Can you explain the process you go through to get the session cookie for me? Once I know what you’re doing I can nudge you in the right direction. Don’t think you’re too far off. DM if you want.
How can I DM you?
If I reply on your email the content is visible in this blog as well.
SOLVED
Hey all, I am a bit stuck on this and did try most of the ideas and XSS form lecture.
I can get Julie’s auth-session/cookie both in base64 and clear via XXS and remote webservice. But I cannot get to redirect/share the part so I get the admin visit. did try to make XXS to http://minilab.htb.net/submit-solution etc.
I just need hint on how to utilise the submit-solution site???
NEVERMIND stepped away and came back with different mindset and it took 20 min after that. As sson a I understood/figured out the API role in the bigger picture it was easy. But great course. I have now finally finished the Bug Hunter Path.
Cheers
1 Like
Hi everyone.
I’m in the same boat here…just used the XXS payload, visited the http://minilab.htb.net/submit-solution?url=xxx and get the AdminVisited = true BUT…don’t know how to actually get the admin click on the malicious link with the payload to steal the session cookie. Anyone to DM to discuss this or to give me a nudge in the right direction.
Even if I visit the malicious link from a private browser using the endpoint mentioned with the URL associated to it…no cookies at all…
I am also having issues. I set up a netcat listening on port 8080 but when I input the script I get nothing on the listening port , on the log on page.
I have got the admin cookie but after I replace it in the dev tools I am just getting a green screen. What am I doing wrong here?
hi I used the following payload in the country field and I get Julie Rogers’ session cookie, now how can I make it so that he receives the visit as if he were the admin? I can’t understand this, I have to build a payload on http://minilab.htb.net/ submit-solution?url= ? If so, give me some advice because it’s not clear to me if I’m on the right path
I got the first flag by following the XSS section in this module. You can try to follow the Netcat edition.
Here is the clue: Perform Session Hijacking using the test account credentials’ URL profile as the submit solution URL parameter value.
It certainly was! Not helpful at all really
I think this is quite simple and fun assessment
the point is that we need to understand
“http://minilab.htb.net/submit-solution?url=~”
this is for the admin interaction (that is intended)
then anyone could solve this relatively easily
1 Like