HackTheBox - Stocker

Name: HackTheBox - Stocker
Uploaded: 2023-06-24T15:00:35Z
Channel: IppSec
Description: 00:00 - Introduction 00:56 - Start of nmap 02:15 - Running Gobuster in VHOST Detection mode to find the dev subdomain 03:50 - Intercepting a request to ...

IppSec · Beginner ·🔐 Cybersecurity ·2y ago

00:00 - Introduction 00:56 - Start of nmap 02:15 - Running Gobuster in VHOST Detection mode to find the dev subdomain 03:50 - Intercepting a request to dev.stocker.htb and seeing an connect.sid cookie and x-powered-by header saying express, both indicating it uses NodeJS/Express 05:00 - Explaining why I'm trying these injections 07:00 - Bypassing login with mongodb injection by setting both username and password to not equals instead of equals 09:10 - Playing with the e-commerce store and seeing it gives us a PDF 10:45 - Using exiftool to see how the PDF was generated 12:05 - Inserting an HTM…

Watch on YouTube ↗ (saves to browser)

Chapters (13)

Introduction

0:56 Start of nmap

2:15 Running Gobuster in VHOST Detection mode to find the dev subdomain

3:50 Intercepting a request to dev.stocker.htb and seeing an connect.sid cookie an

5:00 Explaining why I'm trying these injections

7:00 Bypassing login with mongodb injection by setting both username and password t

9:10 Playing with the e-commerce store and seeing it gives us a PDF

10:45 Using exiftool to see how the PDF was generated

12:05 Inserting an HTML IFRAME when we purchase an item to see if the PDF Generated

17:00 Extracting /var/www/dev/index.js and getting the mongodb password which lets u

19:50 The order numbers don't appear to be that random, looking at the source code t

26:00 Looking at sudo, we can perform a directory traversal to execute run any .js f

27:50 Showing that you can now put regex in the Sudoers file which would fix this ex

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →