Web Attacks - Skills Assessment

Can any one help me with web Attacks?
I find all the users and tokens and also I found the way how to reset the users password, also I reset the password for htb-student. But when I try to reset the other users passwords I get “Access Denied”.
I try to change Cookie: udi but no succes. Can any one help me with this?

1 Like

Also I try to use Burp Intruder to test the tokens, iud and no success. Some one have any idea?

I found the way to finish this.

Hey, can you give me a hint on this? I’ve been struggling with it for 2 days and still didn’t find xxe vuln :frowning:

you need to find how to reset users passwords and after that you will find XXE

I could find out how to change password of any user but still cannot find out how to do XXE (I find there is POST request in resxx.php but I tried xml format is not accepted. It will prompt missing parameters) any further hint can be given? And from the question, it mention that we should escalate the privilege to get the flag… I cannot find a way to escalate the privilege. I found that all 100 users have not hint to have admin user.

Thanks a lot in advance!

I could do with a nudge on this too if anyone can help. I can enumerate the users and tokens. Found what I believe to be an admin user. Can’t change that user’s password whatever I try. Am I barking up the wrong tree with this?

It’s OK ignore me. I’ve found part of the way through. I shouldn’t be too much longer with the rest.

hey bro.i found that way and reset all user’s password.but how can i use that reset with xxe?can u help please?

Hello,

can someone provide me some help pon the XXE part because none of the one I try to exfiltrate the /flag.php is working.

Every attempt (CDATA, FILE, php filter) is ending with a timeout

And after several attempt of these the server is not reflecting anymore a simple only showing" Event ‘’ has been created."

Thx in advance