A walkthrough depicting basic NoSQL injections on MongoDB. You can access the room through this link: https://tryhackme.com/room/nosqlinjectiontutorial
Hi everyone, this is Mrinal Prakash aka EMPHAY on TryHackMe and today I am going to take you all to the walkthrough of the room on TryHackMe called “NoSQL injection Basics” which is a pretty basic beginner friendly room and it falls into the category of easy rooms. So lets go ahead and dive in.
TASK 1: NoSQL Basics
1. A group of documents in MongoDB is known as a…
2. Using the MongoDB Operator Reference, find an operator to filter data when a field isn’t equal to a given value
Following the example of the 3 documents given before, how many documents would be returned by the following filter: [‘gender’ => [‘$ne’ => ‘female’] , ‘age’ => [‘$gt’=>‘65’] ]
TASK 2: NoSQL injection
Let me go ahead and deploy my machine.
1. Read the task’s content
No Answers needed
TASK 3: Bypassing the Login Screen
1. When bypassing the login screen using the $ne operator, which user are you logged in as?
TASK 4: Logging in as Other Users
1. How many users are there in total?
2. There is a user that starts with the letter “p”. What is his username?
TASK 5: Extracting Users’ Passwords
1. What is john’s password?
By this method, we found out that there are 8 digits in the password. Read the task description to find out the way to the password.
2. One of the users seems to be reusing his password for many services. Find which one and connect through SSH to retrieve the final flag!
This completes our room and that was it from me. If you enjoyed reading this, do give it a clap and follow me on medium. If you face any problem regarding any solution, feel free to reach me out. Hope you enjoyed reading my work. If you really liked this article, then follow me on medium and follow me up on Twitter and connect with me on LinkedIn. Till then goodbye from my side and Happy Hacking.