The 5 Hacking NewsLetter 86
Posted in Newsletter on December 31, 2019
Posted in Newsletter on January 29, 2019
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 18 to 25 of January.
If you want to automate some of your recon tasks but don’t know where to start, this is an excellent beginning.
A recon workflow chart is given as an example. This is the first article of a series. It explains how to automate subdomains enumeration using a Bash script, and includes commands, tools plus tips like how to check for wildcard resolution (i.e. false positive subdomains).
Looking forward to the sequel(s)!
How I abused 2FA to maintain persistence after a password change (Google, Microsoft, Instagram, Cloudflare, etc)
Logic vulnerabilities are my favorite. This one is an authentication flaw found on big sites like Google, Microsoft, Instagram, Cloudflare & many more.
Ironically, it abuses 2FA. The first thing that Luke Berner noticed is that if you request a 2FA code and change your password, the 2FA code remains valid for 20 minutes. And you can make it valid for a longer period of time by waiting indefinitely in the 2FA input page.
From there he concluded with this attack scenario:
- Turbo Intruder: Burp extension link
- Turbo Intruder: Embracing the billion-request attack: Article & Video
- Debug.py: Example script to help debug/diagnose issues with Turbo Intruder failing to connect
Turbo Intruder is a new Burp Suite extension for sending large numbers of HTTP requests and analyzing the results. Here are some things to know about it:
LevelUp 0x03 2019 & Slides:
Yes! It’s that time of the year again. A new LevelUp conference with so many good talks on Web app security, social engineering, API, IoT and mobile security, plus some non technical talks.
A must, especially for bug hunters!
Have you ever found an Exploit-DB exploit that you wanted to test and didn’t know how to do so? One very easy and quick way to use these exploits is to add them to Metasploit and use them as any other Metasploit module.
This isn’t a new trick but it might be very helpful if you’re starting out in penetration testing. I remember when I discover this, it was mind-boggling.
See more writeups on The list of bug bounty writeups.
At the end of February we are going to announce the first bug bounty of the MoD. Ethical hackers were recruited in the cyber operational research [department] and they’re going to track down the faults of our systems. If they find some they will be rewarded for it.
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 11/18/2019 to 01/25/2019
Have a nice week folks!
And if you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…