The 5 Hacking NewsLetter 21

Hey hackers! This is our latest selection of resources for pentesters and bug hunters. It covers the week from 21 to 28 of September.

T5HN21.png

Our favorite 5 hacking items

1. Tips of the week

5 Tips Bug Bounty Programs Want You to Know About by @d0nutptr

Lately on Twitter, there has been a lot of controversy/noise/discontentment around bug bounty platforms, particularly HackerOne. Personally, I believe that the best way to succeed and be happy at work in general is to have a flawless attitude, give constructive criticism, then, if you’re really not happy with your work environment, move on to another one.

With this same spirit, this blog post offers great information that could help you improve your bug hunting experience. It’s a must read.

2. Writeup of the week

Thick Client - Attacking databases the fun/easy way by Richard Clifford

This is a very simple bug with high impact: by analyzing a desktop application’s traffic, Richard found database credentials sent over a clear-text connection. He used them to remotely connect to the database, dump its contents and (because it was running as SYSTEM!) create new users on the system and pivot through the network.

Testing thick clients is not necessarily complicated and could allow you to discover high reward bugs without much effort.

3. Tools of the week

gimmecredz for Linux by @0xmitsurugi
PassCat for Windows by @maldevel

These are two tools to use post-exploitation, to extract passwords from many known locations like files, browsers, apps, etc.

There are many cheatsheets out there to follow once you have a foothold on a target, and also tools for generic information gathering and privilege escalation, but it’s the first time I see tools that gather credentials specifically. This is very handy for pentesters, especially if you lack time and want to quickly gather sensitive information for a PoC or for pivoting.

4. Tutorial of the week

Static Analysis of Client-Side JavaScript for pen testers and bug bounty hunters by @yamakira_

Ah, JavaScript! So many good bugs disclosed by bug hunters are found by manual analysis of JavaScript code: sensitive information disclosure, new endpoints, hardcoded credentials, usage of dangerous functions… So even if I have an aversion for source code analysis, JavaScript bugs are too good to ignore.

This tutorial is a very nice start: It explains how to obtain JavaScript files, make the code readable and identify common vulnerabilities manually or using tools.

5. Resource of the week

BugBountyNotes, particularly the Challenges & Tutorials section by @zseano

@zseano did an amazing job with this site! It has several good sections all dedicated to bug hunting: forum, challenges, tutorials, references to tools, bug bounty programs, disclosed bugs… Other features are also on the way.

If you haven’t already checking it out, I recommended starting with the challenges and the Hacking with ZSeano: Recon Part two tutorial.

Other amazing things we stumbled upon this week

Videos, Conferences & Podcasts

Videos
Podcasts

Tutorials

Medium to advanced

Beginners corner

Writeups

Tools

If you don’t have time

  • WiPray: Wifi Password Spray
  • celerystalk: An asynchronous enumeration & vulnerability scanner. Run all the tools on all the hosts.
  • Acamar: A Python3 based single-file subdomain enumerator
  • SubScraper: External pentest tool that performs subdomain enumeration through various techniques. In addition, SubScraper will provide information such as HTTP & DNS lookups to aid in potential next steps.

More tools, if you have time

  • cspparse: A tool to evaluate Content Security Policies
  • WhatWaf: Detect and bypass web application firewalls and protection systems
  • Vibe: A framework for stealthy domain reconnaissance
  • Mail Security Testing Framework: A testing framework for mail security and filtering solutions
  • Recon Pi: ReconPi - A lightweight recon tool that performs extensive scanning with the latest tools

Misc. pentest & bug bounty resources

Non technical

Tweeted this week

We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 09/21/2018 to 09/28/2018


Have a nice week folks!

If you want to be notified when new articles (including this newsletter) are published, you can subscribe to this blog.

And if you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…


Comments