@wh0am3y3 said:
@mercwri said:
Watch ippsec’s videos he uses it extensively since web servers are pretty big attack surfaces.There is an article that basically gives this machine to you if you can understand what it is running and what it is doing.
Privesc at least how I did was classic and simple, kind of a let down with how novel(compared to other htb boxes) the initial foothold is.
not sure if i am doing a spoiler , done some research.
according to your hint i may need run some nodejs functions on my rig , then paste them inside the cookie ? am i on the right track ?
You have the right article I think, but you really need to read what they are doing and find out how to use that to build a payload.