Bug Bounty & Agile Pentesting Platform

Bug Bytes #123 – Exiftool RCE, Learn mobile hacking for free & #BurpHacksForBounties

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.

This issue covers the week from May 10 to 17.

Intigriti News

Meet the hacker: 0xkasper, CTF player, Student, and hunter
New SSRF Blanket in our swag shop

Our favorite 5 hacking items

1. Resources of the week

@reyammer’s mobile security class material from MOBISEC 2020
The Missing Semester of Your CS Education

The first resource is a complete course on mobile hacking by @reyammer. It includes video recordings, slides, challenges and covers a lot of topics from basics to advanced notions.

The second course is about various tools used in Computer Science classes that are rarely introduced properly. This includes how to best use the command line, text editors, tools like tmux to access remote machines, Git, etc. These topics are actually relevant to all hackers, not only CS students.

So, hurray for two completely free, top-notch quality courses!

2. Writeups of the week

ExifTool CVE-2021-22204 – Arbitrary Code Execution (GitLab, $20,000)
CVE-2021-27651: Pega Infinity RCE
FragAttacks

Remember CVE-2021-22204, the Exiftool RCE from a couple of weeks ago? There weren’t any public exploits for it at the time. @wcbowling just shared how he exploited it to get RCE on GitLab for $20k.
This prompted other hackers to share articles about recreating exploits for the same bug. Here are the links if you want to do a deep dive into it: CVE-2021-22204 – Recreating a critical bug in ExifTool, no Perl smarts required. & An Image Speaks a Thousand RCEs: The Tale of Reversing an ExifTool CVE.

The second writeup is about an RCE in Pega infinity that @samwcyo‘s team discovered while hacking on Apple. It is interesting to see the technical details of a bug in open source software that was used for bug bounties on big targets like Apple.

The third writeup if for all of you Wi-Fi hackers. @vanhoefm found several vulnerabilities in all modern security protocols of Wi-Fi (goind back to 1997 and including WPA3!). What’s most impressive is that some of them are implementation flaws but three are design flaws in the Wi-Fi standard itself.

3. Tools of the week

whey-cewler.py
Copy As FFUF

Whey CeWLer is a Burp extension by @LaNMaSteR53 that parses your already crawled SiteMap and creates a wordlist. This is a convenient method for creating target-based custom wordlists that can be used for Web fuzzing and directory bruteforce.

Copy as FFUF is also a handy Burp extension. If you often find yourself copying requests from Burp to fuzz with FFUF, this will make the process much quicker.

4. Tips of the week

#BurpHacksForBounties – @sec_r0’s 30 days of Burp tips

@sec_r0 is sharing a Burp hack each day for 30 days, and they are good! If you want to level up your Burp skills make sure to follow him and apply these tips.

5. Conference of the week

Black Hat Asia 2020, BH Asia 2020 Slides & BH Asia 2021 Slides

40 videos from Black Hat Asia 2020 were just made public. There’s variety of topics so each talk’s description and slides will help quickly decide if you want to watch the whole talk.
If you’re also curious about the Black Hat Asia 2021, the recordings aren’t available yet but slides are. Some of these presentations on Web and mobile hacking are pretty interesting!

Other amazing things we stumbled upon this week

Videos

Podcasts

Webinars

Conferences

Tutorials

Medium to advanced

Beginners corner

Writeups

Challenge writeups

Pentest writeups

Responsible(ish) disclosure writeups

Bug bounty writeups

See more writeups on The list of bug bounty writeups.

Tools

Misc. pentest & bug bounty resources

Articles

Bug bounty & Pentest news

Non technical

Community pick of the week

What a bug it must’ve been… Bravo, @xv4yne1!

Do you also have bug bounty wins, swag and joys to share with other Bug Bytes readers? Tag us on social media, we love to hear from you!

%d bloggers like this:
-->