Write-up of The Bandit Surfer (SideQuest 4 of TryHackMe Advent of Cyber 2023)
Write-up of Bandit Surfer challenge, SideQuest 4 of TryHackMe Advent of Cyber 2023. After completing day 20 of Advent of Cyber 2023, we notice a QRCode inside one of the calendar PNG image inside the Git repository. The QRCode links to https://tryhackme.com/room/surfingyetiiscomingtotown. Step 1: SQL injection into server-side request forgery After starting this new machine (at 10.10.190.103 in this write-up), we discover a web server on port 8000. This web service offers to download 3 SVG files. The service seems to use a server-side code to hint to the browser that it should download a file....