Hack The Box Mango
01:00 Start of nmap and examining the HTTPS Certificate to get a potential hostname 04:00 Doing light testing on the HTTPS Site for SQL Injection, then sending to SQLMap. Using forcessl to make SQLMAP do HTTPS instead of HTTP 06:26 Playing with and some light testing to see if we could do SSRF. Put it on the backburner and move on. 07:42 Testing the logon prompt on the HTTP Site, playing with SQL Injection and starting another SQLMap 08:51 Going over NoSQL Injection 09:44 Attempting to explain NoSQL Injection 11:35 Performing a NoSQL Injection test via xwwwformencoded data 12:44 Doing Regular Expressions with NoSQL Injection to extract the password length 14:00 Explaining how you would have done NoSQL Injection on NodeJS (Sending objects in JSON) 16:00 Logging into the webserver via NoSQL Injection, running GoBuster with our cookie that is logged in 18:50 Going back to NoSQL Injection with RegularExpression and Boolean injection to extr
|
|