Forum Discussion

IronLady18's avatar
IronLady18
Icon for Bronze I rankBronze I
4 months ago

Re: Cross-Site Scripting: Ep.6 – Further Exploitation

I'm also stuck and cannot get the script to display the admin/token page.  I'm using the script from the XSS and SSRF section.  From that script I changed line 2 the I changed the open to use /admin...
help & support
  • NyePrior's avatar
    NyePrior
    3 months ago

    👋 IronLady18, you're doing 99% of the steps correctly, the problem lies with the fact you're using port 4848 to both host the script.js file and receive the connection back from the server. You'll also need a listener (I like using netcat, as it's simple!) to catch the connection from the server, and output the contents of the request. 

    For example, to spawn a listener on port 4444, you would run: 

    nc -nvlp 4444

    You'd need to adjust the script.js file to match whatever port you choose to host your listener on.

    Hope this helps! 

     

ChrisKershaw's avatar
ChrisKershaw
Icon for Community Support rankCommunity Support

Hey IronLady18 

I'm sorry that you are continuing to have issues completing the lab.

I'll tag, below, one of my colleagues from our lab Content Team, to see if they can help at all, so we can get you moving on this.

NyePrior - Is there anything you can advise, to help the user progress?

NyePrior's avatar
NyePrior
Icon for Immerser rankImmerser
3 months ago

👋 IronLady18, you're doing 99% of the steps correctly, the problem lies with the fact you're using port 4848 to both host the script.js file and receive the connection back from the server. You'll also need a listener (I like using netcat, as it's simple!) to catch the connection from the server, and output the contents of the request. 

For example, to spawn a listener on port 4444, you would run: 

nc -nvlp 4444

You'd need to adjust the script.js file to match whatever port you choose to host your listener on.

Hope this helps!