Dumping Data with NoSQL Injection via Regex and Python

Check out Snyk here: https://snyk.co/ippsec 00:00 - Introduction talking about the application we are testing and identifying NoSQL Injection with $ne 02:30 - Showing the RegEx Operator, which will let us do partial matches and enable us to validate characters one at a time 03:32 - Start of sponsored shoutout to snyk 04:15 - Showing Snyk find some vulnerabilities with Open Source Security 04:40 - Showing Snyk's Code Security 05:54 - Showing and talking about how to patch the vulnerability 07:37 - End of Snyk Shoutout, starting our python script to perform this NoSQL Injection 10:20 - Testing out our test_login logic to identify if we had a successful login or not 11:05 - Showing how we can identify the length of the string we want 13:20 - Creating a loop to automatically identify the length of the string 15:20 - Adding exception handling to the function and talking about the benefits 17:40 - Creating a function to get the username 20:30 - Explaining what our Get_Username function currently does 22:25 - Doing a benchmark on our first iteration of the script and seeing it takes slightly over 3 minutes 24:10 - Adding in a break so it doesn't loop over the full character set every time which gets us to 32 seconds 26:00 - Talking about the major optimization trick we are going to do, validating multiple characters at one time 27:20 - Breaking the enumerating a single character into its own function for exception-handling purposes 29:20 - Start of coding the optimization trick 35:06 - Running our code and seeing we got it down to 12 seconds. Moving on to testing the password.