The 5 Hacking NewsLetter 51

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 19 to 26 of April.

T5HN51.png

Our favorite 5 hacking items

1. Challenge of the week

CTF Challenge

I haven’t had the time yet to do this CTF, but it’s on my todo list because it seems different. It’s a Web CTF that involves multiple subdomains, directory bruteforce, and different attack vectors.

So it’s a nice opportunity to practice recon. But make sure to respect the rules (attacking the infrastructure/ports other than 443 is not allowed).

More …

The 5 Hacking NewsLetter 50

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 12 to 19 of April.

T5HN50.png

Our favorite 5 hacking items

1. Resource of the week

Content_discovery_nullenc0de.txt

This is a new content discovery wordlist by @nullenc0de, to use for file & directory bruteforce with tools like dirsearch, dirb, etc. It’s based on @JHaddix’s content_discovery_all.txt dictionary but has 300k more directories/files.

As a comparison, here is the exact number of entries in these two and in dirsearch’s default dictionary:

# wc -l content_discovery_all.txt
373535 content_discovery_all.txt
# wc -l /root/tools/dirsearch/db/dicc.txt
6087 /root/tools/dirsearch/db/dicc.txt
# wc -l content_discovery_nullenc0de.txt
623103 content_discovery_nullenc0de.txt
More …

How to think out of the box with @gwendallecoguic

how-to-think-out-of-the-box-with-eraymitrani.png

Hey hackers! This is another AMA on the topic of: How to think out of the box?

If you haven’t checked out the other ones, they’re at https://pentester.land/ama.
And the podcast episode that started this whole series is The Bug Hunter Podcast 4: Bypassing email filters & Thinking out of the box.
While preparing it, I wanted to include advice from different bug hunters. So I asked several hackers these 3 specific questions:

  • How to find bugs that are not duplicates?
  • How to find new areas of research (like in @securinti’s last blog post or what James Kettle does)?
  • How to find logic bugs or bugs that don’t fall under any category, can’t be found with tools or require real thinking?

@gwendallecoguic was one of the awesome hackers who responded. Here is his advice:

More …

The 5 Hacking NewsLetter 49

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 05 to 12 of April.

T5HN49.png

Our favorite 5 hacking items

1. Article of the week

Better Exfiltration via HTML Injection, tl;dr by @fransrosen & sic (Sequential Import Chaining tool)

This is great example of how far collaboration can go for bug hunters, how to do research and invent a new attack.

André Baptista and Cache-Money found an HTML injection with clickjacking as the worst-case scenario.

The bug wasn’t an XSS because the target used DomPurify. But since DomPurify allows style tags by default, @donutptr started looked for a way to exfiltrate sensitive data using just a style tag.

It’s similar to a CSS injection but the new attack has less prerequisites and works even though the target limits the payload’s size.

The whole writeup is excellent to learn about CSS injection, and the kind of creativity/perseverence that makes you go from HTML injection to a 5 digit bounty despite many technical obstacles.

More …

Recon resources

Hi, this is a list of resources on recon.

You might find not too long or not comprehensive, and some of the tools/techniques listed may be obsolete by the time you read this.

But the purpose of this list is just to inspire and help you improve your own recon workflow, as I explained in The Bug Hunter Podcast 5: Recon workflow & Out of the box thinking in day-to-day life.

Also, I didn’t have as much time as I’d like to work on this. Many interesting tweets are missing. So I prefer to share what I have for now and update this page every time I find anything new worth sharing.

recon-cheatsheet.png

More …