Bug Bytes #47 – SecTalks, My First RCE, Smuggler.py and interview with @0xacb

By Intigriti

December 5, 2019

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.

This issue covers the week from 22 to 29 of November.

Our favorite 5 hacking items

1. Conference of the week

SecTalks Live 2019 – The Changing Landscape of Web Tooling \| Questions? !questions & @xyantix’s notes

This is recap by @codingo_ of the latest changes in open source Web security tooling. Categories discussed are scaling, directory brute forcing, XSS subdomain discovery, API keys and build logs, and cloud based services.

With the year ending, it is nice to stop and reflect on the state of our tools. Better ones with more features and attack techniques are released all the time. Following the trends is necessary to avoid using outdated tools.

2. Writeup of the week

My first RCE: a tale of good ideas and good friends

Alternative title: How to go from beginner to RCE using basic automation.

If you feel that critical bugs and automation elude you, this is the writeup for you! It is very well written and present a step-by-step guide that you could follow for finding different types of bugs.

3. Tools of the week

Smuggler.py

Corsy

Jaeles & Documentation

The common theme for these tools is automation.

Smuggler.py is for testing a list of URLs for HTTP request smuggling.

Corsy is a CORS misconfiguration scanner (with currently 10+ checks).

Jaeles is a framework in Go for building your own Web Application Scanner. I have not tested it yet, but it looks powerful and easy to use. You can add signatures for new tests and integrate it with Burp.

4. Non technical item of the week

Joplin

I’ve been on a quest for the perfect note-taking app for years. Some of the criteria I’m looking for are: Web Clipper, supports multiples OSes including Linux, mobile apps available, automatic synchronization and backups ideally with self-hosted server, markdown, and possibility to encrypt notes.

Evernote was good especially for its Web Clipper and mobile apps, but it does not have a Linux version.

Laverna was impractical and lacked basic features like searching inside notes.

SwiftnessX can be very useful for creating pentest templates, checklists and payload lists. But it does not have markdown and I found it not suitable for being used as a full knowledge base app.

QOwnNotes was a good candidate that I used for months. But it had an annoying bug (cursor moving by itsef while I was writing notes).

So, when Alexandre Dulaunoy tweeted about Joplin, I instantly installed it. It has all the features I’m looking for, even a Web Clipper and mobile apps! I also like that you can change the layout (whether to display markdown text, rendered markdown, or both).

Only time will tell, but this looks like the perfect note-taking app for me!

5. Webinar of the week

Accelerate Your Career By Building FIVE Critical Professional Skills

Ted Demopoulos offers great advice in this webinar, for both people who want to become entrepreneurs or move up the corporate ladder.

You probably have already heard some of these things. But it is good to hear the reminder and detailed tips from someone who has 20+ years of experience as an independent consultant.

Other amazing things we stumbled upon this week

Videos

Podcasts

Webinars & Webcasts

Conferences

Slides only

Tutorials

Medium to advanced

Beginners corner

Writeups

Challenge writeups

Pentest writeups

Responsible(ish) disclosure writeups

Bug bounty writeups

Tools

If you don’t have time

  • Peasant: LinkedIn reconnaissance tool

  • Asnip: ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight

More tools, if you have time

  • Tplmap: Server-Side Template Injection and Code Injection Detection and Exploitation Tool

  • DockerPwn.py: Python automation of Docker.sock abuse

  • Heimdall: Tool to distribute scanning and recon activities across multiple parallel cloud services

  • Mongot: Easily connect to open MongoDB and dump data

  • Nessus Map: Parse .nessus file(s) and shows output in interactive UI

  • rotaTOR: Bash script to change TOR ip – timer based

  • Andor: Blind SQL Injection Tool in Go

  • T1tl3: A simple python script which can check HTTP status of branch of URLs/Subdomains and grab URLs/Subdomain title

  • Actarus: A custom tool for bug bounty in Symfony

  • Cypheroth: Automated, extensible toolset that runs cypher queries against Bloodhound’s Neo4j backend and saves output to spreadsheets

Misc. pentest & bug bounty resources

Challenges

Articles

News

Bug bounty & Pentest news

Reports

Vulnerabilities

Breaches & Attacks

Other news

Non technical

Tweeted this week

We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 11/22/2019 to 11/29/2019.

Disclaimer:The views and opinions expressed in this article are those of the curators and do not necessarily reflect the position of intigriti.Curated by Pentester Land & Sponsored by Intigriti

You may also like