Bug Bytes #157 – Daily bug bounty recaps, Reading other bug hunter’s reports & Hacking Google Drive integrations

By Anna Hammond

February 2, 2022

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.

CLICK HERE TO SUBSCRIBE

This issue covers the week from January 24 to 31, 2022.

Intigriti news

Nullcon Berlin Student Scholarship (Sponsored by Intigriti)

Our favorite 5 hacking items

1. Vulnerability of the week

pwnkit: Local Privilege Escalation in polkit’s pkexec (CVE-2021-4034)

PwnKit or CVE-2021-4034 is a Local Privilege Escalation in polkit’s pkexec that was discovered by Qualys researchers.
It is noteworthy because it affects all major Linux distributions by default and all pkexec versions since 2009. Actually, @ryiron blogged about the root cause behind it in 2013.
Also, the vulnerability is exploitable reliably even though it is a memory corruption bug.

To practice, there is a free TryHackMe room, and some exploits by the community:

2. Writeups of the week

Hacking Google Drive Integrations (Dropbox, $17,576)
How I could have read your confidential bug reports by simple mail? (Microsoft)
A story of leaking uninitialized memory from Fastly (Fastly)

These are three entirely different types of findings but all very impressive and worth reading: @rootxharsh found a full read SSRF on Google Drive integrations in Drobox, @Sudhakarmuthu04 found a way to read other bug hunters’ reports on the Microsoft research portal, and @emil_lerner discovered a memory leak in the QUIC (HTTP/3) implementation of the H2O webserver.

3. Conference of the week

Black Hat Europe 2021

Recordings from Black Hat Europe 2021 were just released! Need I say more?
Maybe only that slides and whitepapers can be found here, and @albinowax really recommends @_danielthatcher‘s talk “Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond”.

4. Video of the week

🐛 Bug Bounty Recap 🐜 January 20-26

I’m really enjoying these daily bug bounty recaps by @PinkDraconian. They are crisp and easy to digest, a fun way to stay up-to-date or get clarifications on writeups you’re struggling to understand.

5. Tools of the week

Har Har Har Viewer
CodExt

CodExt is both a CLI tool and Python library for encoding/decoding anything. It extends the Python coded library with 120+ new codecs and has a “guess mode”.
I know there are many tools that do the same thing, but if you prefer the CLI and need support for both Bash and Python, this is a handy alternative.

Har Har Har Viewer is another useful tool. Like its name suggests it is a HAR viewer, worth bookmarking for the next time you need to handle HAR files.

SHARE ON TWITTER

Other amazing things we stumbled upon this week

Videos

Podcasts / Audio

Webinars

Conferences

Slides & Workshop material

Tutorials

Medium to advanced

Beginners corner

Writeups

Challenge writeups

Pentest writeups

Responsible(ish) disclosure writeups

Bug bounty writeups

See more writeups on The list of bug bounty writeups.

Tools

  • pty4all & Intro: Persistent multi reverse pty handler

  • PurplePanda: Identify privilege escalation paths within and across different clouds

  • LDAP Relay Scan: Check for LDAP protections regarding the relay of NTLM authentication

Tips & Tweets

Misc. pentest & bug bounty resources

Articles

Challenges

Bug bounty & Pentest news

Non technical

You may also like