The 5 Hacking NewsLetter 6 (New format)

Hey, hackers!
OMG, this week there were even more interesting things published & shared accross Youtube, Twitter, Medium, blogs, etc, than last time!
It was just impossible to choose only 5 items, and this is becoming a habit. So we’re trying a new format: Our 5 favorite items (just a matter of personal preference) commented, followed by all the other fantastic findings in the form of a list of links.

Let me know if you prefer this format or the older one, and if you have any suggestions or comments. It’s always a pleasure to hear from you!

Our favorite 5 hacking items

1. Writeup of the week

• How i was able to get admin panel on a private program

I love the simplicity yet effectiveness of this technique. It was rewarded $1,500 and shows (yet again) the importance of recon, particularly retrieving and analyzing certificates from censys.io.

2. Non technical video of the week

Infosec Resume No-Nos by Lesley Carhart

This is a short video that offers great advice for anyone in the infosec / cybersecurity field working on their resume. It reviews the most common errors people make.
It might be helpful if you’re looking for a job!

3. Tip / Tweet of the week

Tip to access a 403 forbidden page: instead of going straight to the file for example :index.html Add a / behind the index.html: index.html/. Worked multiple times for me
By Van Ingh Quinten

Nice trick to bypass 403 Forbidden page errors. Already added to my testing checklist!

4. Tutorial of the week

Blind XSS for beginners

This is a great introduction to blind XSS. It sums up everything you need to know to start looking for this type of vulnerability.

5. Must watch conference

LevelUp 2018 by Bugcrowd

Does it need any introduction? I’m sure you did not need me to inform you of this conference, but I couldn’t not mention here. I’ve been waiting for it for months and it did not disappoint.

High quality talks, a lot of tips, pentest and bug bounty techniques mentioned, the latest “Bug bounty hunter methodology” by Jason Haddix, etc. A must watch!

Other amazing things we stumbled upon this week

Videos

• Absolute AppSec Ep. #18 - Chris Gates / @carnal0wnage by Absolute Appsec
• Web Hacking Pro Tips #15: Amit Elazari by Peter Yaworski

Tutorials

• Penetration Testing Methodology Series by Daniel Holdsworth:
  • Penetration Testing Methodology, Part 1/6 — Recon
  • Penetration Testing Methodology, Part 2/6 — Scanning
• New Hacker 101 content: Threat modeling, Burp basics, and more by Hackerone
• Bypass any WAF for XSS easily
• Linux Privilege Escalation using Sudo Rights
• Linux Privilege Escalation Using PATH Variable
• Linux Privilege Escalation using Misconfigured NFS

Writeups

• SSRF in Exchange leads to ROOT access in all instances
• #BugBounty — “How I was able to hack any user account via password reset?”
• AWS Security Flaw which can grant admin access!
• How I found 5 store XSS on a private program. Each worth “1,016.66$”
• How we broke PHP, hacked Pornhub and earned $20,000
• CORS Enabled XSS
• RCE by uploading a web.config
• How I was able to see any private album passwrod in Picturepush — IDOR
• Simple IDOR to reject a to-be users invitation via their notification
• Persistent XSS to Steal Passwords – Paypal
• HTML injection to SSRF By Mustafa Khan
• reCAPTCHA bypass via HTTP Parameter Pollution (on Google)
• Private program email forwarding response invitation not expire after first use.
• Account Takeover and Blind XSS! Go Pro, get Bugs!

Tools

• SleuthQL: A SQL Injection Discovery Tool
• FireShodanMap, a realtime map that integrates Firebase, Google Maps and Shodan

Training material

• OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS

Tweets

• Take a list of subdomains, resolve them to an IP, remove duplicates and scan each with masscan.
• Comics by Julia Evans:
  • sed
  • du, df and friends
  • some useful unix commands
  • awk
  • a few bash tricks
• Huge list of Dutch websites offering rewards for responsible disclosure by Alex Birsan
• Sometimes I wonder what non-tech people would think if they saw my search history. by Daryl Ginn
• List of payloads to exploit Markdown syntax by @cujanovic by @XssPayloads
• Payloads for all SSRF, XSS, Open redirection And more. by @Alra3ees
• #Protip: Do you want to see what exploits or auxiliaries are there for specific port in #metasploit? Open a terminal and just run:… by @omespino
• Give JSON Web Token Attacker a try - it does JWS as well as JWT by Burp_Suite

Non technical

• Writing a good and detailed vulnerability report
• The Importance of Deep Work & The 30-Hour Method for Learning a New Skill
• Gaining Technical Experience with Deliberate Practice
• The only OSCP advice you will need!!!

Pentest & bug bounty resources

• The Bug Bounty Hunter Telegram Channel*
• List of bug bounty programs
• Pentesters & Bounty hunters inspirational guide

* Not tested yet because my phone is broken!

---

See you next time!

If you want to be notified when new articles (including this newsletter) are published, you can subscribe to this blog.

And if you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…

Share this article

---