Type your comment> @VibhorBansal said:
Hey!
I tried the HELP HTB ,
here is my following recon:-
nmap -sA 10.10.10.121-> I go the all ports as unfiltered.nmap -sSVC 10.10.10.121 →
I got three ports 22, 80 , 3000I tried to enumerate 3000 port:- There I got Node.js Express Framework.
Then I google for Node.js Vulnerabilites and I got deserialization vulnerability for express framework .
But this vulnerability accepts profile parameter injection which is not in this case.Also there is If_None-Matched parameter pass to request header. But that doesn’t seems
fruitful.Is there anything that I’m missing.Kindly Help me out!
wrong forum 