, but so far nothing :confused:

37

Type your comment> @ShadowSuave said:

Type your comment> @durante said:

Anyone think that the /d*.php and the /down****.php could be related or could that be a rabbit hole?

That’s what I’ve been working at, but so far nothing :confused:

I’m trying some common directory traversal payloads but haven’t managed to find anything so far.

38

someone got the user after 3 hrs :wink:

39

Have anyone tried to mess with existing pdf files? One of them looks very interesting

40

@olsv said:
Have anyone tried to mess with existing pdf files? One of them looks very interesting

Define interesting :smile:

41

@init5 said:

@olsv said:
Have anyone tried to mess with existing pdf files? One of them looks very interesting

Define interesting :smile:
Depends on the tool you use.