Zero-day / CVE-2021-35211
SolarWinds 2.0: Serv-U Remote Memory Escape Vulnerability. The said vulnerability was reported to SolarWinds by Microsoft security team and is under active exploitation.
This security vulnerability only affects Serv-U Managed File Transfer and Serv-U Secure FTP and does not affect any other SolarWinds or N-able (formerly SolarWinds MSP) products.
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211
SolarWinds 2.0: Serv-U Remote Memory Escape Vulnerability. The said vulnerability was reported to SolarWinds by Microsoft security team and is under active exploitation.
This security vulnerability only affects Serv-U Managed File Transfer and Serv-U Secure FTP and does not affect any other SolarWinds or N-able (formerly SolarWinds MSP) products.
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211
Labs for Web application Pentesting Practice
SQLi: https://github.com/Audi-1/sqli-labs
Oauth 2.0: https://github.com/koenbuyens/Vulnerable-OAuth-2.0-Applications
GraphQL: https://github.com/david3107/graphql-security-labs
JWT Authentication: https://github.com/Sjord/jwtdemo
SAML Authentication: https://github.com/yogisec/VulnerableSAMLApp
XSS: https://portswigger.net/web-security/cross-site-scripting
#bugbounty
SQLi: https://github.com/Audi-1/sqli-labs
Oauth 2.0: https://github.com/koenbuyens/Vulnerable-OAuth-2.0-Applications
GraphQL: https://github.com/david3107/graphql-security-labs
JWT Authentication: https://github.com/Sjord/jwtdemo
SAML Authentication: https://github.com/yogisec/VulnerableSAMLApp
XSS: https://portswigger.net/web-security/cross-site-scripting
#bugbounty
GitHub
GitHub - Audi-1/sqli-labs: SQLI labs to test error based, Blind boolean based, Time based.
SQLI labs to test error based, Blind boolean based, Time based. - Audi-1/sqli-labs
Huntkit - Docker Image For Pentesting, Bug Bounty, CTF and Red Teaming
https://github.com/mcnamee/huntkit
#Metasploit #masscan #Exploitation #BugBounty #RedTeaming #CTF
https://github.com/mcnamee/huntkit
#Metasploit #masscan #Exploitation #BugBounty #RedTeaming #CTF
GitHub
GitHub - mcnamee/huntkit: Docker - Ubuntu with a bunch of PenTesting tools and wordlists
Docker - Ubuntu with a bunch of PenTesting tools and wordlists - mcnamee/huntkit
#BurpHacksForBounties - Day 10/30
Do you face issues with Cached responses too with Burp Suite?
Then this is what you should do. Just disable it 😂😂
#infosec #security #appsec #bugbountytips #bugbounty
Do you face issues with Cached responses too with Burp Suite?
Then this is what you should do. Just disable it 😂😂
#infosec #security #appsec #bugbountytips #bugbounty
Sometimes I see 304 in response in Burp and I have to dig in the Burp history to check the first occurrence of the response and analyze. With those headers removed, you may not find such responses.
Kerlab
Kerberos laboratory to better understand and then detecting attack on kerberos
https://github.com/citronneur/kerlab
#kerberos #pentest #lab
Kerberos laboratory to better understand and then detecting attack on kerberos
https://github.com/citronneur/kerlab
#kerberos #pentest #lab
GitHub
GitHub - citronneur/kerlab: Kerberos laboratory to better understand and then detecting attack on kerberos
Kerberos laboratory to better understand and then detecting attack on kerberos - citronneur/kerlab
CVE-2021-22555: Turning \x00\x00 into 10000$
This is a 15 years old heap out-of-bounds write vulnerability in Linux Netfilter that is powerful enough to bypass all modern security mitigations and achieve kernel code execution
# Technical details — https://github.com/google/security-research/blob/master/pocs/linux/cve-2021-22555/writeup.md
# PoC — https://github.com/google/security-research/tree/master/pocs/linux/cve-2021-22555
#CVE #BoF #Vulns
This is a 15 years old heap out-of-bounds write vulnerability in Linux Netfilter that is powerful enough to bypass all modern security mitigations and achieve kernel code execution
# Technical details — https://github.com/google/security-research/blob/master/pocs/linux/cve-2021-22555/writeup.md
# PoC — https://github.com/google/security-research/tree/master/pocs/linux/cve-2021-22555
#CVE #BoF #Vulns
GitHub
security-research/pocs/linux/cve-2021-22555/writeup.md at master · google/security-research
This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code. - google/security-research
🔥 Credential Dumping 🔥
Clipboard: https://www.hackingarticles.in/credential-dumping-clipboard/
Local Security Authority: https://www.hackingarticles.in/credential-dumping-local-security-authority-lsalsass-exe/
NTDS.dit https://www.hackingarticles.in/credential-dumping-ntds-dit/
DCSync Attack: https://www.hackingarticles.in/credential-dumping-dcsync-attack/
Windows Autologon Password: https://www.hackingarticles.in/credential-dumping-windows-autologon-password/
Domain Cache Credential: https://www.hackingarticles.in/credential-dumping-domain-cache-credential/
Fake Services: https://www.hackingarticles.in/credential-dumping-fake-services/
Phishing Windows Credentials: https://www.hackingarticles.in/credential-dumping-phishing-windows-credentials/
#infosec #redteaming #cybersecurity #pentest
Clipboard: https://www.hackingarticles.in/credential-dumping-clipboard/
Local Security Authority: https://www.hackingarticles.in/credential-dumping-local-security-authority-lsalsass-exe/
NTDS.dit https://www.hackingarticles.in/credential-dumping-ntds-dit/
DCSync Attack: https://www.hackingarticles.in/credential-dumping-dcsync-attack/
Windows Autologon Password: https://www.hackingarticles.in/credential-dumping-windows-autologon-password/
Domain Cache Credential: https://www.hackingarticles.in/credential-dumping-domain-cache-credential/
Fake Services: https://www.hackingarticles.in/credential-dumping-fake-services/
Phishing Windows Credentials: https://www.hackingarticles.in/credential-dumping-phishing-windows-credentials/
#infosec #redteaming #cybersecurity #pentest
Hacking Articles
Credential Dumping: Clipboard
Learn how attackers use clipboard to dump credentials and how to prevent such attacks in your Windows environment.
#BurpHacksForBounties - Hack 11/30
We mostly use PortSwigger 's Burp Suite pro for corporate pentesting, & we should not capture and store corporate credentials.
Steps that I use and why is it important: 👇
#infosec #appsec #burp #Burpsuite
We mostly use PortSwigger 's Burp Suite pro for corporate pentesting, & we should not capture and store corporate credentials.
Steps that I use and why is it important: 👇
#infosec #appsec #burp #Burpsuite
Steps :
1. Temporary project/session.
2. Login to the application, like normal.
3. Identify which requests to which domains contain credentials.
4. Start the main project in Burp.
5. Add those Domains to SSL passthrough. Proxy > Options > TLS Pass-Through
1. Temporary project/session.
2. Login to the application, like normal.
3. Identify which requests to which domains contain credentials.
4. Start the main project in Burp.
5. Add those Domains to SSL passthrough. Proxy > Options > TLS Pass-Through
Why I do this: I save sessions, and burp will store those credentials and sessions. I personally don't want credentials to be stored in files.
Another important point is we are not testing SSO, rather we are testing App behind SSO.
Another important point is we are not testing SSO, rather we are testing App behind SSO.
#BurpHacksForBounties - Day 12/30
IPtables + Burp Suite + Android Applications. 😍🤓🤫😀
Tricky and length but worth setting up.
#burp #bugbountytips #infosec #security #appsec #bugbountytip
IPtables + Burp Suite + Android Applications. 😍🤓🤫😀
Tricky and length but worth setting up.
#burp #bugbountytips #infosec #security #appsec #bugbountytip
- Add Burp CA to device
- Bypass cert pinning
- Root the device(required for iptable)
Dport 80 routing - run these commands
- Bypass cert pinning
- Root the device(required for iptable)
Dport 80 routing - run these commands
iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination <BURP_IP>:8080
iptables -t nat -A POSTROUTING -p tcp --dport 80 -j MASQUERADE#BurpHacksForBounties - Day 13/30
How to use Burp in most efficient way and bag a bounty.
In Bug bounty methodology by Uncle Rat (@theXSSrat) :
https://thexssrat.iss.onedium.com/bug-bounty-methodology-v3-0-hunt-like-a-rat-9e030fc54363
#infosec #appsec #bugbounty #bugbountytips
How to use Burp in most efficient way and bag a bounty.
In Bug bounty methodology by Uncle Rat (@theXSSrat) :
https://thexssrat.iss.onedium.com/bug-bounty-methodology-v3-0-hunt-like-a-rat-9e030fc54363
#infosec #appsec #bugbounty #bugbountytips