8:16 about the logic gates : The AND operator has a higher precedence than the OR operator, meaning the && operator is executed before the || operator. It's explained on the Mozilla developper documentation.
Love your vids. Extremely concise explanations and details about your thought processes on how you arrived at conclusions is great. Thanks for sharing!
@@iconelias508 I’d say the best for an ABSOLUTE beginner is tryhackme and as you get more experience definitely move to HTB. That’s what I did and I’m glad I did tryhackme first cause HTB even easy machines are not necessarily easy for beginners
I lucked out and found 'Sample' as plaintext just using plain vanilla strings but love you showcasing the encoding args (duly noted!) and your tips on initial web app enum - those are gold and would love to hear more tips in future videos! Thank you!
I think the reason behind the operations at 8:09 is because the “and” operation has precedence over the “or” operation. So variables get computed with and first, then or later
Regarding how js processes conditions at 8:16 It's fine. Every C variant processes conditionals this way, once something is true at first in a statement with || (OR), it discards the rest, same with false statements and &&.
7:46 will be translated to { TRUE or (TRUE and FALSE) } if we applied equivalence rules i don't actually remember what was the exact name of this rule but the result will be { (TRUE and TRUE) or ( TRUE and FALSE) } >>> { (TRUE) or (FALSE) } >>>> the result is {TRUE}
Because with NodeJS MongoDB is extremely common. With PHP you have the "LAMP" Stack (Linux, Apache, MySQL, PHP). The NodeJS Equivalent is MEAN (MongoDB, ExpressJS, Angular, Node). It's not a guarantee that stack is being used, but they hold the majority of articles/guides when you are learning so those applications are more often then not bundled togather.
Yeah its a non-standard port but I couldn't find any way to make it meaningful so didn't bother showing it. In this case it is related to Mattermost, but I don't know how you could have known that blindly as it wasn't a thing specific to mattermost. And a lot of googling did not return it may be related to mattermost.
@@ippsec It mentioned the playbooks plugin 1.29.1 at the end, which is used in Mattermost. That actually was the first thing I found out in the enumeration, which brought me directly to mattermost.shoppy.htb. But in the end we still have to go through the nosql injection to log in into mattermost :D
8:16 about the logic gates : The AND operator has a higher precedence than the OR operator, meaning the && operator is executed before the || operator. It's explained on the Mozilla developper documentation.
it's like the relationship between math multiplication and addition
Love your vids. Extremely concise explanations and details about your thought processes on how you arrived at conclusions is great. Thanks for sharing!
If you have $10 a month to spare, HTB is the number one security resource you can buy!
What about TryHackMe?
@@iconelias508 full of bugs / not worth it
@@iconelias508 I’d say the best for an ABSOLUTE beginner is tryhackme and as you get more experience definitely move to HTB. That’s what I did and I’m glad I did tryhackme first cause HTB even easy machines are not necessarily easy for beginners
@@fokyewtoob8835 Try Blue, you can root that machine in less than 5 mins.
Tryhackme way more better in terms of learnings
I lucked out and found 'Sample' as plaintext just using plain vanilla strings but love you showcasing the encoding args (duly noted!) and your tips on initial web app enum - those are gold and would love to hear more tips in future videos! Thank you!
that thing with strings -e l is so awesome. i used ghidra but I always like to use strings if I can.
I think the reason behind the operations at 8:09 is because the “and” operation has precedence over the “or” operation. So variables get computed with and first, then or later
Did you know, i love ippsec. We never miss any video... because we learn something new ...
Why are -sC and -sV always separated? You can do -sCV. Just curious.
You we're right regarding the string termination with the Null byte 🙂
"Cannot get /" is also displayed in golang fiber rest apis (express but in go)
Good example, I did not know that. However, the NodeJS one is a valid HTML Page. Golang Fiber just looks to be the error with no HTML.
when you converted that post payload to JSON and the response was a stack trace, that was a clear confirmation it was a NODEJS Server.
isn't trying false creds and trying to force a remote buffer overflow crash going beyond discreet enumeration and just blasting the conch of battle?
Am I right in saying that at 5:17 there is an information disclosure in the response?
any idea why gobuster dns doesnt find mattermost even with the correct wordlist?
17:58
so for the path hijack, using for example `sudo PATH=$(pwd):$PATH ` won't work?
Regarding how js processes conditions at 8:16
It's fine. Every C variant processes conditionals this way, once something is true at first in a statement with || (OR), it discards the rest, same with false statements and &&.
8:20 , the order of operations in boolean logic is NOT, AND, OR, so AND gets evaluated first. This is like BIMDAS (or PEMDAS) but for boolean.
Good educational video! Thank you
Ippsec rocks 🙂!
Great video! This should be a medium box though. When you look at the table for HTB submission, easy doesn't fit what this box is.
Have you played around with the ffufrc config file recently? it's a life saver for the basic enum checks.
Awesome video !
7:46 will be translated to { TRUE or (TRUE and FALSE) } if we applied equivalence rules i don't actually remember what was the exact name of this rule but the result will be { (TRUE and TRUE) or ( TRUE and FALSE) } >>> { (TRUE) or (FALSE) } >>>> the result is {TRUE}
OK, so you got the Node.js via 404 response content, but the question is, how do you know that it is MongoDB? What did you base this guess on?
Because with NodeJS MongoDB is extremely common. With PHP you have the "LAMP" Stack (Linux, Apache, MySQL, PHP).
The NodeJS Equivalent is MEAN (MongoDB, ExpressJS, Angular, Node).
It's not a guarantee that stack is being used, but they hold the majority of articles/guides when you are learning so those applications are more often then not bundled togather.
@@ippsec thank you very much for the clarification! Hope to see more walkthroughs like this!
thank you very much!
Love ur videos ❤️
There is another TCP Port 9093 open.
Yeah its a non-standard port but I couldn't find any way to make it meaningful so didn't bother showing it. In this case it is related to Mattermost, but I don't know how you could have known that blindly as it wasn't a thing specific to mattermost. And a lot of googling did not return it may be related to mattermost.
@@ippsec It mentioned the playbooks plugin 1.29.1 at the end, which is used in Mattermost. That actually was the first thing I found out in the enumeration, which brought me directly to mattermost.shoppy.htb. But in the end we still have to go through the nosql injection to log in into mattermost :D
Where is ZAP?
You promised long ago that you'll switch in a very close future! Still nothing!
He doesn't owe you an explanation man
Yeah I tried to switch. Had trouble. There’s a reason everyone uses burp
my channel too it is really good too🐢