We_D Pentesting Blog

Broken access control vulnerabilities can pose a significant threat to a web application's security. Such vulnerabilities allow unauthorized users to access restricted resources, circumventing the standard security procedures. By exploiting these vulnerabilities, attackers can gain access to sensitive information or systems, resulting in data breaches or other serious security incidents. One of the common ways to prevent unauthorized access is by returning a 403 forbidden response for sensitive endpoints such as .htaccess or config.php. The HTTP 403 Forbidden response status code indicates that the server understands the request but refuses to authorize it. However, if the access control mechanism applied is weak, attackers can bypass the security controls and gain access to restricted resources. In a recent discovery of an IoT service delivery platform, the researcher used directory enumeration with dirbuster wordlists and found a /console endpoint that returned a 403 response. Th...

Linux is a powerful operating system with a vast array of tools and utilities available to users. These tools make Linux an attractive option for system administrators, developers, and power users who require a flexible and customizable environment. In this article, we will look at some essential Linux tools and utilities that can help you manage your system more efficiently. Rsync Rsync is a popular command-line utility that is used for file synchronization and data backup. It allows users to copy files and directories to a destination, similar to the cp command, but with some added features. One of the key benefits of using Rsync is that it allows you to copy files to remote locations, making it an excellent choice for backup purposes. Example usage : $ rsync -vap --ignore-existing <source_file> <destination_file> Key flags: v = verbose r = recursive p = preserve permissions g = group o = owner a = archive --progress = progress bar Mkpasswd Mkpasswd is a simple but useful...

As a bug bounty hunter, I'm always looking for ways to improve my recon process to find unique vulnerabilities. Recently, I discovered a critical subdomain takeover vulnerability using a custom bash script and a lesser-known tool called SecretFinder. In this blog post, I'll share my experience and the technical details of the vulnerability. My recon process started with subdomain enumeration using popular tools like Amass and Subfinder. I also used crt.sh to find subdomains that were recently added or updated. After I had a list of subdomains, I used HTTPX to check which subdomains were live. Next, I ran Nuclei and FFUF to identify potential vulnerabilities. While these tools are great for finding low-hanging fruits like exposed Git repositories, I didn't find anything critical using them. So, I decided to use SecretFinder, a tool that searches for sensitive files and directories in web applications. While SecretFinder often yields false positives, I ran it on a...

Emerging trends and technologies are continuously shaping the future of cybersecurity. Here are some areas that are worth exploring: Artificial intelligence (AI) and Machine Learning (ML): AI and ML have become increasingly important in cybersecurity as they help in detecting and responding to threats in real-time. AI and ML can analyze massive amounts of data, including network traffic and user behavior, to identify patterns and anomalies that may indicate a cyber attack. Cloud Security: With more organizations migrating to the cloud, securing cloud environments has become a top priority. This includes not only securing data stored in the cloud but also securing the cloud infrastructure itself. Many cloud providers now offer built-in security tools and services to help organizations protect their data and systems. Internet of Things (IoT) Security: As more devices become connected to the internet, the risk of cyber attacks on these devices increases. IoT security involves sec...

Bug bounty programs are a popular way for companies to identify and fix security vulnerabilities in their software and systems. These programs reward ethical hackers for finding and reporting vulnerabilities, helping to improve the overall security posture of the organization. However, not all vulnerabilities are created equal. In this article, we will explore the most common vulnerabilities found in bug bounty programs. Cross-Site Scripting (XSS) Cross-Site Scripting, or XSS, is a vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. This can lead to theft of sensitive information, hijacking of user sessions, and even full site takeover. XSS vulnerabilities are commonly found in web applications, and are typically caused by insufficient input validation or output encoding. Cross-Site Request Forgery (CSRF) Cross-Site Request Forgery, or CSRF, is a vulnerability that allows attackers to trick users into executing unwanted actions on...

Burp Suite Community Edition is a popular web application security testing tool that offers a wide range of features and functions. In this guide, we will explore some of the more advanced techniques and tips for using Burp Suite in bug hunting. Burp Macros: Burp Macros allow you to automate repetitive tasks and workflows in Burp Suite. This feature is particularly useful for testing complex web applications that require extensive user interactions. You can use macros to perform tasks such as logging in, submitting forms, and navigating through a web application. Macros can be created by recording your actions in the Proxy tab or by manually creating and editing them. To create a macro, follow these steps: Step 1: Open the target web application in your browser and navigate to the page that you want to test. Step 2: Go to the Proxy tab in Burp Suite and click on the "Intercept" button to intercept the request. Step 3: Perform the required actions in the web applicat...

Web browsers are an essential tool for modern-day computing, but they can also be a significant vulnerability if not secured properly. With the rise of cyber threats, it has become increasingly important to know how to hack web browsers to identify and eliminate potential vulnerabilities. In this guide, we'll explore how to hack web browsers with the BeEF framework, a powerful tool for browser exploitation. Installing the BeEF Framework Before you can start hacking web browsers with the BeEF framework, you need to install it on your Linux OS. You can do this by running the command "apt install beef-xss". Once installed, start BeEF by running "beef-xss". Hooking the Target Browser To hack a web browser with BeEF, you need to hook it by getting the victim to visit a website containing the "hook.js" JavaScript file. This could be achieved by setting up a phishing page or sending a link to the victim. Once the victim visits the website, their brows...

  In recent years, Docker Compose has become an increasingly popular tool for deploying web applications. However, with the rise in popularity of this technology comes the need for more rigorous security testing. In this blog post, we'll provide a step-by-step guide for penetration testers to conduct vulnerability testing on web applications built with Docker Compose. Step 1: Identify the Attack Surface The first step in any vulnerability testing is to identify the attack surface. This involves identifying all the entry points into the system, such as ports, protocols, and applications. With Docker Compose, the entry points can be identified by examining the Dockerfile and docker-compose.yml files. These files list all the components of the application, including their dependencies and configurations. Step 2: Scanning for Vulnerabilities Once you have identified the attack surface, the next step is to scan for vulnerabilities. There are many tools available for scanning Docker cont...

As a C# developer, protecting your intellectual property is crucial. One way to do that is through obfuscation, the process of making your code difficult to understand or decompile. However, with the rise of modern antivirus software, including Windows Defender, finding an effective obfuscation tool can be a challenge. That's where yetAnotherObfuscator comes in. yetAnotherObfuscator is an alpha release C# obfuscator tool designed to bypass Windows Defender antivirus. The tool was created by a developer looking to learn more about C# and obfuscators, and it features advanced obfuscation techniques that make it difficult for antivirus software to detect the resulting code. While the tool is still in alpha release and has some bugs, it can be a valuable resource for C# developers looking to protect their code. One of the key benefits of yetAnotherObfuscator is its ability to bypass Windows Defender antivirus. The tool uses advanced obfuscation techniques, including string encryp...

Web application security is a critical aspect of ensuring the safety of your website and user data. With the number of potential vulnerabilities in web applications, it's important to have an exhaustive checklist for web application vulnerability testing. In this article, we'll provide you with a comprehensive list of tests that cover all possible attack vectors. Conduct a Threat Modeling Exercise: Before starting the testing, conduct a threat modeling exercise to identify potential threats and prioritize them based on their potential impact. This will help you focus your testing efforts on the areas that pose the greatest risk. Test for Input Validation: Input validation is a critical part of web application security. Test all input fields, including form fields and API parameters, to ensure that they only accept valid input. This will prevent attackers from injecting malicious code into your application. Check for Cross-Site Request Forgery (CSRF) Vulnerabilities: ...

The world of cybersecurity has been shaken again, as 3CX, a leading enterprise communications software maker, confirmed that multiple versions of its desktop app for Windows and macOS are affected by a supply chain attack. This incident has raised concerns about the security of supply chains and the risks involved with third-party dependencies. In this blog post, we'll explore the details of the 3CX supply chain attack and what you can do to protect yourself. What is the 3CX Supply Chain Attack? The 3CX supply chain attack involved a compromise of the software build pipeline to distribute Windows and macOS versions of the app package, or alternatively, the poisoning of an upstream dependency. The attack was discovered on or around March 22, 2023, and it's currently unknown how extensive it is. The attackers used a sophisticated technique called DLL side-loading to load a rogue library called "ffmpeg.dll" that's designed to read encrypted shellcode from another...