#Arm1tage
Разные заметки, инструменты, новости и прочее из мира и моего опыта в Кибербезопасности. В общем "Пентест без мОразма"© 🇺🇦🇺🇦🇺🇦
Show more- Subscribers
- Post coverage
- ER - engagement ratio
Data loading in progress...
Data loading in progress...
gau example.com | grep -iE '\.js' | grep -ivE '\.json' | sort -u >> exampleJS.txt
Alternatively, you can use waymore, which seems to be better:
python3 waymore.py -i example.com -ko "\.js(\?|$)"
We can also try fuzzing to find hidden JS files:
ffuf -u https://www.example.com/js/ -w jsWordlist.txt -t 200
The wordlist for fuzzing can be found here: https://wordlists.assetnote.io/
After that, ping the JS links as some of them may be outdated.
httpx -l exampleJS.txt -mc 200Now, let's look for secrets in these files using SecretFinder, a tool for detecting sensitive data such as apikeys, accesstokens, authorizations, jwt, etc. in a JS file:
cat exampleJS.txt | xargs -n2 -I @ bash -c 'echo -e "\n[URL] @\n";python3 SecretFinder.py -i @ -o cli' >> exampleJsSecrets.txt
Next, using availableForPurchase.py, we can check if the domains referenced in the JS files are available for purchase. This tool, combined with linkfinder and collector, is really powerful. Sometimes developers make mistakes when writing a domain, possibly the domain imports an external JavaScript file, etc.
cat exampleJS.txt | xargs -I @ bash -c 'python3 linkfinder.py -i @ -o cli' | python3 collector.py output
cat output/urls.txt | python3 availableForPurchase.py
[NO] www.googleapis.com
[YES] www.gooogleapis.com
After executing the above command, a list of potential endpoints that were discovered in the JS becomes available for review:
cat output/paths.txt
We can also immediately check for subdomain takeover using subzy
cat output/urls.txt |grep "https\{0,1\}://[^/]*\.example\.com/[^ ]*" >> subdomainExample.txt; subzy run --targets subdomainExample.txt
Also, excellent extensions for Burp:
JS Miner and JS Link Finder which perform similar tasks but in real-time, for greater coverage it's better to use both script scanning and pluginsxz --version5.6.0 & 5.6.1 — v u l n e r a b l e Update:
sudo apt update && sudo apt install --only-upgrade liblzma5
Summary:
https://boehs.org/node/everything-i-know-about-the-xz-backdoor
How it all started (email):
https://www.openwall.com/lists/oss-security/2024/03/29/4
GitHub Thread:
https://web.archive.org/web/20240329223553/https://github.com/tukaani-project/xz/issues/92
Message from Kali Linux team:
https://twitter.com/kalilinux/status/1773786266074513523
The xz package, starting from version 5.6.0 to 5.6.1, was found to contain a backdoor. The impact of this vulnerability affected Kali between March 26th to March 29th. If you updated your Kali installation on or after March 26th, it is crucial to apply the latest updates today.
Note that (almost) all Linux distros could be affected!
For example, Fedora — Red Hat warned users to immediately stop using systems running Fedora development and experimental versions:
https://www.bleepingcomputer.com/news/security/red-hat-warns-of-backdoor-in-xz-tools-used-by-most-linux-distros
News:
https://www.helpnetsecurity.com/2024/03/29/cve-2024-3094-linux-backdoor
And from CISA:
https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094
So... JiaT75 made 750 commits in 2 years and finally backdoored XZ..../spoofy.py -d bugcrowd.com -o spoof.txt
Как защититься?
Установи атрибут p=reject для DMARC и -all (тот же тэг all только знак не ~ а -) для SPF. Это запретит отправку из неизвестных источников.
#emailspoofingВведение Настоящий материал по большей части состоит из общедоступных наработок других людей. Целью было проверить указанные наработки на практике и собрать получившиеся результаты в одном месте. Именно этим объясняется название статьи. Продолжу рассуждение в терминах, обозначенных ранее. По имеющемуся опыту для типовой Организации в качестве ключевой системы можно выделить контроллеры домена, а в качестве критерия подтверждения возможности реализации компьютерных атак, приводящих к негативным для Организации последствиям - получение несанкционированного доступа к учетной записи администратора домена.