Challenge name is all you need to get it started!
Flag format ctf{sha256}
ctf{d130ca6ea8c05c8cf7dcf76dae146f2fcfd62be082e9acb9aa2f0a5934e4eee1}
Use mongo blind SQL injection to find out the admin's password. We need to use the $regex function of the query.
First things first, enumeration:
gobuster ->
/login (Status: 200) [Size: 828]
/logout (Status: 302) [Size: 23] [--> /]
/secci? (Status: 400) [Size: 1535]
/static (Status: 301) [Size: 179] [--> /static/]
After running sqlmap, nothing interesting pops up, which I found odd.
cookies/localstorage contained nothing interesting
After realising that the title alludes to MongoDB, I started searching for some ways MongoDB is vulnerable for SQLi or NoSQLi online. I searched for keywords like mongodb nosql injection ctf; After a while, we find this website:
https://blog.0daylabs.com/2016/09/05/mongo-db-password-extraction-mmactf-100/
Here, we see:
$regexusing which we can compare the password character by character.
So, we use:
username[$regex]=.*&password[$regex]=.* -> login success