Hi, I’m very happy to present you this week’s five items! They each taught me something that I’ve started using or added to my pentest/bug bounty checklist.

1. Scanners benchmark #

Scanners benchmark

I enjoyed reading this Web Application Vulneability Scanners Benchmark for its precision and the number of open source tools mentioned.
Currently, I’m only using Burp Pro and none of the free open source scanners. But after reading this benchmark, I think I’m going to start playing with some of the open source tools too. ZAP and Arachni in particular seem to complement Burp Pro for all the vulnerability classes tested.

2. Tweet/tip of the week #

Great tip by Florian Hansemann:

I have to admit, to my shame, that I wasn’t aware of this Netcat option. So if you’re not either, this is the secure way to use Netcat (like you would use sftp and not ftp): ncat -ssl $IP $PORT.

3. Classic LFI to shell technique #

LFI to RCE via access_log injection
LFI to shell - Exploiting Apache access log

This is an old but classic technique for escalating from LFI to RCE by exploiting the Apache access log. I loved reading these two articles that give concrete examples and step by step instructions to understand how it works.

4. Bug bounty write-up of the week #

“Let me reset your password and login into your account” - How I was able to compromise any user account via reset password functionality

Avinash Jain has many other good write-ups like How I could book cab using your wallet money in India’s largest auto transportation company! or LinkedIn - How I was able to bypass Open Redirection protection. He writes mostly about simple vulnerabilities he finds on Indian sites.
I feel like bug bounty write-ups can sometimes be so complicated to understand for beginner bug hunters. Vulnerabilities are getting more and more complex as there is more and more competition.
So if you’re starting bug bounty hunting, simple bugs like these will show you the basics and help put you in the right mindset. They’ll ease your way into understanding and searching for more elaborate and more rewarding bugs.

5. Posters of the week #

SANS Poster - White Board of Awesome Command Line Kung Fu

SANS published this new poster this week. If you’re more interested in one section (BASH, Python, Powershell..) more than the others, they have also provided mini posters and desktop wallpapers that are specific to each section.

See you next time!

If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…