The 5 Hacking NewsLetter 85

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 13 to 20 of December.

T5HN85.png

Our favorite 5 hacking items

1. Tutorials of the week

These are excellent tutorials to learn about:

  • iOS app pentesting. It’s THE tutorial you were waiting for. Everything is explained: Jailbreak with checkra1n, installing Frida and Objection, proxying traffic with Burp, bypassing certificate pinning with SSL Kill Switch 2, bypass Jailbreak detection, etc.
  • Detecting Magecart. Useful for penetration testers who want to know which indicators to keep an eye for to detect infected sites.
  • The poor man’s VPS setup. Useful for tests involving reverse shells and out of band vulnerabilities. No credit card required.

2. Writeup of the week

Filling in the Blanks: Exploiting Null Byte Buffer Overflow for a $40,000 Bounty ($40,000)

I have a bad memory of buffer overflows from my university days. But this writeup describes a type of overflows that is relatively easy to understand and exploit remotely on Web apps.

@samwcyo was trying to re-register existing usernames. He tried adding special characters (like null byte, CRLF characters, spaces, Unicode…) hoping that they would be removed during the registration process.

The vulnerability is that each null byte inserted was replaced with random data, e.g.:\

  • Request: POST /register?username=victim%00@domain.com\
  • Response: username victimIdL@domain.com

So, injecting multiple null bytes (victim%00%00%[email protected]) made the server return chunks of memory that contained very sensitive data (SSH keys, passwords, usernames, etc).

3. Videos of the week

Finding Your First Bug: Getting Started on a Target (Part 1) & Part 2

@InsiderPhD continues to delight us with new video tutorials on “Finding your first bug”. This series is excellent for anyone starting out in bug bounties or who wants to get into Web app penetration testing.

A lot of things are covered from creating your own testing methodology to recon, note taking, what to look for, etc.

4. Tip of the week

Nine tips for better tab management

This is for firefox users, especially those of us who always have 20+ tabs open. The 9 features mentioned include synchronization between devices, sending tabs to another device, muting tabs, etc.
I find this very helpful for organizing tabs (and reducing anxiety).

5. Tools of the week

Two cool Python tools to help with recon automation. Silver by @s0md3v is a wrapper around Masscan, Nmap and Vulners. Flumberbuckets by @fellchase is for S3 bucket hunting.

Other amazing things we stumbled upon this week

Videos

Podcasts

Webinars & Webcasts

Conferences

Tutorials

Medium to advanced

Beginners corner

Writeups

Challenge writeups

Responsible(ish) disclosure writeups

Bug bounty writeups

See more writeups on The list of bug bounty writeups.

Tools

If you don’t have time

More tools, if you have time

  • Online Generate Test Data in CSV or JSON
  • SecretX: Extracting APIs and keys from a list of URLs using regex
  • Cypher Injection Scanner: Burp Suite Extension that detects Cypher code injection in applications using Neo4j databases
  • Dnstwister: Online domain name permutation engine
  • Credcheck & Introduction: Credentials Checking Framework
  • Scout: URL fuzzer in Go for discovering undisclosed files and directories on a web server
  • Koala Toolkit: Bug bounty toolkit for Docker
  • alpyntest: A Docker image embedding modern Python3 pentest tools (impacket, pypykatz, lsassy, ntlmrecon, enum4linuxpy, ldapsearch-ad, CrackMapExec…) to avoid dependencies wreckage on your system
  • Rubeus2ccache: Generates ccache files directly from Rubeus dump output
  • Search-SMB: A wrapper shell script for CrackMapExec that will grab all the SMB shares and search readable ones for your search term

Misc. pentest & bug bounty resources

Challenges

Articles

News

Bug bounty & Pentest news

Reports

Vulnerabilities

Breaches & Attacks

Other news

Non technical

Tweeted this week

We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 12/13/2019 to 12/20/2019.


Curated by Pentester Land & Sponsored by Intigriti

Have a nice week folks!

If you want to be notified when new articles (including this newsletter) are published, you can subscribe to this blog.

And if you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…


Comments