Open in app

Sign in

Write

Sign in

TryHackMe — Advent of Cyber 2 — Day 6

Trent Darrow
3 min readDec 8, 2020

--

Good afternoon all,

Going to try and catch up today. Anyhow this is the intro to today’s challenge:

“This year, Santa wanted to go fully digital and invented a “Make a wish!” system. It’s an extremely simple web app that would allow people to anonymously share their wishes with others. Unfortunately, right after the hacker attack, the security team has discovered that someone has compromised the “Make a wish!”. Most of the wishes have disappeared and the website is now redirecting to a malicious website. An attacker might have pretended to submit a wish and put a malicious request on the server! The security team has pulled a back-up server for you on MACHINE_IP:5000. Your goal is to find the way the attacker could have exploited the application.”

In the notes of the machine and learning section, it looks like we will be focusing on XSS or Cross site scripting. Now I usually try and avoid automated tools but this task essentially requires the use of the OWASP ZAP tool. So we will use it. I may try and do it without it first though, but since this is a learning situation, I don’t know how to use the tool, so may do it twice.

Anyhow, lets get started. Question 1: What vulnerability type was used to exploit the application?

Quick test after seeing the parameter in the URL, gives us a reflected XSS

http://10.10.64.242:5000/?q=<script>alert(1)</script>

Stored XSS works as well in the Wish input box.

<script>alert('hello')</script>

That answers question 1 for us. Now for question 2: What query string can be abused to craft a reflected XSS?

We learned this parameter from earlier: q

And now for the OWASP ZAP questions: Run a ZAP (zaproxy) automated scan on the target. How many XSS alerts are in the scan?

Should be simple enough, place the URL http://10.10.64.242:5000/ into the ‘URL to attack:’ field and click ‘Attack’.. This will take a minute.. Going to brew some tea and see how we are doing. Alrighty, below are the results and the answer to the question above.

Well, that was a quick enough task for today, was a good refresher on XSS, I enjoyed that as, well so far I have enjoyed all the machines and challenges. As always, best of luck.

Until next time,

-3lduderino

Tryhackme
Walkthrough
Beginner
Xss Attack
Xss Vulnerability

--

--

Trent Darrow

Written by Trent Darrow

7 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams