Bike
Last updated
Last updated
What TCP ports does nmap identify as open? Answer with a list of ports seperated by commas with no spaces, from low to high. - Found in the initial Scan
Answer: 22,80
What software is running the service listening on the http/web port identified in the first question? - Also found in the initial scan
Answer: Node.js
What is the name of the Web Framework according to Wappalyzer? - Using Wappalyzer we can see.
Answer: Express
What is the name of the vulnerability we test for by submitting {{7*7}}? - Node.js servers often use a software called a Template Engine. Looking into vulnerabilities we see a common one.
Answer: Server side template injection
What is the templating engine being used within Node.JS?
Answer: Handlebars
What is the name of the BurpSuite tab used to encode text?
Answer: Decoder
In order to send special characters in our payload in an HTTP request, we'll encode the payload. What type of encoding do we use?
Answer: URL
When we use a payload from HackTricks to try to run system commands, we get an error back. What is "not defined" in the response error?
Answer: require
What variable is the name of the top-level scope in Node.JS?
Answer: Global
By exploiting this vulnerability, we get command execution as the user that the webserver is running as. What is the name of that user?
Answer: root
Answer: 6b258d726d287462d60c103d0142a81c
