Exploitation guides

The following are exploit guides for the scenarios created in this chapter. These are guidelines and there are more ways to exploit the vulnerabilities.

Scenario 1 – cookie theft for fun and profit

The brief provided for this exploitation guide is assumed to be: steal the admin user's cookie from <IP>/input.php. Perform the following steps for this scenario:

The first thing to do is to the browse the website. We can see that we have an input box.
The brief says, "steal a cookie", so we can assume this is a cross-site scripting attack. We can add test messages to see whether the input is returned to us. As it doesn't return the input, we must assume that it's being passed to the admin somewhere as the brief ...

Get Kali Linux CTF Blueprints now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Kali Linux CTF Blueprints by Cameron Buchanan

Exploitation guides

Scenario 1 – cookie theft for fun and profit

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly