Hello guys, I found myself stuck again on this module. Using my own Kali machine, I was not able to find which input field was vulnerable to the Blind XSS attack as I did not receive any request on the server that I set up on my Kali machine.
What worked for me was using HTB’s Pwnbox. For some reason, it just works. Also, the payload that you are looking for is provided in the module’s notes, there is no need to go out wasting time and energy to find the right payload. Do everything in Pwnbox and hopefully you will get the flag.
Hey, I have the same issue, with the initial step, i can not find the working payload. I tried all of them, including the ones in Payload of all things.
I tried different ports on Pwnbox and port 80 and others on my machine. None of them work.
But when I try to connect to to my machine or a Pwnbox through a browser it sees the connection attempt.
So the payloads that I’m using are just not executing and I’m not sure why. I do not really know Js and am not sure how to handle this situation, is there a chance there is an issue with VMs? Please guide me with this one.
man, thanx a lot, i was struggling with this, and the problem was the firewall, but after i saw the video, i did everything equal as this guy. thanx again!
