I feel like I'm learning a lot from just watching your videos even though I'm not on the HTB platform (yet, because this newb needs THM) and I feel like watching your videos is the best "test of my knowledge" as I follow along till I get lost. Then I just watch for fun, while still learning!
no educational value in this one. cant be a psychic every time knowing just the right thing, like doing the vhost scan right away, doing just the right nosql payload in 10 seconds, or took 10 second and doing chromium exploit - give me a break... if you know the solutions to the exam you can always look like a genius
The box was blooded in under 10 minutes, with many other solves right after that. 1. Most people will start with a VHOST Scan, always have things running in the background 2. NoSQL is pretty trivial there. 99% of Express Apps use NoSQL, so that's why you'd start with it. 3. The PDF Exploit there is also pretty common and covered several times on this channel When I solved this box, it probably took me less time than the video length. The mindset you have is harmful in my opinion. It would be like calling "Cold Readers" or "Mentalist" psychic, when they are just experienced at recon and asking the right questions. The same goes for applications, when you get in a routine and do these types of challenges every day. What can be exploitable sticks out, seeing Express in the server header probably means nothing to many people. But to the experienced it changes things up greatly.
