- 104
- 297 869
hexdump
Italy
เข้าร่วมเมื่อ 18 ก.ย. 2023
Focusing on all things related to Computer science, Penetration testing and Applied cryptography.
Exploiting a Blind NoSQL Injection - NiteCTF 2024
Hi there, and welcome to this new video!
Today we will analyze a challenge taken from the NiteCTF 2024.
The challenge consists in analzing the code of a NextJS application in order to find a Blind NoSQL Injection. The injection can be used to obtain the flag and solve the challenge.
During the video I discuss how to define simple objectives for performing a secure code review (SCR) on a codebase and I show, step-by-step, how to construct the payload required to exploit the blind injection.
As always, I hope you find the video helpful, and I would appreciate if you leave your feedback down in the comments, and share this series with like-minded people.
Thank you very much!
-------------------------
TIMESTAMP
00:00 Introduction
02:03 Dynamic Analysis
03:45 Code Review
19:15 Finding the injection
20:25 How to deal with a Blind NoSQL Injection
27:45 Automation with python
-------------------------
REFERENCES
- Material: github.com/LeonardoE95/yt-en/tree/main/src/2025-01-08-ctf-nitectf-web-nosqli
- Writeup: blog.leonardotamiano.xyz/writeups/nitectf-2024-web-tammys-tantrums/
- NiteCTF 2024: www.nitectf2024.live/
- Challenge: github.com/Cryptonite-MIT/niteCTF-2024/tree/main/webex/tammys_tantrums
-------------------------
CONTACTS
- Blog: blog.leonardotamiano.xyz/
- Github: github.com/LeonardoE95?tab=repositories
- Support: www.paypal.com/donate/?hosted_button_id=T49GUPRXALYTQ
Today we will analyze a challenge taken from the NiteCTF 2024.
The challenge consists in analzing the code of a NextJS application in order to find a Blind NoSQL Injection. The injection can be used to obtain the flag and solve the challenge.
During the video I discuss how to define simple objectives for performing a secure code review (SCR) on a codebase and I show, step-by-step, how to construct the payload required to exploit the blind injection.
As always, I hope you find the video helpful, and I would appreciate if you leave your feedback down in the comments, and share this series with like-minded people.
Thank you very much!
-------------------------
TIMESTAMP
00:00 Introduction
02:03 Dynamic Analysis
03:45 Code Review
19:15 Finding the injection
20:25 How to deal with a Blind NoSQL Injection
27:45 Automation with python
-------------------------
REFERENCES
- Material: github.com/LeonardoE95/yt-en/tree/main/src/2025-01-08-ctf-nitectf-web-nosqli
- Writeup: blog.leonardotamiano.xyz/writeups/nitectf-2024-web-tammys-tantrums/
- NiteCTF 2024: www.nitectf2024.live/
- Challenge: github.com/Cryptonite-MIT/niteCTF-2024/tree/main/webex/tammys_tantrums
-------------------------
CONTACTS
- Blog: blog.leonardotamiano.xyz/
- Github: github.com/LeonardoE95?tab=repositories
- Support: www.paypal.com/donate/?hosted_button_id=T49GUPRXALYTQ
มุมมอง: 260
วีดีโอ
A Sensible Approach to Sponsorships
มุมมอง 1457 ชั่วโมงที่ผ่านมา
Hi there, and welcome to this new video! In this video I give my thoughts on sponsorship and on the criteria that I will use in the future of my channel to accept or deny sponsorship. It is not really a technical video, more so a video to understand how I want to work in this space. I will try my best to make the mentions have meaning with respect to the technical content of the video! At the e...
Windows Privilege Escalation - Full Course
มุมมอง 1.6K19 ชั่วโมงที่ผ่านมา
Upload of the full Windows Privilege Escalation Course. All the material developed for the course is available in the github repository of the channel - github.com/LeonardoE95/yt-en. References are also present in the OSCP repository - github.com/LeonardoE95/OSCP Share this video to support my efforts and help me grow. Thanks. TIMESTAMP 00:00:00 Windows Privilege Escalation Course 01 Introducti...
A Cheatsheet and A Methodology
มุมมอง 534วันที่ผ่านมา
Hi there, and welcome to this new video in which we continue the "Windows Privilege Escalation" series! This episode marks the end of the series, and as such I wanted to give you two last things: a cheatsheet and a methdology related to Windows Privilege Escalation. Both the cheatsheet and the methdology do not cover 100% all possible cases, but they lay a solid foundational knowledge that, if ...
Apache Tomcat Race Condition To RCE - CVE-2024-50379
มุมมอง 1K14 วันที่ผ่านมา
Hi there, hope holiday is going well! In this quick video we take a look at a recent CVE, which is CVE-2024-50379. It is a vulnerability in Apache Tomcat, and specifically it is a TOCTOU race condition which can lead to RCE. It's actually a pretty dangerous vulnerability, given that it allows non authenticated users to execute arbitrary code. To be exploitable, you need to run a vulnerable vers...
AMSI Bypass
มุมมอง 64114 วันที่ผ่านมา
Hi there, and welcome to this new video in which we continue the "Windows Privilege Escalation" series! In this episode we look at the Windows Antimalware Scan Interface (AMSI), which is used in the context of Windows to trigger security scans. AMSI provides a standard interface that allows solutions to scan files, memory, and other data for threats. The AMSI bypass technique can be used to dis...
Useful Tools
มุมมอง 41514 วันที่ผ่านมา
Hi there, and welcome to this new video in which we continue the "Windows Privilege Escalation" series! In this episode specifically we look at useful tools in the context of Windows Privilege Escalation. The list of tools has been developed by looking back at the previous episodes of the series. Therefore, it does not represent a complete list, but a good approximation of what a complete list ...
Critical Registry Paths
มุมมอง 41321 วันที่ผ่านมา
Hi and welcome to this new video! In this video we continue the "Windows Privilege Escalation" series. The focus of this video will be to discuss specific registry paths which, if miss-configured, can represent a security threat. Some of these paths are useful for privilege escalation purposes, while some other for persistence. As always, I hope you find the video helpful, and I would appreciat...
Scheduled Tasks
มุมมอง 30321 วันที่ผ่านมา
Hi and welcome to this new video! In this video we continue the "Windows Privilege Escalation" series. Specifically, in this video we talk about Scheduled Tasks, a feature of Windows that allows the execution of specific actions, such as PE executable or scripts, when specific conditions are met. These can be time-based conditions, or general trigger conditions such as when the user logs into t...
Stored Credentials and the Windows Vault
มุมมอง 26628 วันที่ผ่านมา
Hi and welcome to this new video! In this video we continue the "Windows Privilege Escalation" series. Specifically in this video we analyze the Credential Manager feature, which allows to store and retrieve user credentials. Credentials that are stored within the Credential Manager can be directly used without knowing the user password. This can be dangerous if the user session is compromised....
Windows Hashes
มุมมอง 360หลายเดือนก่อน
Hi and welcome to this new video! In this video we continue the "Windows Privilege Escalation" series. Specifically, in this video we analyze how hashes are handled in Windows. We discuss the role of hashes, how hashes are used in authentication, and the different types of hashes that are used in Windows. The focus will be on the LM and NTLM hashes, as well as the Net-NTLMv1 and Net-NTLMv2 hash...
Files with Sensitive Data
มุมมอง 440หลายเดือนก่อน
Hi and welcome to this new video! In this video we continue the "Windows Privilege Escalation" series. Specifically, in this video we discuss special files that are used by the Windows operating system and that can contain sensitive data. Since these files contain sensitive data, in the context of privilege escalation they can potentially be used for increasing privileges. In the video we discu...
How Computers Capture Meaning
มุมมอง 271หลายเดือนก่อน
Hi and welcome to this new video! In this video we continue the "Computer Science Foundations" series. This series is aimed at people who want to build a strong foundational background into computer science, so that later they can choose exactly where to specialize, whether in programming and development, or computer security, or data science, ... Specifically, in this video we discuss one of t...
Always Install Elevated
มุมมอง 379หลายเดือนก่อน
Hi and welcome to this new video! In this video we continue the "Windows Privilege Escalation" series. Specifically, in this video we discuss a feature called "Always Installed with Elevated Privileges", which allows to assume the role of SYSTEM during the installation of MSI packages. This feature, obviously, poses significant security risks. In the video we show how to use this feature in ord...
Are You Anxious About OSCP?
มุมมอง 614หลายเดือนก่อน
Hi and welcome to this new video! In this video I discuss the role of certifications, and why sometimes we might feel anxiety when we take them. Hope the video is useful and gives valuable insights. Thank you very much! Support my work: www.paypal.com/donate/?hosted_button_id=T49GUPRXALYTQ TIMESTAMP 00:00 Where does Anxiety come From? 03:00 Do you really need OSCP? 08:00 Find your own answer 10...
Okta Auth Bypass: A Quick Explanation!
มุมมอง 5222 หลายเดือนก่อน
Okta Auth Bypass: A Quick Explanation!
Explore Linux Kernel Programming with QEMU
มุมมอง 2.5K2 หลายเดือนก่อน
Explore Linux Kernel Programming with QEMU
Learn The Command Line with Practical Challenges!
มุมมอง 8842 หลายเดือนก่อน
Learn The Command Line with Practical Challenges!
HTB Valentine Walkthrough (Easy Linux)
มุมมอง 8202 หลายเดือนก่อน
HTB Valentine Walkthrough (Easy Linux)
Linux Privilege Escalation - Full Free Course
มุมมอง 23K3 หลายเดือนก่อน
Linux Privilege Escalation - Full Free Course
Amazing content sir, i would ask you to bring python scripting videos for pentesting.
There a few videos already on the topic th-cam.com/play/PLJnLaWkc9xRj6mUE22hjQzpXk57qSY6Uq.html&si=L8XZBXWdZP5hB2k2 Will do more in the future
Brilliant work🎉 Thankyou for your efforts
This is amazing.
Great explanations! Watching this really helped me gain a better understanding of this material!
thank you so much for this content! can you confirm if the ssrd/securebank image is still available for everyone? I'm getting a failed to authorize error when trying to load it.
I can confirm, just tried to download it, the command is docker pull ssrd/securebank Is the error you're refering to on the level of your particlar user or a network error? That is, are you getting a permission error at the level of the OS, because your user is not authorized to execute docker (usually happens, might have to append sudo to it), or you're getting a problem from the docker network itself?
@@hexdump1337 I thought I was authenticated but I wasn't 🤦♂I logged into docker via cmd and was able to load the image. Sorry for the confusion. Thanks for the quick response!
Can you do one same video for Active Directory also. I loved your content.
Started working on it!
Awesome Content, next can you do an Acitve Directory Hacking Series
For sure, its gonna be the next!
Great content !
finally more web stuff, I love this
I truly hope your channel will grow big. Thanks a lot.
Thats truly precious to hear!
Hi, I hope you can answer my question. I was wondering where I can practice these kinds of CTFs. Are there any resources you would recommend? I really enjoy your videos and learn a lot from them. Keep up the great work
There is no specific resource, key is to read up on tons of CTF writeup and videos like these and do a lot of practice. For this is a good thing to find a consistent team that you can play with. Platforms like HTB/TryHackMe and such help too!
nuovo mentore
I did CTFs and had difficulty understanding few privilege escalation concepts but after watching this masterpiece I feel confident solving more CTFs and keep learning more about linux PE , thankyou for putting efforts on this
Thanks so much for telling!
This is a pure 🪙
Congrats on your sponsorship, i will check it out. Looking forward for your next videos, top tier content hands down!
Thanks for the support!
Since the windows privilege escalation series came to an end what is the next playlist series we can expect on channel?
Active Directory! Already working on it, also in the following months I will get back to more advanced web exploitation, by showcasing CTFs walkthroughs and more complex usage of burpsuite
I trust you on all counts hexdump : )
Thats precious 💪🏻♥️
Hello my friend,very nice video. I have not watched it all, but even from the start ,the way of you explaining things is very good.I wanted to ask, do you have any videos or playlist,for malware development? (Windows API,Evasion,etc) If not is there a plan to create one?Also,if you would kindly share any good place to study about maldev.Thanks a lot,and keep up the good work.
Thanks so much! As far as maldev is concerned, I’m terribly fascinated by technical aspects of that, even though right now my skills in that area are limited, I do plan in the future to skill up more on that and produce educational content too
I’m blown away by how well-organized this course is. The pace is perfect and the content is super engaging. Loving every minute!
Your channel just became my favorite!! Super amazing content!! :D
You doing very good, keep em up. I mean it.
Keep up the good work, this is amazing, I wish more people were teaching like this on youtube.
Amazing content bro. Do u have any plan to do a web pentesting series apart from the oscp course including advanced techniques?
Yes! It’s in the plans, but it will require so much work that its not gonna see the light of day for a while! In the meantime I plan to bring cool CTF challenges to showcase more advanced techniques
Just finished your OSCP guide, definitely adding some things to my notes from this. Thank you for making this!
could you make a video on hacking mobile applications? especially smali patching and run time hooking?
Its in the plans, maybe I will start with some CTF/challenges videos on mobile hacking
@hexdump1337 ok👍
Beautifully explained. Many thanks 🙂
Nice video! Looks like my last comment got deleted by youtube, so I'll try to avoid using some words. Regarding your hc issue, see hc github issue 2816. The algorithm in your files is not yet supported by hc.
Sorry for youtube randomly deleting comments, hate it 😢 Thanks so much for the contribution!
Finally the full course!!!!❤❤❤❤❤
It's really amazing video thank you so much ❤🎉 , you deserve million of subscribers ❤ .
bro good work i need this type of content to undersatand logice thx bro
thanks again very cool stuff.
Hello friend, I'm from another country and I don't speak English although I'm learning, TH-cam launched a feature that allows you to watch your videos with a translator in real time, anyone in the world can watch your videos without the language barrier, could you enable it when you can in the youtube studios settings. thanks.
Technically it is enabled, I think however it requires some time before it can be used for video this long? not sure, what I know however is the feature itself is enabled
Hey there, thank you for hours of hours amazing content! Is there plan to make a video about Prototype Pollution or mXss Vulnerabilities? Most populer js modules have those kind of vulnerability and there are not much of beginner friendly explation videos out there.
For sure! Sadly I do not have much time, but in the future and long term future of the channel more advanced vulns will be treated. First in the form of CTFs walkthroughs, and later on in the form of more structured content like this one, but for more advanced web vulns.
A hacker from somewhere I always like your contents Thanks for the dedication
🫡
this is gold can't wait to dig in. thanks bro
I love you dude 😂
This is awesome ! Are you going to upload the Windows course as a long video like the linux one too ?
Yah, working on the timestamps and everything
Please do not use AI for title translation. English is the way to go for this kind of subject.
Hm, I actually did put the title in english, what title do you see? Provably is some automatic youtube config, I’ll try to understand more
Я попробую обьяснить кратко: Метод показанный в видео работает, но только для PS 5.1 Windows 10, но немного про оптимизировав данный метод можно добиться обхода amsi для PS 5.1 и PS 7.0 для Windows 10 и Windows 11. 1) обойти ограничения ExecutionPolicy 2) Пропатчить память улучшенным методом из видео заполнения массивом из девяти нулей 3) сохранить сессию как новый контекст (обойти менеджер авторизации)
Thank you for your contribution!
Thanks for great course, can you pls share the notes
You can find everything in the github repository: github.com/LeonardoE95/yt-en