8:16 about the logic gates : The AND operator has a higher precedence than the OR operator, meaning the && operator is executed before the || operator. It's explained on the Mozilla developper documentation.
Love your vids. Extremely concise explanations and details about your thought processes on how you arrived at conclusions is great. Thanks for sharing!
I think the reason behind the operations at 8:09 is because the “and” operation has precedence over the “or” operation. So variables get computed with and first, then or later
I lucked out and found 'Sample' as plaintext just using plain vanilla strings but love you showcasing the encoding args (duly noted!) and your tips on initial web app enum - those are gold and would love to hear more tips in future videos! Thank you!
@@iconelias508 I’d say the best for an ABSOLUTE beginner is tryhackme and as you get more experience definitely move to HTB. That’s what I did and I’m glad I did tryhackme first cause HTB even easy machines are not necessarily easy for beginners
Regarding how js processes conditions at 8:16 It's fine. Every C variant processes conditionals this way, once something is true at first in a statement with || (OR), it discards the rest, same with false statements and &&.
Because with NodeJS MongoDB is extremely common. With PHP you have the "LAMP" Stack (Linux, Apache, MySQL, PHP). The NodeJS Equivalent is MEAN (MongoDB, ExpressJS, Angular, Node). It's not a guarantee that stack is being used, but they hold the majority of articles/guides when you are learning so those applications are more often then not bundled togather.
7:46 will be translated to { TRUE or (TRUE and FALSE) } if we applied equivalence rules i don't actually remember what was the exact name of this rule but the result will be { (TRUE and TRUE) or ( TRUE and FALSE) } >>> { (TRUE) or (FALSE) } >>>> the result is {TRUE}
Yeah its a non-standard port but I couldn't find any way to make it meaningful so didn't bother showing it. In this case it is related to Mattermost, but I don't know how you could have known that blindly as it wasn't a thing specific to mattermost. And a lot of googling did not return it may be related to mattermost.
@@ippsec It mentioned the playbooks plugin 1.29.1 at the end, which is used in Mattermost. That actually was the first thing I found out in the enumeration, which brought me directly to mattermost.shoppy.htb. But in the end we still have to go through the nosql injection to log in into mattermost :D
8:16 about the logic gates : The AND operator has a higher precedence than the OR operator, meaning the && operator is executed before the || operator. It's explained on the Mozilla developper documentation.
it's like the relationship between math multiplication and addition
Love your vids. Extremely concise explanations and details about your thought processes on how you arrived at conclusions is great. Thanks for sharing!
Did you know, i love ippsec. We never miss any video... because we learn something new ...
I think the reason behind the operations at 8:09 is because the “and” operation has precedence over the “or” operation. So variables get computed with and first, then or later
I lucked out and found 'Sample' as plaintext just using plain vanilla strings but love you showcasing the encoding args (duly noted!) and your tips on initial web app enum - those are gold and would love to hear more tips in future videos! Thank you!
that thing with strings -e l is so awesome. i used ghidra but I always like to use strings if I can.
If you have $10 a month to spare, HTB is the number one security resource you can buy!
What about TryHackMe?
@@iconelias508 full of bugs / not worth it
@@iconelias508 I’d say the best for an ABSOLUTE beginner is tryhackme and as you get more experience definitely move to HTB. That’s what I did and I’m glad I did tryhackme first cause HTB even easy machines are not necessarily easy for beginners
@@fokyewtoob8835 Try Blue, you can root that machine in less than 5 mins.
Tryhackme way more better in terms of learnings
You we're right regarding the string termination with the Null byte 🙂
Why are -sC and -sV always separated? You can do -sCV. Just curious.
when you converted that post payload to JSON and the response was a stack trace, that was a clear confirmation it was a NODEJS Server.
"Cannot get /" is also displayed in golang fiber rest apis (express but in go)
Good example, I did not know that. However, the NodeJS one is a valid HTML Page. Golang Fiber just looks to be the error with no HTML.
17:58
so for the path hijack, using for example `sudo PATH=$(pwd):$PATH ` won't work?
Regarding how js processes conditions at 8:16
It's fine. Every C variant processes conditionals this way, once something is true at first in a statement with || (OR), it discards the rest, same with false statements and &&.
isn't trying false creds and trying to force a remote buffer overflow crash going beyond discreet enumeration and just blasting the conch of battle?
8:20 , the order of operations in boolean logic is NOT, AND, OR, so AND gets evaluated first. This is like BIMDAS (or PEMDAS) but for boolean.
Am I right in saying that at 5:17 there is an information disclosure in the response?
any idea why gobuster dns doesnt find mattermost even with the correct wordlist?
Good educational video! Thank you
Ippsec rocks 🙂!
Awesome video !
Have you played around with the ffufrc config file recently? it's a life saver for the basic enum checks.
OK, so you got the Node.js via 404 response content, but the question is, how do you know that it is MongoDB? What did you base this guess on?
Because with NodeJS MongoDB is extremely common. With PHP you have the "LAMP" Stack (Linux, Apache, MySQL, PHP).
The NodeJS Equivalent is MEAN (MongoDB, ExpressJS, Angular, Node).
It's not a guarantee that stack is being used, but they hold the majority of articles/guides when you are learning so those applications are more often then not bundled togather.
@@ippsec thank you very much for the clarification! Hope to see more walkthroughs like this!
thank you very much!
7:46 will be translated to { TRUE or (TRUE and FALSE) } if we applied equivalence rules i don't actually remember what was the exact name of this rule but the result will be { (TRUE and TRUE) or ( TRUE and FALSE) } >>> { (TRUE) or (FALSE) } >>>> the result is {TRUE}
Great video! This should be a medium box though. When you look at the table for HTB submission, easy doesn't fit what this box is.
Love ur videos ❤️
There is another TCP Port 9093 open.
Yeah its a non-standard port but I couldn't find any way to make it meaningful so didn't bother showing it. In this case it is related to Mattermost, but I don't know how you could have known that blindly as it wasn't a thing specific to mattermost. And a lot of googling did not return it may be related to mattermost.
@@ippsec It mentioned the playbooks plugin 1.29.1 at the end, which is used in Mattermost. That actually was the first thing I found out in the enumeration, which brought me directly to mattermost.shoppy.htb. But in the end we still have to go through the nosql injection to log in into mattermost :D
Where is ZAP?
You promised long ago that you'll switch in a very close future! Still nothing!
He doesn't owe you an explanation man
Yeah I tried to switch. Had trouble. There’s a reason everyone uses burp
my channel too it is really good too🐢