Solving Lab - Exploiting NoSQL operator injection to extract unknown fields
- Details
- Written by: Oki
- Hits: 255
I have solved one of the NoSQL Injection labs from PortSwigger and it was fun! The title of the lab is Exploiting NoSQL operator injection to extract unknown fields. The lab description is a little misguided here, it said the user lookup function has a NoSQL Injection vulnerability but after solving it the vulnerable part resides in the login function, where we can inject the NoSQL operator base payload inside the message body on POST /login endpoint.
Python - SSH Reverse Tunnelling
- Details
- Written by: Oki
- Hits: 2296
Goal and Scenario:
- - Access web server from Kali machine.
- - Kali machine have no access to web server directly
- - Assuming Ubuntu machine already compromised, running python script inside.
Building Mikrotik OpenVPN Server and OpenVPN Client Config for Android Device
- Details
- Written by: Oki
- Hits: 19911
Goal :
- Create OpenVPN Server using MikroTik
- Generate self sign certificate for OpenVPN server and client in MikroTik
- Connect client PC & Android Device to OpenVPN MikroTik Server
Multilayer Switch - DHCP Relay - IP Helper
- Details
- Written by: Oki
- Hits: 4773
If DHCP-server is not on same VLAN as clients, a router/multilayer switch must 'relay' DHCP messages from clients to server.
Goal:
- Create DHCP-Server in IOU1, and Relay DHCP in IOU3
- Make sure IOU5 get IP DHCP from IOU1
Page 1 of 3