Session Hijacking

Session Hijacking Example

Configurate the vHost

A quick way to specify this (and any other) vhost in your attacking system is the below:

eldeim@htb[/htb]$ IP=ENTER SPAWNED TARGET IP HERE
eldeim@htb[/htb]$ printf "%s\t%s\n\n" "$IP" "xss.htb.net csrf.htb.net oredirect.htb.net minilab.htb.net" | sudo tee -a /etc/hosts

Part 1: Identify the session identifier

Navigate to http://xss.htb.net and log in to the application using the credentials below:

Email: heavycat106
Password: rocknrol

This is an account that we created to look into the application!

You should now be logged in as "Julie Rogers."

Using Web Developer Tools (Shift+Ctrl+I in the case of Firefox), notice that the application is using a cookie named auth-session most probably as a session identifier. Double click this cookie's value and copy it!

Part 2: Simulate an attacker

Now, suppose that you are the attacker and you somehow got access to the auth-session cookie's value for the user "Julie Rogers".

Open a New Private Window and navigate to http://xss.htb.net again. Using Web Developer Tools (Shift+Ctrl+I in the case of Firefox), replace the current auth-session cookie's value with the one you copied in Part 1. Reload the current page, and you will notice that you are logged in as "Julie Rogers" without using any credentials!

PreviousSession Security NextSession Fixation

Last updated 2 days ago