The 5 Hacking NewsLetter 35

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 28 of December to 04 of January.

T5HN35.png

Our favorite 5 hacking items

1. Tool of the week

Interlace

This tool is a must for both pentesters and bug hunters! We often need to run commands (like Nmap, Amass, Nikto…) on a list of targets. Interlace allows speeding up this process.

Give it the command you want to run, the target file/domain/network and a number of threads like this:

# time interlace  -tL test.txt -p 443 -threads 5 -c "nikto -host https://_target_"
==============================================
Interlace v1.0	by Michael Skelton (@codingo_)
==============================================
[17:35:54] [THREAD] [nikto -host https://kinepolis.com] Added to Queue 
[17:35:54] [THREAD] [nikto -host https://facebook.com] Added to Queue 
[17:35:54] [THREAD] [nikto -host https://nexuzhealth.be] Added to Queue 
- Nikto v2.1.6
- Nikto v2.1.6
...

It starts one thread per target and runs the command you gave it on the different targets simultaneously. In other words, it easily turn single threaded command line applications into a fast, multi-threaded application.

2. Writeup of the week

Bypassing Authentication Using Javascript Debugger

This is a great practical example of how to bypass client-side authentication.

@mohitdabas08 was testing the login mechanism of a private program and noticed that it generated JavaScript events. So he analyzed the JavaScript files and found out that authentication was implemented in the JavaScript code, client-side.
So it was easy to bypass by using a breakpoint and modifiying the value of a JavaScript variable on-the-fly.

3. Article of the week

Open redirects - the vulnerability class no one but attackers cares about

Many bug bounty programs don’t reward open redirects unless you find a way to escalate them (to token theft or XSS for instance). I never understood why and was glad to see this article do it justice.

It explains the different types of open redirect, the various potential impacts and a list of known WONTFIX open redirects.

4. Tutorial of the week

Bash for Everyone — Part 1 & Part 2

If you’re wondering which scripting language to use to automate your pentest/bug hunting tasks, Bash is a great one. Python, Ruby, Perl, Go are all good, and choosing one language above the others is mainly a question of personal preference.

I prefer Bash because it had the lowest learning curve when I started and allowed me to quickly start automating the tasks that I was already doing manually (i.e. creating wrappers around the many command line tools I used).

If you want to learn Bash or refresh your memory, this is a really good cookbook. It is concise and includes almost everything you need to quickly start writing Bash scripts for your pentests & bug hunting: the syntax & common commands sorted by category (file system, redirection, permissions, networking…).

5. Podcast of the week

Everyday Espionage Podcast

I am a personal development junkie. I love listening to podcasts and audiobooks on personal growth and topics like happiness, time management, goal setting, etc.

So imagine my joy when I stumbled upon this podcast which combines two worlds: personal development and espionnage.

A former covert CIA intelligence officer explains real-world international espionage techniques that can be used in everyday life. For example, the R.I.C.E episode is about the core motivations that you can use to convince someone to do something. The same techniques can be applied to convince a citizen to spy on his own country or to convince your child to brush his teeth!

Other amazing things we stumbled upon this week

Videos

Podcasts

Conferences

Slides only

Tutorials

Medium to advanced

Beginners corner

Writeups

Challenge writeups

Pentest & Responsible disclosure writeups

Bug bounty writeups

See more writeups on The list of bug bounty writeups.

Tools

  • B1tMass: Multiple Weaknesses Checking for Mass Subdomains
  • Vhost_buster: A simple tool with the power of “Go” to find the hidden Vhosts defined at the server
  • shodicontest.py: Search for hosts on Shodan by Favicon hash (http.hash.favicon)
  • PenTestKit: Useful tools and scripts used during Penetration Tests
  • Kalitorify: Transparent proxy through Tor for Kali Linux OS
  • Shodansploit: Wrapper for Shodan CLI
  • AndroidProjectCreator & Introduction
  • PRETty: “PRinter Exploitation Toolkit” LAN automation tool
  • Burpcollaborator-docker: Set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate

Misc. pentest & bug bounty resources

Articles

Challenges

  • Andrill: Android mobile application interacting with a back-end API that is vulnerabile with various levels of difficulty

News

Non technical

Tweeted this week

We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 12/28/2018 to 01/04/2018


Have a nice week folks!

If you want to be notified when new articles (including this newsletter) are published, you can subscribe to this blog.

And if you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…


Comments