Bike
Initial Scan
sudo nmap -T4 -Pn -sV -sC -v 10.129.245.220 -oA Bike
Task 1
What TCP ports does nmap identify as open? Answer with a list of ports seperated by commas with no spaces, from low to high. - Found in the initial Scan
Answer: 22,80
Task 2
What software is running the service listening on the http/web port identified in the first question? - Also found in the initial scan
Answer: Node.js
Task 3
What is the name of the Web Framework according to Wappalyzer? - Using Wappalyzer we can see.
Answer: Express
Task 4
What is the name of the vulnerability we test for by submitting {{7*7}}? - Node.js servers often use a software called a Template Engine. Looking into vulnerabilities we see a common one.
Answer: Server side template injection
Task 5
What is the templating engine being used within Node.JS?
Answer: Handlebars
Task 6
What is the name of the BurpSuite tab used to encode text?
Answer: Decoder
Task 7
In order to send special characters in our payload in an HTTP request, we'll encode the payload. What type of encoding do we use?
Answer: URL
Task 8
When we use a payload from HackTricks to try to run system commands, we get an error back. What is "not defined" in the response error?
Answer: require
Task 9
What variable is the name of the top-level scope in Node.JS?
Answer: Global
Task 10
By exploiting this vulnerability, we get command execution as the user that the webserver is running as. What is the name of that user?
Answer: root
Task 11
Answer: 6b258d726d287462d60c103d0142a81c
Last updated