all InfoSec news
HackTheBox - Shoppy
Jan. 14, 2023, 3 p.m. | IppSec
IppSec www.youtube.com
01:00 - Start of nmap
01:55 - Taking a look at the web page
02:30 - Discovering it is NodeJS based upon the error message [MasterRecon]
03:40 - Performing NoSQL boolean injection (mongodb) to bypass authentication
06:45 - Working payload for the NoSQL Injection.
09:30 - Dumping the user database with more NoSQL Injection and using CrackStation to get the password
12:00 - Using ffuf to find the mattermost.shoppy.htb subdomain
14:20 - Logging into MatterMost and getting …
authentication bypass database dumping error find hackthebox htb injection logging mattermost message mongodb nmap nosql password payload performing start subdomain the web web working
More from www.youtube.com / IppSec
HackTheBox - Analytics
3 weeks, 6 days ago |
www.youtube.com
HackTheBox - AppSanity
1 month, 1 week ago |
www.youtube.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Information Security Engineers
@ D. E. Shaw Research | New York City
Cyber Security Architect - SR
@ ERCOT | Taylor, TX
SOC Analyst
@ Wix | Tel Aviv, Israel
Associate Director, SIEM & Detection Engineering(remote)
@ Humana | Remote US
Senior DevSecOps Architect
@ Computacenter | Birmingham, GB, B37 7YS