Bug Bytes #155 – When logout logs you in, 120 days bug hunting challenge & Testing reverse proxies with Nuclei

By Anna Hammond

January 19, 2022

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.

CLICK HERE TO SUBSCRIBE

This issue covers the week from January 10 to 17, 2022.

Our favorite 5 hacking items

1. Tutorials of the week

Recon Weekly #2: GitHub Code Search Preview (for Hackers)
Abusing Reverse Proxies, Part 1: Metadata & Part 2: Internal Access

Did you see hackers tweeting about GitHub’s new code search and wondered what all the hype was about?
If you want a quick preview, @sshell_ goes over why this new feature was needed and how it can be leveraged for recon.

The second tutorial is about open reverse proxy misconfigurations. Did you know that Nuclei introduced templates that detect these vulnerabilities? If not, make sure to read this refresher on reverse proxy abuse and test the new templates.

2. Writeups of the week

RCE In Adobe Acrobat Reader For Android(CVE-2021-40724) (Google, Adobe, $10,000)
Pre-Auth RCE in Moodle Part II – Session Hijack in Moodle’s Shibboleth
120 Days of High Frequency Hunting

The first writeup is about a clever RCE via path traversal found by @hulkvision in Acrobat Reader for Android.

The second one is about an interesting session management issue in Moodle. Basically when a user logouts out, they are logged in as a random user for a fraction of a second. Simply refreshing the page gives access to the user’s session.

The third writeup is about @caffeinevulns and @kuldeepdotexe‘s inspiring bug bounty challenge. They found 36 vulnerabilities in 120 days and share details on some of these findings.

3. Article & Tool of the week

Dissecting NTLM EPA With Love & Building A MiTM Proxy & Prox-Ez

This is probably not something you will need everyday, but it will be very handy if you find yourself testing a Web app that uses NTLM EPA authentication.
Firefox and other browsers do not support EPA, so @b1two_ created a proxy that allows you to correctly authenticate even if your browser that does not support this mechanism.

4. Video of the week

Buffer Overflows Made Easy (2022 Edition)

If you like @thecybermentor‘s teaching style and want to learn about buffer overflows, this is an amazing introduction. It starts with the basic concepts, details how to detect and exploit these vulnerabilities using Python 3, then demos a walkthrough of a TryHackMe room.

5. Resource of the week

Offensive Hacking Education Landscape

You probably already know about most content creators and learning platforms in this article, but it is a really good selection for newcomers. It takes little time to check out and maybe discover valuable new resources.
Personally, I wasn’t aware of the cwinfosec Youtube channel. So, now I have two dozen videos to watch to catch up on all these cool interviews and tutorials I missed.

SHARE ON TWITTER

Other amazing things we stumbled upon this week

Videos

Conferences

Tutorials

Writeups

Challenge writeups

Pentest writeups

Responsible(ish) disclosure writeups

Bug bounty writeups

See more writeups on The list of bug bounty writeups.

Tools

  • Response Overview & Intro: Burp extension that groups all response bodies by similarity and shows a summary, one request/response per group

  • Authz0: Automated authorization testing tool

  • rustpad: Multi-threaded Padding Oracle attacks against any service. Successor to padbuster, written in Rust.

  • membuddy: Early demo of a memory visualiser tool for iOS security researchers

  • Ivy & Defeating EDRs with Office Products: A payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory

Tips & Tweets

Misc. pentest & bug bounty resources

Articles

Challenges

Bug bounty & Pentest news

Non technical

You may also like