UHC - NodeBlog

Name: UHC - NodeBlog
Uploaded: 2022-01-01T15:57:03Z
Channel: IppSec
Description: Box will be uploaded to HackTheBox by January 5th. 00:00 - Intro 01:08 - Start of nmap 03:00 - Looking at the login, failing normal SQL Injection 04:45 ...

IppSec · Beginner ·🔐 Cybersecurity ·4y ago

Box will be uploaded to HackTheBox by January 5th. 00:00 - Intro 01:08 - Start of nmap 03:00 - Looking at the login, failing normal SQL Injection 04:45 - Start of talking about NoSQL/Mongo Injection 06:20 - Using the NE operator to create the NoSQL Injection where password is not equal to admin and bypassing login 07:00 - Showing the REGEX operator and talking about other ones to leak data 08:34 - Creating a python application to bruteforce passwords from the NoSQL Database one character at a time 21:00 - Script done, running it going over the code 24:40 - Examining the UPLOAD functionality o…

Watch on YouTube ↗ (saves to browser)

Chapters (17)

Intro

1:08 Start of nmap

3:00 Looking at the login, failing normal SQL Injection

4:45 Start of talking about NoSQL/Mongo Injection

6:20 Using the NE operator to create the NoSQL Injection where password is not equa

7:00 Showing the REGEX operator and talking about other ones to leak data

8:34 Creating a python application to bruteforce passwords from the NoSQL Database

21:00 Script done, running it going over the code

24:40 Examining the UPLOAD functionality of the site

26:10 Testing for XXE

29:30 Replacing our XXE POC to include a file. Then making the application error to

32:10 Discoving the application utilizes Node-Serialize which is extremely vulnerabl

39:30 Proving we have RCE after URL Encoding our entire payload and using double quo

41:00 Creating a reverse shell one liner that has minimal bad characters and getting

43:10 Reverse shell returned, we already have the password for SUDO!

44:10 ALTERNATE WAY TO GET PASSWORD: Mongodump

47:00 Showing application is vulnerable to IDOR's

Playlist

Uploads from IppSec · IppSec · 0 of 60

← Previous Next →