HackTheBox - Shoppy

Рет қаралды 29,568

Күн бұрын

Пікірлер: 47

@gelules Жыл бұрын

8:16 about the logic gates : The AND operator has a higher precedence than the OR operator, meaning the && operator is executed before the || operator. It's explained on the Mozilla developper documentation.

@css2165 Жыл бұрын

it's like the relationship between math multiplication and addition

@SeanCallahan52 Жыл бұрын

Why are -sC and -sV always separated? You can do -sCV. Just curious.

@beezball38 Жыл бұрын

that thing with strings -e l is so awesome. i used ghidra but I always like to use strings if I can.

@RealCyberCrime Жыл бұрын

If you have $10 a month to spare, HTB is the number one security resource you can buy!

@iconelias508 Жыл бұрын

What about TryHackMe?

@d_cb Жыл бұрын

@@iconelias508 full of bugs / not worth it

@fokyewtoob8835 Жыл бұрын

@@iconelias508 I’d say the best for an ABSOLUTE beginner is tryhackme and as you get more experience definitely move to HTB. That’s what I did and I’m glad I did tryhackme first cause HTB even easy machines are not necessarily easy for beginners

@reaper4110 Жыл бұрын

@@fokyewtoob8835 Try Blue, you can root that machine in less than 5 mins.

@interfou8068 Жыл бұрын

Tryhackme way more better in terms of learnings

@ahmedmouad344 Жыл бұрын

7:46 will be translated to { TRUE or (TRUE and FALSE) } if we applied equivalence rules i don't actually remember what was the exact name of this rule but the result will be { (TRUE and TRUE) or ( TRUE and FALSE) } >>> { (TRUE) or (FALSE) } >>>> the result is {TRUE}

@CVE-20XX Жыл бұрын

I think the reason behind the operations at 8:09 is because the “and” operation has precedence over the “or” operation. So variables get computed with and first, then or later

@wolfVFXmc Жыл бұрын

"Cannot get /" is also displayed in golang fiber rest apis (express but in go)

@ippsec Жыл бұрын

Good example, I did not know that. However, the NodeJS one is a valid HTML Page. Golang Fiber just looks to be the error with no HTML.

@blackthorne-rose Ай бұрын

isn't trying false creds and trying to force a remote buffer overflow crash going beyond discreet enumeration and just blasting the conch of battle?

@celticfans1 5 ай бұрын

any idea why gobuster dns doesnt find mattermost even with the correct wordlist?

@c0ri Жыл бұрын

Love your vids. Extremely concise explanations and details about your thought processes on how you arrived at conclusions is great. Thanks for sharing!

@jmee7580 7 ай бұрын

Am I right in saying that at 5:17 there is an information disclosure in the response?

@lonelyorphan9788 Жыл бұрын

Ippsec rocks 🙂!

@TornTech1 Жыл бұрын

when you converted that post payload to JSON and the response was a stack trace, that was a clear confirmation it was a NODEJS Server.

@quickmick9000 Жыл бұрын

8:20 , the order of operations in boolean logic is NOT, AND, OR, so AND gets evaluated first. This is like BIMDAS (or PEMDAS) but for boolean.

@HossamMohamed-pq2yk Жыл бұрын

17:58 so for the path hijack, using for example `sudo PATH=$(pwd):$PATH ` won't work?

@ovebepari6682 Жыл бұрын

Regarding how js processes conditions at 8:16 It's fine. Every C variant processes conditionals this way, once something is true at first in a statement with || (OR), it discards the rest, same with false statements and &&.

@KaliMax1337 Жыл бұрын

I lucked out and found 'Sample' as plaintext just using plain vanilla strings but love you showcasing the encoding args (duly noted!) and your tips on initial web app enum - those are gold and would love to hear more tips in future videos! Thank you!

@sand3epyadav Жыл бұрын

Did you know, i love ippsec. We never miss any video... because we learn something new ...

@booruledie3052 Жыл бұрын

Awesome video !

@somiltyagi7127 Жыл бұрын

You we're right regarding the string termination with the Null byte 🙂

@solcloud Жыл бұрын

Good educational video! Thank you

@flrn84791 Жыл бұрын

Great video! This should be a medium box though. When you look at the table for HTB submission, easy doesn't fit what this box is.

@MrFontaineInc Жыл бұрын

Have you played around with the ffufrc config file recently? it's a life saver for the basic enum checks.

@nuridincersaygili Жыл бұрын

OK, so you got the Node.js via 404 response content, but the question is, how do you know that it is MongoDB? What did you base this guess on?

@ippsec Жыл бұрын

Because with NodeJS MongoDB is extremely common. With PHP you have the "LAMP" Stack (Linux, Apache, MySQL, PHP). The NodeJS Equivalent is MEAN (MongoDB, ExpressJS, Angular, Node). It's not a guarantee that stack is being used, but they hold the majority of articles/guides when you are learning so those applications are more often then not bundled togather.

@nuridincersaygili Жыл бұрын

@@ippsec thank you very much for the clarification! Hope to see more walkthroughs like this!

@darkfire4789 Жыл бұрын

thank you very much!

@markuche1337 Жыл бұрын

Love ur videos ❤️

@mukeshsingh7069 Жыл бұрын

There is another TCP Port 9093 open.

@ippsec Жыл бұрын

Yeah its a non-standard port but I couldn't find any way to make it meaningful so didn't bother showing it. In this case it is related to Mattermost, but I don't know how you could have known that blindly as it wasn't a thing specific to mattermost. And a lot of googling did not return it may be related to mattermost.

@flrn84791 Жыл бұрын

@@ippsec It mentioned the playbooks plugin 1.29.1 at the end, which is used in Mattermost. That actually was the first thing I found out in the enumeration, which brought me directly to mattermost.shoppy.htb. But in the end we still have to go through the nosql injection to log in into mattermost :D