The 5 Hacking NewsLetter 38

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 18 to 25 of January.

T5HN38.png

Our favorite 5 hacking items

1. Article of the week

A More Advanced Recon Automation #1 (Subdomains)

If you want to automate some of your recon tasks but don’t know where to start, this is an excellent beginning.

A recon workflow chart is given as an example. This is the first article of a series. It explains how to automate subdomains enumeration using a Bash script, and includes commands, tools plus tips like how to check for wildcard resolution (i.e. false positive subdomains).

Looking forward to the sequel(s)!

More …

The 5 Hacking NewsLetter 37

Hey hackers! Before diving into the meat of this newsletter, I first want to thank all of you who send us emails regularly and who answered our questions on which topics you would like addressed in a podcast.

I haven’t yet had the opportunity to answer all of you. But your input, queries and suggestions are well received and will be taken into account. Keep’em coming!
Life gets in the way with plenty of obstacles and projects. So change is slow but steady. I’m sure you can relate to this…

That said, here are our favorite resources shared by pentesters and bug hunters last week. This issue covers the week from 11 to 18 of January.

Big thanks to Intigriti for sponsoring this newsletter!

T5HN37.png

Our favorite 5 hacking items

1. Tool of the week

bugbounty.link

This is a URL shortening service. What’s great about it is that it supports any protocol (file, gopher, etc). So it can be useful to test for SSRF or open redirects, and bypassing filters on certain URI schemes.

More …

The 5 Hacking NewsLetter 36

Hey hackers! I’m very happy to announce a new partnership with @intigriti. They’re sponsoring this newsletter.

For you, nothing changes. The content remains the same, except for more information from time to time on what Intigriti is up to (and they have many exciting plans for this year!).

Without further ado, here are our favorite resources shared by pentesters and bug hunters last week. This issue covers the week from 04 to 11 of January.

T5HN36.png

Our favorite 5 hacking items

1. Article of the week

Avoid rookie mistakes and progress positively in bug bounty

This is simple but to the point advice. Sometimes, as bug hunters, we may let ourselves be transported by exciting tests and forget the obvious: more emphasis should be put on the report, on trying to escalate/chain bugs, avoiding known invalid bugs, having a business mindset when writing impacts, etc.

These are some of the things mentioned in this article. Read it and keep them in mind when you’re hunting for bugs, they could help you perform better and have a smoother experience.

More …

The 5 Hacking NewsLetter 35

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 28 of December to 04 of January.

T5HN35.png

Our favorite 5 hacking items

1. Tool of the week

Interlace

This tool is a must for both pentesters and bug hunters! We often need to run commands (like Nmap, Amass, Nikto…) on a list of targets. Interlace allows speeding up this process.

Give it the command you want to run, the target file/domain/network and a number of threads like this:

# time interlace  -tL test.txt -p 443 -threads 5 -c "nikto -host https://_target_"
==============================================
Interlace v1.0	by Michael Skelton (@codingo_)
==============================================
[17:35:54] [THREAD] [nikto -host https://kinepolis.com] Added to Queue 
[17:35:54] [THREAD] [nikto -host https://facebook.com] Added to Queue 
[17:35:54] [THREAD] [nikto -host https://nexuzhealth.be] Added to Queue 
- Nikto v2.1.6
- Nikto v2.1.6
...

It starts one thread per target and runs the command you gave it on the different targets simultaneously. In other words, it easily turn single threaded command line applications into a fast, multi-threaded application.

More …

The 5 Hacking NewsLetter 34

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.

This issue covers the week from 21 to 28 of December.

Also, I wish you and your family a very happy new year, full of bugs, bounties, fun, health & happiness!

T5HN34.png

Our favorite 5 hacking items

1. Tip of the week

Did you know you can smuggle payloads in a valid e-mail address using round brackets?

I love the technical tricks for bug hunters that @intigriti shares on Twitter. I regularly add them to the tweets collection at the end of this newsletter.

But this trick in particular blew my mind! Here’s why: Have you ever tested a login or contact form, entered a valid email address, intercepted the request with Burp, then replaced the email with XSS/SQLi/SSTI/RCE detection payloads? This is a way to bypass client-side validation of the email field. So what do you do if you get an “invalid email” response from the server?

To me, its was the end of testing for input validation on that field because the check is done server-side.

But according to @securinti, you can smuggle any payload and trick the server into believing that it’s a valid email by putting the payload between round brackets: [email protected](${}<>'/"*-)domain.com or yourname(${}<>'/"*-)@domain.com.

Amazing, right? I can’t wait to re-test all forms in my bug bounty notes.

More …