Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.
This issue covers the week from 25 of October to 01 of November.
Our favorite 5 hacking items
1. Conference of the week
#Eko2020 Workshops | Rajanish Pathak, Rahul Maini & Harsh Jaiswal: Demystifying the Server Side & Slides
This is a great workshop on server-side vulnerabilities. It includes concise introductions to SSRF, XXE, Remote Code Execution and Reverse Proxy attacks. The case studies especially are very interesting.
2. Writeups of the week
Weblogic RCE by only one GET request — CVE-2020–14882 Analysis (in Vietnamese), Exploit, Bypass & AttackerKB analysis
Ability To Backdoor Facebook For Android
CVE-2020-14882 is a pre-authentication Remode Code Execution in Oracle WebLogic. It was patched but a bypass was released a week after. So, now it is being exploited in the wild. For pentesters and bug hunters, it is interesting to add to testing workflows as it has a 9.8/10 CVSSv3 score and takes only one GET request to exploit.
The second writeup is about an insecure development deeplink that could’ve allowed backdooring Facebook for Android. It provides great insight into deeplinks abuse, an excellent read on Android hacking!
3. Article of the week
Samy Kamkar (@samykamkar) updated an old attack that tricks firewalls and NAT devices to give access to machines not normally reachable from the Internet. After first reading about this incredible impact, I thought it was some kind of Halloween joke but the attack is real. The lenghty writeup goes into all technical details and prerequisites (Application Level Gateway support and that the victim visits a malicious site). If you just want the gist of it, here is a high-level TL;DR.
4. Tool of the week
Copy Request Response & Intro
Reporting, whether in bug bounty or pentest, can be tedious. This Burp extension will help as it makes copying HTTP requests, responses and response headers quicker and easier. A fantastic ideas since copy/pasting these elements is always needed for reporting vulnerabilities.
5. Video of the week
How I made 1k in a day with IDORs! (10 Tips!)
Katie Paxton-Fear (@InsiderPhD) already has a couple of introductory videos on IDOR. With this new one, she digs deeper into the topic with 10 hunting tips and a recent bug she found. If you understand IDORs but struggle to find them on bug bounty programs, this might just be the video you need.
Other amazing things we stumbled upon this week
Webinars & Webcasts
Medium to advanced
Responsible(ish) disclosure writeups
Bug bounty writeups
See more writeups on The list of bug bounty writeups.
- NetblockTool & Intro: Python script that finds netblocks owned by a company
- tld_detection.py: TLD matcher for any domain
- Scrying: A tool for collecting RDP, web and VNC screenshots all in one place
- iSH: Linux shell for iOS
- Grype: A vulnerability scanner for container images and filesystems
- Serval: A Netcat-style backdoor for pentesting and pentest exercises
- Hot Manchego & Intro: Macro-Enabled Excel File Generator (.xlsm) using the EPPlus Library
- CQOffensiveSecurity Toolkit: The Extreme Windows Offensive Security Toolkit for advanced Windows Infrastructure Penetration Testing
Misc. pentest & bug bounty resources
Bug bounty & Pentest news
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 10/25/2020 to 11/01/2020.