tryhackme MD2PDF writeup

Let's tackle TryHackMe's MD2PDF room... we'll use XSS and SSRF to find the flag in this web application. We'll understand XSS and SSRF to manipulate the app and explore its functionality to demonstrate how cross-site scripting can be leveraged to access sensitive information. FREE $5 TryHackMe Credit - https://go.mrash.co/tryhackme #TryHackMe • #md2pdf • #CTF - - - - - - - - - - Notes - https://mrash.co/hacknotes Website, Blog, Newsletter & More - https://go.mrash.co/links Room - https://tryhackme.com/room/md2pdf Links - https://owasp.org/www-community/attacks/xss/ - https://owasp.org/www-community/attacks/Server_Side_Request_Forgery - - - - - - - - - - 00:00 - Intro 00:30 - Start Here 00:50 - What is XSS? 01:06 - What is SSRF? 01:24 - Room Description 01:43 - Kali VM Setup 01:55 - Port Scan 02:16 - Directory Scan 02:54 - Scan Results 03:44 - Web App Test 04:29 - XSS Example 05:44 - Exploit 06:25 - Outro - - - - - - - - - - Recommended Software $60 off Speechify Premium - https://go.mrash.co/speechify Brain Music $1 Pro - https://go.mrash.co/brain.fm Managed Web Hosting 20% Off - https://go.mrash.co/cloudways Cheap Domain Names - https://go.mrash.co/namecheap Automated Email Marketing - https://go.mrash.co/gist Blog Autopilot - https://go.mrash.co/lettr Screenshot & Record Everything - https://go.mrash.co/cloudapp Google's Pro Suite - https://go.mrash.co/googlework - - - - - - - - - - My Hardware Asus Z690M+ MoBo - https://go.mrash.co/Z690M Cooler Master CPU Cooler - https://go.mrash.co/ML120L Corsair 2TB M.2 SSD - https://go.mrash.co/MP600 Corsair DDR4 32GB RAM - https://go.mrash.co/CMK32GX Gigabyte 850W PSU - https://go.mrash.co/GP-AP850GM Intel i7 12700K CPU - https://go.mrash.co/12700K Intel WiFi 6 AX210 - https://go.mrash.co/AX210 MSI RTX 3070 Ti - https://go.mrash.co/3070Ti SilverStone Case Fans - https://go.mrash.co/AB120R Razer Blade i7 Laptop - https://go.mrash.co/RAZRLP2021 Samsung Tab S6 Lite - https://go.mrash.co/s6lite PRISM+ 34" QLED Monitor - https://go.mrash.co/XQ340PRO Samsung 34" QLED Monitor - https://go.mrash.co/3KUWQHD Bose QC35 II Headphones - https://go.mrash.co/qc35ii Corsair Harpoon Mouse - https://go.mrash.co/harpoon Cooler Master Keyboard - https://go.mrash.co/SK622 Mic Arm - https://go.mrash.co/nmicarm - - - - - - - - - - Music - https://go.mrash.co/music All of my opinions in this video are my own, I was not paid to make this video. Whenever there is a link in any of my videos, if there is an affiliate program available, it's safe to assume that you are clicking on an affiliate link. Please check my website for any associated bonus I may be offering, for supporting me or ask in the comments below. - - - - - - - - - - cybersecurity hacking capturetheflag tryhackme adventofcyber attacksurfacereduction securityposture networksecurity cybersecurityprofessional phishing dosattacks vulnerabilityexploitation firewall intrusiondetection patchmanagement cyberdefence cyberawareness cyberresilience cybercrime informationsecurity cyberthreats cyberattack cyberprotect Subs: 1,120 Hours: 3