We all know that SQL injection (SQLi) is a thing. But it may surprise quite a few people that similar injection techniques are possible when the underlying database is a NoSQL database.
In this post, I’ll show a simple way of exploiting such a NoSQL injection in two ways.
Continue reading NoSQL injection in MongoDBHackthebox – or HTB – calls itself a “massive hacking playground” and that is exactly what it is – besides also being a great place to learn all about hacking and infosec. In short, they offer anyone the possibility of learning hacking skills without breaking any laws. To do that, HTB offers a wide range of virtual machines and even whole networks that anyone is allowed to attack/break into.
To proof that one has completed a challenge/machine, each of them contains one or more flags (machines contain a user and a root flag). Flags are just long, random strings of characters that HTB knows. To proof successful compromise of a machine or challenge, one needs to submit the corresponding flag.
They also offer competitive hacking games, CTF challenges and an interactive academy. There’s a lot to learn, so let’s get started!
Continue reading Intro to Hack the BoxAfter my FOREST writeup, I decided to switch to password protected PDF files, so I could publish my writeups before the boxes are retired.
This PDF is protected by the root flag, but later PDFs will be protected with the Administrator’s/root password hash.
Have fun!
After my FOREST writeup, I decided to switch to password protected PDF files, so I could publish my writeups before the boxes are retired.
This PDF is protected by the root flag, but later PDFs will be protected with the Administrator’s/root password hash.
Have fun!
steps0x29a 