TUTORIAL HTB Stacked [Discussion]
by pheonix2021 - September 18, 2021 at 06:09 PM
#1
Lightning 
Hey!
new HTB machine
Name:- Stacked
ip:- 10.10.11.112
OS:- Linux
Points:- 50
Maker:- TheCyberGeek

T- 00:01:53:33
Reply
#2
anyone found a way to bypass waf?
Reply
#3
against which attack they use him?
Reply
#4
xss attack on subdomain
Reply
#5
(September 18, 2021 at 10:01 PM)NoXuSeR Wrote: xss attack on subdomain

Where did u inject XSS paylaod? i tried in Contact Form but did not worked for me
Reply
#6
contact form at portfolio, but I can't bypass waf
Reply
#7
How do you guys get around the XSS detected message?
Reply
#8
check the burp output
HTTP/1.1 200 OK
Date: Sun, 19 Sep 2021 18:55:23 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Length: 41
Connection: close
Content-Type: text/json; charset=utf8

{"success":false,"error":"XSS detected!"}
Reply
#9
I must have tried 100 of different WAF bypass techniques. Nothing works. Maybe it is a rabbit hole?!
Reply
#10
I tried thousands of bypass techniques, nothing works. Maybe really black hole, but how we should use localstack exploitation without xss?
Reply
#11
There is a docker running on the machine. I got the version of it and the YML file from the site still looking at what can be done with it though.
Reply
#12
There is a port available 2376 which is used by docker but we need a client cert (I think).
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
TUTORIAL HTB Fingerprint [Discussion] TDis7 49 3,931 2 hours ago
Last Post: harry123
TUTORIAL HTB Anubis Discussion dadamnmayne 168 56,281 Yesterday at 08:42 AM
Last Post: joeydalips
TUTORIAL HTB Hancliffe [Discussion] pheonix2021 130 30,834 Yesterday at 02:07 AM
Last Post: hacker00

 Users browsing this thread: chickensaladsand, 1 Guest(s)