The 5 Hacking NewsLetter 54

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 10 to 17 of May.

T5HN54.png

Our favorite 5 hacking items

1. Article of the week

The real impact of an Open Redirect

Open redirects are often considered low impact bugs by bug bounty programs (including Google). As such, they are not rewarded unless they can be used to exploit other vulnerabilities like XSS or OAuth token disclosure. So you want to increase their impact by chaining them with other bugs.

Also, if you’re a pentester not a bug bounty hunter, the same logic applies. If you want to convince clients which bugs are the most damaging and must absolutely be fixed, you need to tell them why by providing detailed attack scenarios.

This article can help. It shows how to combine open redirect with Referrer check bypass, XSS-Auditor bypass, SSRF & OAuth token theft.

More …

The 5 Hacking NewsLetter 53

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 3 to 10 of May.

T5HN53.png

Our favorite 5 hacking items

1. Challenge of the week

Authentication Lab (online), Source code & Walkthroughs

This is a great lab if you want to practice finding authentication vulnerabilities. There are 5 bugs: IP based authentication bypass, Timing attack, Client side auth, Leaky JWT and JWT Signature Disclosure (CVE-2019-7644).

Also, if stuck, check out the walkthroughs. I don’t want to read them before doing the challenges but they seem detailed (like 5 articles in 1!).

More …

The 5 Hacking NewsLetter 52

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 26 of April to 03 of May.

T5HN40.png

Our favorite 5 hacking items

1. Video of the week

5 super important main-app testing tips for bug bounty hunters with STOK&Haddix

Any video by @stokfredrik & @jhaddix is a must watch! This one has 5 crucials things you want to do as a bug hunter:

  • Don’t limit yourself to the external attack surface. Log in as different users & try to find where the sensitive functionality is => access controls bugs & IDOR
  • Find out how the site references you as a user (& what you’re allowed to do) => IDOR, File upload, RCE
  • Test all parameters => SSRF, LFI, RFI, Path traversal
  • Content discovery => hidden paths, private data leakage => Authentication bypass, logic flaws
  • Find out which business flaws the target cares about (other than technical bugs)

But this is not all. Watch the video. It’s short but full-packed with information!

More …

The 5 Hacking NewsLetter 51

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 19 to 26 of April.

T5HN51.png

Our favorite 5 hacking items

1. Challenge of the week

CTF Challenge

I haven’t had the time yet to do this CTF, but it’s on my todo list because it seems different. It’s a Web CTF that involves multiple subdomains, directory bruteforce, and different attack vectors.

So it’s a nice opportunity to practice recon. But make sure to respect the rules (attacking the infrastructure/ports other than 443 is not allowed).

More …

The 5 Hacking NewsLetter 50

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 12 to 19 of April.

T5HN50.png

Our favorite 5 hacking items

1. Resource of the week

Content_discovery_nullenc0de.txt

This is a new content discovery wordlist by @nullenc0de, to use for file & directory bruteforce with tools like dirsearch, dirb, etc. It’s based on @JHaddix’s content_discovery_all.txt dictionary but has 300k more directories/files.

As a comparison, here is the exact number of entries in these two and in dirsearch’s default dictionary:

# wc -l content_discovery_all.txt
373535 content_discovery_all.txt
# wc -l /root/tools/dirsearch/db/dicc.txt
6087 /root/tools/dirsearch/db/dicc.txt
# wc -l content_discovery_nullenc0de.txt
623103 content_discovery_nullenc0de.txt
More …