PORT     STATE SERVICE VERSION
21/tcp   open  ftp     vsftpd 3.0.3
22/tcp   open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   3072 c6:53:c6:2a:e9:28:90:50:4d:0c:8d:64:88:e0:08:4d (RSA)
|   256 5f:12:58:5f:49:7d:f3:6c:bd:9b:25:49:ba:09:cc:43 (ECDSA)
|_  256 f1:6b:00:16:f7:88:ab:00:ce:96:af:a6:7e:b5:a8:39 (ED25519)
5000/tcp open  http    Werkzeug httpd 2.0.2 (Python 3.8.10)
|_http-title: Noter
|_http-server-header: Werkzeug/2.0.2 Python/3.8.10
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel

The note editor on http://noter.htb:5000/ is using CKEditor 4.6.2.

Any news ?

xss
in username field
and password field

I got the user now root a bit more complicated

(May 8, 2022, 12:13 AM)Peter Wrote: xss 
in username field
and password field

I dont understand how can find xss :(
I found some XSS in ckeditor but the cookie is block

(May 8, 2022, 12:58 AM)iamnoone777 Wrote: I got the user now root a bit more complicated

How did you get user?

(May 8, 2022, 08:57 AM)jon01 Wrote:

(May 8, 2022, 01:16 AM)xslsystem Wrote:

(May 8, 2022, 12:13 AM)Peter Wrote: xss 
in username field
and password field

I dont understand how can find xss :(
I found some XSS in ckeditor but the cookie is block

PLAY WITH COOKIE

Which username ?

Look for the backend techno and what kind of cookie its

After that enum user

Still block on the root

(May 8, 2022, 10:41 AM)iamnoone777 Wrote: Look for the backend techno and what kind of cookie its

After that enum user

Still block on the root

I hope its not a rabbit hole :)

(May 8, 2022, 10:54 AM)Exited3n Wrote:

(May 8, 2022, 10:41 AM)iamnoone777 Wrote: Look for the backend techno and what kind of cookie its

After that enum user

Still block on the root

I hope its not a rabbit hole :)

I have a ssh as user so i hope to it's not a rabbit hole x) The first blood get the root before the user so you afraid me that the user is a rabbit hole