Intigriti

Bug Bytes #175 – 60 RCEs in 60min, Free Google Play Store ebooks & How to easily parse Burp Project files

By Anna Hammond

June 22, 2022

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.

CLICK HERE TO SUBSCRIBE

This issue covers the weeks from June 13 to 20.

Special announcement

After this issue, Bug Bytes will be on pause.

After almost three and a half years of working with Intigriti, I (@PentesterLand) have nothing but respect, admiration and love for this company, its people and culture.

So, it is with great sadness that I am announcing that I have to stop this beautiful collaboration with Intigriti for personal reasons.

I’m beyond grateful to Stijn and Inti for giving me (and so many other content creators!) support and a platform to share knowledge and this passion for hacking.

To all of Bug Bytes’s faithful readers, thank you for your ongoing support and love.

Hopefully, this won’t be the end of Bug Bytes. Until another content creator picks up the torch, I invite you to follow Intigriti’s Twitter account, Youtube channel and Intigriti Hackademy to stay informed of any new resources and news.

I also invite you to keep an eye on my list of bug bounty writeups which I continue to update regularly.

Last but not least, Intigriti is looking for new content creator(s) to join their community team. If you’d like to work on the next iteration of Bug Bytes, I strongly encourage you to apply at community@intigriti.com.

Intigriti news

Intigriti’s June XSS challenge By lawrencevl

Our favorite 5 hacking items

1. Conference of the week

60 Remote Code Execution in 60 minutes – Laluka & Slides

If you like RCEs (and who doesn’t?!), you will love this talk. @TheLaluka presents 60 ways he obtained unauthenticated RCE, with the full chains and links to learn more about all the vulnerabilities.
Note that the talk is in French, but slides are in English and are full of details, links and good memes.

2. Writeup of the week

How to download eBooks from Google Play Store without paying for them (Google)

This is about an interesting logic flaw that @Yess_2021xD found in Google. It looks simple once explained. However it probably took a lot of persistence and attention to detail to notice the series of behaviors that led to leaking a small part of an ebook, then come up with automation to access the whole ebook.
A very clever and creative finding with great impact.

3. Tutorials of the week

Building on an AppSec Pipeline with Burp Suite data – Part 1 & Part 2
Hack with ‘goodfaith’ – A tool to automate and scale good faith hacking

If you often find yourself looking for information across multiple Burp project files, @0xRST‘s burpsuite-project-file-parser is a must. It is two years old but these new tutorials do an amazing job of explaining what the tool does exactly, and how to leverage it for bug hunting with eight concrete examples.

@ryanelkins‘s goodfaith is another really useful tool for bug hunters and pentesters. It solves the issue of ensuring that you stay within scope when doing recon and large-scale scanning.

4. Tools of the week

xnLinkFinder
PentagridScanController & Related talk

I noticed xnLinkFinder a while ago but didn’t have time to play with it and compare it to other endpoint discovery tools like LinkFinder. According to @nullenc0de, it found him more endpoints. So, it’d be interesting to test and look at its code to understand what it does differently.

Another interesting tool is PentagridScanController. It is a Burp extension by @floyd_ch that improves Burp’s active scanning by excluding irrelevant requests (e.g. non-repeatable requests). Its behavior is detailed and can be customized.

5. Video of the week

How to get started with and how to improve on secure code review

The best way to learn security code review is by doing it, but it is easier said than done when you are starting out. If this speaks to you, this video might help. @wireghoul reviews some code and shares practical tips and techniques to find 0-days in code.

SHARE ON TWITTER

Other amazing things we stumbled upon this week

Videos

Podcasts & Audio

Webinars

Conferences

Tutorials

Medium to advanced

Beginners corner

Writeups

Challenge writeups

Pentest writeups

Responsible(ish) disclosure writeups

Bug bounty writeups

See more writeups on The list of bug bounty writeups.

Tools

  • sfleet: Go utility to manage multiple ssh

  • Ermir: An Evil Java RMI Registry

  • DFSCoerce: PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot method

  • Aced: DACL parser for Active Directory

Tips & Tweets

See more tips on this week’s Twitter collection.

Misc. pentest & bug bounty resources

Articles

Challenges

Bug bounty & Pentest news

Non technical

You may also like