Zero to Pro Ethical Hacker: Day 30 (Extract.thm)

Описание: Definitely rated hard for a reason... We initiated this with a Server Side Request Forgery (SSRF) to gain access to some more webpages. Then we utilized a proxy and then a javascript vulnerability for Next.JS to be able to bypass authentication. Once we got the flag, we simply needed to do a cookie manipulation with burpsuite to bypass 2factor and we were able to get the 2nd flag.

Very hard, but looking back it seems much easier now.