Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from 13 to 20 of December.
Our favorite 5 hacking items
1. Tutorials of the week
– From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13
– Anyone Can Check for Magecart with Just the Browser
– Ngrok your DockerSploit
These are excellent tutorials to learn about:
- iOS app pentesting. It’s THE tutorial you were waiting for. Everything is explained: Jailbreak with checkra1n, installing Frida and Objection, proxying traffic with Burp, bypassing certificate pinning with SSL Kill Switch 2, bypass Jailbreak detection, etc.
- Detecting Magecart. Useful for penetration testers who want to know which indicators to keep an eye for to detect infected sites.
- The poor man’s VPS setup. Useful for tests involving reverse shells and out of band vulnerabilities. No credit card required.
2. Writeup of the week
Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty ($40,000)
I have a bad memory of buffer overflows from my university days. But this writeup describes a type of overflows that is relatively easy to understand and exploit remotely on Web apps.
@samwcyo was trying to re-register existing usernames. He tried adding special characters (like null byte, CRLF characters, spaces, Unicode…) hoping that they would be removed during the registration process.
The vulnerability is that each null byte inserted was replaced with random data, e.g.:
- Request: POST /firstname.lastname@example.org
- Response: username victimIdL@domain.com
So, injecting multiple null bytes (email@example.com) made the server return chunks of memory that contained very sensitive data (SSH keys, passwords, usernames, etc).
3. Videos of the week
Finding Your First Bug: Getting Started on a Target (Part 1) & Part 2
@InsiderPhD continues to delight us with new video tutorials on “Finding your first bug”. This series is excellent for anyone starting out in bug bounties or who wants to get into Web app penetration testing.
A lot of things are covered from creating your own testing methodology to recon, note taking, what to look for, etc.
4. Tip of the week
Nine tips for better tab management
This is for firefox users, especially those of us who always have 20+ tabs open. The 9 features mentioned include synchronization between devices, sending tabs to another device, muting tabs, etc.
I find this very helpful for organizing tabs (and reducing anxiety).
5. Tools of the week
– Flumberbuckets & Introduction
Two cool Python tools to help with recon automation. Silver by @s0md3v is a wrapper around Masscan, Nmap and Vulners. Flumberbuckets by @fellchase is for S3 bucket hunting.
Other amazing things we stumbled upon this week
Webinars & Webcasts
Medium to advanced
Responsible(ish) disclosure writeups
Bug bounty writeups
See more writeups on The list of bug bounty writeups.
If you don’t have time
- Online Generate Test Data in CSV or JSON
- SecretX: Extracting APIs and keys from a list of URLs using regex
- Cypher Injection Scanner: Burp Suite Extension that detects Cypher code injection in applications using Neo4j databases
- Dnstwister: Online domain name permutation engine
- Credcheck & Introduction: Credentials Checking Framework
- Scout: URL fuzzer in Go for discovering undisclosed files and directories on a web server
- Koala Toolkit: Bug bounty toolkit for Docker
- alpyntest: A Docker image embedding modern Python3 pentest tools (impacket, pypykatz, lsassy, ntlmrecon, enum4linuxpy, ldapsearch-ad, CrackMapExec…) to avoid dependencies wreckage on your system
- Rubeus2ccache: Generates ccache files directly from Rubeus dump output
- Search-SMB: A wrapper shell script for CrackMapExec that will grab all the SMB shares and search readable ones for your search term
Misc. pentest & bug bounty resources
Bug bounty & Pentest news
Breaches & Attacks
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 12/13/2019 to 12/20/2019.
The views and opinions expressed in this article are those of the curators and do not necessarily reflect the position of intigriti.