The 5 Hacking NewsLetter 33
Posted in Newsletter on December 25, 2018
Posted in Newsletter on June 11, 2018
Hey hackers! Once again, I scoured the Web to get you the best resources on hacking, pentesting and bug bounty hunting shared this week.
I’m publishing this a little late because there’s a lot of research involved and, well, sometimes life gets in the way… So the week covered is from the 1st to the 8th of June.
Have fun reading this, and don’t forget to share, retweet, comment, ask…!
This is a great webcast! I loved watching it for all the state of the art information, tips and feedback from professional pentesters.
Getting PHP Code Execution and leverage access to panels,databases,server
This is a very well written writeup that details the recon process and the methodology used to find a PHP code execution and an SQL injection. It’s a real life example that is very educational for beginner penetration testers and bug bounty hunters.
29 short videos that teach you how to use Shodan from the command-line
As a pentester or bug bounty hunter, you probably use Shodan all the time. But if you’re not currently using its GUI (i.e. the website) and not the command line, these videos are highly recommended! The GUI is nice but the CLI is a lot more practical, especially for logging purposes and when testing dozens of IPs & hosts at once.
I like watching these short and fun videos. J4vv4d doesn’t take himself too seriously and tackles topics that anyone in the infosec field can relate to. Some of my favorites are:
This is a nice introduction to understand Content Security Policy (CSP) and start looking for CSP bypass vulnerabilities!
A new version of Gitrob is out! It has been rewritten in Go and is now much simpler to set up, super fast and dives deep into commit history to surface interesting files. Enjoy! michenriksen.com/blog/gitrob-now-in-go/)
This awesome tool just saved my ass on a pentest. http://breenmachine.blogspot.com/2014/09/transfer-file-over-dns-in-windows-with.html
Protip: Having trouble finding s3 bucket names to test? Decompile their android apps, grep through hardcoded strings for their s3 buckets!
A magic open redirect payload I recently used. http://target.com/?redirectUrl=//evil.me/?:
Use nmap as a vulnerability scanner with scripts that map the open ports to existing exploits or even existing external scans "nmap --script shodan-api --script-args 'http://shodan-api.target =$IP,shodan-api.apikey=API_KEY'"
Unpriv RCE to Root? If you get any sort of Unprivileged RCE that you cannot take it any further, for the sake of bounties run "aws s3 ls" and you'll be shocked how many S3 buckets & sensitive data you get. Sometimes stored root password (Yes I mean it)
In the beginning of a bug bounty program you should proudly send some bugs, even shitty ones to see how the company reacts.
Download a file from S3 by just supplying <bucket>/path/to/file...
We have created a mini-CTF for CONFidence recently. It's not particularly hard, but still you might have some good time trying to solve it. It's still live and will be for some time now. http://184.108.40.206/...
How to make $80k in one day: Blockchain bugs...
A stupid little bash-profile alias to turn any command into a console...
#Protip Did you know that you can bookmark google dorks?...
Penetration Test vs. Red Team Assessment: The Age Old Debate of Pirates vs. Ninjas Continues
See you next time!
If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…