6.2 Getting Started
Revert the Bassmaster virtual machine from your student control panel. Please refer to your course material in order to find the Bassmaster box credentials.
To start the NodeJS web server we’ll login to the Bassmaster VM via ssh and issue the following command from the terminal...
In order to access the rest of this course content, you must enroll in Offensive Security's Advanced Web Attacks and Exploitation online course.
Explore unique challenges and vulnerabilities related to web applications
Gain access to OffSec's innovative virtual labs for a unique, hands-on learning experience
Earn the highly sought-after Offensive Security Web Expert (OSWE) certification
6.4 Vulnerability Discovery
With the above in mind, let’s determine what we are dealing with.
6.5 Triggering the Vulnerability
It turns out that the only “sanitization” on our JSON request is done through the regular expression we mentioned in the previous section that checks for a valid item format. As a quick reminder, the regular expression looks like this...
An easy way to decipher and understand regular expressions is to use one of the few public websites that provide a regular expression testing environment. In this case, we will use a known valid string from our original payload with a small modification.
6.6 Obtaining a Reverse Shell