Bugbytes #28 – Wireshark over SSH, Pwning New Relic & Filter Fun with @zseano

By Intigriti

July 23, 2019

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series are curated by Mariem, better known as PentesterLand. Every week, she keeps us updated with a comprehensive list of all write-ups, tools, tutorials and resources we should not have missed.

This issue covers the week from 12 to 19 of July.

Our favorite 5 hacking items

1. Tutorial of the week

Using Wireshark over SSH (WS on Windows traffic on Linux)

This is a short how-to for using Wireshark over SSH. It’ll be really handy if your main host is Windows, and you are using a Linux VPS for tests.
The steps described will allow you to run Wireshark locally, and use it to analyze traffic captured on the remote Linux server (even if you don’t have a GUI on the latter!).

2. Writeup of the week

Privilege escalation via mass assignment on New Relic

What a fun bug! @samwcyo bought a Tesla, tried to hack it, didn’t find anything, cracked his windshield, then accidentally triggered a blind XSS when he wanted to report the accident.
My takeaways are:
– Put blind XSS payloads everywhere
Own a Tesla one day
– Then damage it intentionally to find new bugs

3. Video of the week

Understanding & bypassing filters with @zseano

@zseano walks us through why all XSSes are not low hanging fruits, and how he proceeds to find edge cases by bypassing filters.
If you want to stop trying random payloads grabbed from the Internet and learn how to manually find interesting XSSes like a pro, this is the video to watch!
Also, it’s a good idea to focus on one bug at a time. That’s what @zseano and @nahamsec did and recommend.

4. Conference of the week

SteelCon 2019, especially:
SteelCon 2019: Hunting Sh\*T Up: Red Teaming With A Bug Hunter’s Mindset – Andy Gill
TLS 1.3 For Penetration Testers
WordPress Isn’t A Security Dumpster Fire, Fight Me!

These talks go to my top list of things to watch really soon. Especially  the one by Andy Gill because it’s about three aspects of offensive security in which I’m very interested: Pentesting, Bug bounty and Red teaming.
Applying a bug hunter’s mindset to pentest and red teaming can only be a good idea: bug hunting pushes you to automate as much as you can, go for the most impactful bugs and PoCs, work fast by using report templates, use/create the best tools… But many tools used for Web security today were created by bug hunters and aren’t known by many pentesters.
So I can’t wait to learn Andy’s take on this subject, and learn about TLS 1.3 and WordPress security.

5. Non technical item of the week

Web Application Penetration Testing: Minimum Checklist Based on the OWASP Testing Guide

This article is aimed at QA specialists. But I think it’s also a good read for beginner pentesters who don’t have the time to go trough the whole OWASP Testing Guide and need a quick summary.
Not that I don’t encourage reading the whole thing (on the contrary!). But it can be overwhelming when you’re just starting out.
The cheatsheet is useful to use during tests or as a basis for your own customized cheatsheet. I love how each test is accompanied with a concise comment that’s like the most important thing that you need to know about that test.

Other amazing things we stumbled upon this week

Videos

Podcasts

Webinars & Webcasts

Conferences

Tutorials

Medium to advanced

Beginners corner

Writeups

Challenge writeups

Pentest writeups

Responsible(ish) disclosure writeups

Bug bounty writeups

See more writeups on The list of bug bounty writeups.

Tools

If you don’t have time

  • GitGot& Introduction: Semi-automated, feedback-driven tool to rapidly search through troves of public data on GitHub for sensitive secrets

  • Git-Scrapers: Collect OSINT from git repositories

  • Entro.py: Tool that recursively searches directories for files containing strings with high shannon entropy (by @healthyoutlet) & How to reduce false positives

More tools, if you have time

  • git-ls: List (or plunder) private repos/gists to which a token has access, including those of other users

  • Git-hound: Find exposed keys across GitHub using code search keywords. Git Hound is a pattern-matching, batch-catching secret snatcher.

  • jLoot: JIRA Secure Attachment Looter

  • RacePWN (Race Condition framework) & Introduction: Race Condition framework

  • ORtester:

  • XSpear: Powerfull XSS Scanning and Parameter Analysis tool&gem

  • RedGhost: Linux post exploitation framework designed to assist red teams in gaining persistence, reconnaissance and leaving no trace

  • Very Complete Management (VCM): A small script to automate project folder management and basic tool output

  • ReportingTool: PHP Laravel Based Pentesting Report Writing Tool

  • Kali-ptf: A Kali container with custom set of tools installed

  • Revssl: A simple script that automates generation of OpenSSL reverse shells

  • Find-LOLBAS & Introduction: Simple powershell script to find living off land binaries and scripts on a system

  • Vulnrep: Java tool that collects vulnerabilities (from vulners.com and/or wpvulndb.com) for defined keywords generates an HTML report

Misc. pentest & bug bounty resources

Challenges

Articles

News

Bug bounty & Pentest news

Reports

Vulnerabilities

Breaches & Attacks

Other news

Non technical

Tweeted this week

We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 07/12/2019 to 07/19/2019

Curated by Pentester Land & Sponsored by IntigritiDisclaimer:
The views and opinions expressed in this article are those of the curators and do not necessarily reflect the position of intigriti.

You may also like