HTML/Javascript Injection


Content Injection.

This module will illustrate the power of HTML and Javascript injection. This form of injection, often refered to as Cross Site Scripting (XSS), uses both HTML and Javascript. Its process is different than many other forms of injection in this dojo, but is just as dangerous and common. It focuses on utilizing the server as an intermediary between the attacker and the victim in stead of directly exploiting the server.



Challenges

In many cases, attackers wont even need to implement Javascript to do serious harm. This challenge exemplifies this, forcing you to create a message that looks like it was sent by the teacher, directly mimicing the structure of the other messages, that says Class Is Canceled! After posting this message you will then need to run the victim script in order to get the flag.

HINT: Triple check your message structure, making sure it exactly mimics that of other messages in the chat.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

This challenge has the same end goal as the previous challenge, however, now you must find a different way to inject the malicious HTML into the page.

HINT: Research percent encoding.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

HTML is much more versatile than just altering a webpage's front end---it is also possible to embed Javascript within it. In this challenge, your goal is just that. You will need to formulate some message that sends out the alert Class is Canceled! then run the victim script.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

30-Day Scoreboard:

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

7-Day | 30-Day | All-Time

Rank Hacker Badges Score