The 5 Hacking NewsLetter 86
Posted in Newsletter on December 31, 2019
Posted in Newsletter on January 15, 2019
Hey hackers! I’m very happy to announce a new partnership with @intigriti. They’re sponsoring this newsletter.
For you, nothing changes. The content remains the same, except for more information from time to time on what Intigriti is up to (and they have many exciting plans for this year!).
Without further ado, here are our favorite resources shared by pentesters and bug hunters last week. This issue covers the week from 04 to 11 of January.
This is simple but to the point advice. Sometimes, as bug hunters, we may let ourselves be transported by exciting tests and forget the obvious: more emphasis should be put on the report, on trying to escalate/chain bugs, avoiding known invalid bugs, having a business mindset when writing impacts, etc.
These are some of the things mentioned in this article. Read it and keep them in mind when you’re hunting for bugs, they could help you perform better and have a smoother experience.
Stored XSS & SQL injection on YNAB ($1,500)
I hesitated between this writeup and the “XSS in steam react chat client” (see the Bug bounty writeups section below). The latter is an amazing account of how to find XSS on a React app and escalate it to RCE. But it’s advanced stuff.
If you’re at a beginner level, I recommend this writeup of a stored XSS & SQL injection. I love how it is written and includes the detailed methodology, what worked and what didn’t work, and lessons learned.
This is a great guide on recon. It’s a lot of techniques on the following topics: subdomain enumeration, finding new endpoints from JS files, AWS hacking, Github recon & content discovery.
Attention, must read!
One known technique for bypassing firewalls (like CloudFlare) is checking DNS history records. If you find the real IP address of your target, you’ll be able to attack it directly and completely circumvent firewalls.
Many databases record DNS history. This tool is a great way to query many of them programmatically including: SecurityTrails, CrimeFlare, certspotter, DNSDumpster & IPinfo.
Unless you already have an alternative DNS history checker script, I recommend adding this one to your arsenal.
Daniel Miessler’s blog in one that I follow very closely because of the quality of his writing. He write about a variety of topics from analysis of situations in America, to technical tutorials, or artifical intelligence, book reviews, etc.
I’m not interested in everything but many of his posts are gems. This particular one might answer a lot of your questions if you’re starting out in information security. Even if you’re already in this field, it might give you ideas or motivation for new things to try.
Let's remove this warning— Ravindra Sisodia (@InfoSecRavindra) January 10, 2019
Warning: Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information.
# sudo apt install libcurl4-openssl-dev
# sudo pip3 install --upgrade wfuzz
See more writeups on The list of bug bounty writeups.
It’s now paying $2 million for remote iOS jailbreaks, $1 million for WhatsApp/iMessage/SMS/MMS remote code-execution (RCE) and a half-million for Google Chrome RCEs.
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 01/04/2019 to 01/11/2019.
Have a nice week folks!
And if you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…