The 5 Hacking NewsLetter 86
Posted in Newsletter on December 31, 2019
Posted in Newsletter on August 6, 2019
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 26 of July to 02 of August.
Ghostwriter is a new project management & reporting engine by SpecterOps. It is open source and free and has a lot of interesting features:
These are just some functionalities. Ghostwriter is an excellent tool for pentest teams and red teams.
I’m always interested in writeups about bugs chained together for a higher impact. This one is a good example of reflected XSS and Cache poisoning combined, which means that the XSS becomes stored.
The writeup itself brings many lessons such as:
This is @dijininja’s latest Web challenge. It’s a Github repo that has many sensitive information disclosures.
At first sight, it looks empty (except for the README file and a solutions file). So this is an interesting challenge for beginners who want to learn about information leaks, where to look for interesting information in Github repositories (beyond the visible files), how to use tools like Gitrob & truffleHog, etc.
Finding the Balance Between Speed & Accuracy During an Internet-wide Port Scanning
Most port scanning tutorials for bug hunters recommends using Masscan to get a list of open ports, then re-scanning these same ports with Nmap to get their exact version.
The problem with this method is that Masscan can miss many open ports. Nmap is more accurate but so much slower when the testing range is large.
So what’s the solution? This is the question that @CaptMeelo tried to answer by doing some benchmarking.
His conclusion: Run 2 or 3 concurrent Masscan jobs with all 65535 ports split into 4-5 ranges. Then run Nmap on the open ports found to get their version.
Websites behind a WAF are protected against DDoS and many Web vulnerabilities (XSS, SQLi, CSRF…). If you can entirely bypass a WAF and speak directly to your target’s servers, you will be able to go faster and test for more vulnerabilities. WAF bypass provides an edge to Web app pentesters and bug hunters.
This article by @gwendallecoguic is an excellent introduction to this topic. It provides several techniques for detecting the real IP address of a server, as well as tools for automation and resources to go further.
See more writeups on The list of bug bounty writeups.
We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 07/26/2019 to 08/02/2019.
Have a nice week folks!
If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…