Anyone able to give me a nudge on how to complete the Session Security Skills Assessment? I am able to query the API endpoint (http://minilab.htb.net/submit-solution) and have the Target connect to my netcat listener or a hosted file, and I see a message indicating AdminVisited = True. So i suspect something like this is needed to find the admin auth-session. But when I use wireshark , the auth-session cookie is the same as when I just navigate to the login page.
Right now I am kind of at a loss as to how to proceed, so any hints would be much appreciated!
Edit: SOLVED! If anyone needs help feel free to DM me
@jarednexgent, Hey I sent you a DM, but please disregard it. I just solved it. Kinda kicking myself for wasting so much time lol.
To anyone who is on the skills assessment and comes here struggling. Take a deep breath and stop overthinking it. I am gonna say right now that the hint was misleading as all ****. I went down some crazy rabbit holes for like 3 hours only to sleep on it and get it in less then 30 minutes today!
It was a good final assessment though. But, as always feel free to reach out.
Could you hint me the road to flag? I have wasted on this assessment about a week
I wasted so much time trying to chain exploits together in stupid ways to get the admins profile to be visible. Only to realize, if the profile was visible, I still wouldn’t be able to find it because I didn’t know the email haha!
This is a good thought in the right direction. And should be hint enough. Since you don’t know the admin’s email address there is no point in replicating the XSS/CSRF lab. Find a way to compromise the admin session.
Which html tag in the payload do I need to use to refer to my host?
You can DM the payload you are using, but that doesn’t sound like the right payload to get the admins session.
Step 1: Understand the endpoint
Step 2: Performing XSS attack to Session Hijacking to get the Admin’s cookie
Step 3: Replacing the Admin’s cookie to compromise the admin’s profile
i did the same thing and it didn’t work
@jydn879, use @Satellite’s advice.
Try revisiting the Cross Site Scripting module “Session Hijacking” section. I used the exact same technique . You can do XSS on Julie’s profile page, and then use the API endpoint to make the admin visit her profile and steal the admin cookie.
wow the hint was pretty misleading
Haha right? I definitely could have done without the hint.
I’m in the same situation can you give me a hint i see the same message, i will probe get the cookie with XSS
Solved : I was being stupid and using incorrect payload.
I found the XSS. I tested got my own cookie, but I’m stuck. I did find this
And tried to generate a CSRF token but to no avail. Do I have to create the token or do I have to trigger something to get it?