tl;dr
- Leak admin’s hash using wildcard target origin in postMessage or by calculating
sha256('')
. - Create an XSS payload to read
/api/flag
and send it to attacker server.
tl;dr
sha256('')
./api/flag
and send it to attacker server.tl;dr
tl;dr
tl;dr
tl;dr
tl;dr
tl;dr
tl;dr
tl;dr
How to crack SickOS1.2 VM lab without Metasploit.
tl;dr