I successfully implemented a cookie stealer utilizing hashtag.php. So far, only snarfed my own cookie. The only place I can even get an href to render properly is my profile website. I don’t think this is a spoiler because it helps with absolutely nothing, more like a “don’t waste your time” spoiler.
For get a cookie just go on inspection browser and then on console and write “window.cookie” or tab storage cookie
No luca, I wasn’t trying to get my cookie, I was trying to steal whoever was in charge of the support boxes cookie. It’s all good, I got user now. To anyone reading this, FORGET ABOUT COOKIES! (like Luca said)
(Quote)
No luca, I wasn’t trying to get my cookie, I was trying to steal whoever was in charge of the support boxes cookie. It’s all good, I got user now. To anyone reading this, FORGET ABOUT COOKIES! (like Luca said)
I have the user too, and I have a shell, but it’s not easy anyway, in fact I would say that now the road is uphill for me, I’m not good with P **** s *** l
(Quote)
No luca, I wasn’t trying to get my cookie, I was trying to steal whoever was in charge of the support boxes cookie. It’s all good, I got user now. To anyone reading this, FORGET ABOUT COOKIES! (like Luca said)
I have the user too, and I have a shell, but it’s not easy anyway, in fact I would say that now the road is uphill for me, I’m not good with P **** s *** l
I’ve never used the… restricted environment (if you’ve made it to that user, which you probably have). So this is just going to be a lesson for me. As soon as I got user level access I busted out meterpreter. So navigating the system has been a breeze, but yeah, gotta study the docs for je******** you know.
this was by far the hardest machine i have ever played on HTB.
i couldn’t have done it without the knowledge and patience of @acidbat .
for me, with Windows machines there is often the additional burden of having to read Microsoft-written documentation… which just always gives me the creeps