Bronze IRe: Cross-Site Scripting: Ep.6 – Further Exploitation
I'm also stuck and cannot get the script to display the admin/token page. I'm using the script from the XSS and SSRF section. From that script I changed
line 2 the I changed the open to use /admin/token
and on line 8 I changed the ip address to be the one given for the Kali Desktop and I'm using port 4848
In the wildcard-cycles.bitnet website on the Ask a Question page in the Message text box I'm using the script call from the Remote scripts section of the Briefing. I changed the ip address to be the Kali Desktop with port 4848.
I am using the python3 http.server call to listen. When I click the Post button I can see that the script has gotten called but no other information is being produced.
I'm not sure what I'm doing wrong. Any help would be greatly appreciated.
👋 IronLady18, you're doing 99% of the steps correctly, the problem lies with the fact you're using port 4848 to both host the script.js file and receive the connection back from the server. You'll also need a listener (I like using netcat, as it's simple!) to catch the connection from the server, and output the contents of the request.
For example, to spawn a listener on port 4444, you would run:
nc -nvlp 4444You'd need to adjust the script.js file to match whatever port you choose to host your listener on.
Hope this helps!
