Bug Bytes #21 – Automation of the Recon Process by @armaancrockroax, Stored XSS via MIME sniffing & Building Virtual Machine Labs

By Intigriti

June 4, 2019

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series are curated by Mariem, better known as PentesterLand. Every week, she keeps us updated with a comprehensive list of all write-ups, tools, tutorials and resources we should not have missed.

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 31 of May to 07 of June.

Our favorite 5 hacking items

1. Tool of the week

Keye

Keye is a really useful recon tool. It’s the first one I’ve come across that allows hackers to easily monitor changes in URLs.
It’s written in Python with SQLite3 integrated. You give it a list of urls, and run it periodically (using Cron for example). It then requests the urls and detects changes based on the responses’ Content-Length. You can also receive Slack notifications when changes are detected.

2. Writeup of the week

Stored XSS via MIME sniffing

This is a great writeup on file upload vulnerabities. The author breaks down how he found a stored XSS through file upload.
I love the way he explains what he did step by step, from detecting which extensions are allowed and which filters are in place, to bypassing them and executing an XSS. A worthy read!

3. Slides of the week

Building Virtual Machine Labs

This is an excellent resource if you want to build a pentest lab.
It’s 453 slides detailing everything: which OS/VMs you need to install (including Kali, Metasploitable 2, Firewall with pfSense, SIEM with Splunk…), how to do it, how to automate OS updates, intro to virtualization, which software you need on each OS (Linux, OS X & Windows) and much more.
I wish I had this when I had just started out. Such a time saver!

4. Conference of the week

Automating the Recon Process by armaan pathan null Ahmedabad Meet 26 May 2019 Monthly Meet & Slides

Armaan (@armaancrockroax) got [$21,000](https://twitter.com/armaancrockroax/status/1134664934518808576) from bug bounty last month. So when he talks about automation, I’m all ears!
In this talk, he shows how he:

  • combines multiple tools to enumerate subdomains

  • resolves and sorts subdomains

  • finds Jenkins with Shodan

  • gets Slack notifications for all scans

  • found a Jenkins RCE in Verizon using this same testing methodology

This is a short, sweet and very practical talk. Code snippets are also provided (check out the slides).

5. Video of the week

Writing a Pentest Report & Sample report

This is an awesome resource for junior penetration testers (and students who want to become professional pentesters). It provides a pentest report template and goes through each page and detail to explain the reasoning behind it.
Of course, this is not meant to be copied and used as as… Every company uses custom report templates for a reason: they tend to elvolve mission after mission, following client feedback and any new ideas that you have.
But this template is an excellent basis. It contains all the important sections and information you want to convey to clients.

6.  Intigriti News

6.1 El Punto Group – a New Responsible Disclosure by Kinepolis

Kinepolis recently acquired the Spanish cinema group “El Punt” with the “Full” cinema complex in Barcelona and “El Punt Ribera” in Valencia. Their websites are often the first point of contact with their costumers. The customers can fetch an overview of currently playing movies and buy their movie tickets. El Punto Group’s ticket sales rely heavily on Kinepolis’s online platform which is why they allow you to research these website and to report any vulnerabilities you may have found.

6.2 Napoleon Games is challenging you!

Napoleon Games is the Belgian leading gambling website where you can play several types of games: casino games, live casino games, sports betting etc. Their biggest concerns are leaks or in game manipulations! That’s why they need you! Can you increase your chances of winning? 

French Roulette is one of the many games you can try to manipulate. REMEMBER STAY ETHICAL: First register yourself as an intigriti researcher, become vetted and request your test account before you try to hack the game!

Disclaimer: Stay ethical! Before you start hacking, register yourself to the platform, become vetted and request your Napoleon Games test account.

Other amazing things we stumbled upon this week

Videos

Podcasts

Webinars & Webcasts

Conferences

Slides only

Tutorials

Medium to advanced

Beginners corner

Writeups

Challenge writeups

Pentest writeups

Responsible disclosure writeups

Bug bounty writeups

See more writeups on The list of bug bounty writeups.

Tools

If you don’t have time

More tools, if you have time

Misc. pentest & bug bounty resources

Challenges

Articles

News

Bug bounty / Pentest news

Reports

Vulnerabilities

Breaches & Attacks

Other news

Non technical

Tweeted this week

We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 05/17/2019 to 05/24/2019.

Subscribe to the newsletter here!

Disclaimer:
The views and opinions expressed in this article are those of the curators and do not necessarily reflect the position of intigriti.Curated by Pentester Land & Sponsored by Intigriti

You may also like