fa
Feedback
Bug Bounty - GitBook

Bug Bounty - GitBook

رفتن به کانال در Telegram
7 428
مشترکین
+324 ساعت
+37 روز
+16730 روز
آرشیو پست ها
Companies & developers tend to put more resources (including security) into the main APIs. Always look for the most niche features that nobody uses to find interesting vulnerabilities. POST /api/profile/upload_christmas_voice_greeting #api @GitBook_s

Mobile Certificate Pinning? Before you start reverse engineering & patching the client app, check for both iOS & Android clients and older versions of them. There's a decent chance that the pinning isn't enabled in one of them. Save time. #api @GitBook_s

Even if you use another web proxy, always use Burp in the background. The guys at @PortSwigger are doing a really good job at helping you manage your pentest. Use the “tree view” (free version) feature to see all API endpoints you’ve accessed. #api @GitBook_s

Static resource==photo,video,.. Web Servers(IIS, Apache) treat static resources differently when it comes to authorization. Even if developers implemented decent authorization, there's a good chance you can access static resources of other users. #api @GitBook_s

Author: zarvan Language: Persian Telegram channel: @web_articles

Do you like these gitbooks?

Hackers Rest Hacker's Rest >Tools & Cheatsheets Hacking Methodology Hands-on Practice >LINUX Linux Basics Hardening & Setup Red Team Notes Vim >WINDOWS Windows Basics PowerShell Hardening & Setup Red Team Notes >MACOS MacOS Basics Hardening & Configuration Red Team Notes >WEB Burp Suite DNS Web Notes >MOBILE iOS Android >OS AGNOSTIC Basic Enumeration Cryptography & Encryption Network Hardware OS Agnostic OSINT Password Cracking Pivoting Reverse Engineering & Binary Exploitation Scripting SQL SSH & SCP Steganography Wireless Unsorted Link 🔗:- https://zweilosec.gitbook.io/hackers-rest @GitBook_s

Software Security >PREREQUISITES Prerequisites >INTRODUCTION Cyber security principles Basic web concepts Basic browser security concepts Basic security concepts >ACCESS CONTROL: BASICS Authentication Authorization Session Management CSRF SSRF >ACCESS CONTROL: ADVANCED Authentication >INJECTION ATTACKS Injection attacks SQL Injection Command Injection Cross-site scripting Subresource integrity Sandboxing >HTTPS HTTPS Introduction to cryptography PKI Setting up HTTPS References >HTTP HEADERS FOR SECURITY HTTP Headers >THREAT MODELING Threat modeling introduction Threat modeling basics Inspiration for threats >BRINGING IT ALL TOGETHER Acomperhensive overview of controls Link 🔗:- https://apwt.gitbook.io/software-security @GitBook_s

StaphySec Resources Tricks Brute Force - CheatSeet File Transfer Hashcat Cheatsheet Curl >Tools Cracking Information Gathering XSS Obfuscation Credentials Theft/Win Content Management System(CMS) >Programing and Scripting Virtualenv & Switching Versions Python >Shells Shells(Linux,Windows,Msfvenom) >Linux Cheatsheet EOP Linux Tools and Resources Blogs >Windows Cheatsheet EOP Windows Tools and Resources Useful commands and Modules >Blogs Miscellaneous resources >Pentesting 21 Pentesting FTP 22 Pentesting SSH 25,465,587 Pentesting SMTP 53 Pentesting DNS 110,995 Pentesting POP 135 Pentesting WMI 139,445 SMB Pentesting 143,993 Pentesting IMAP 161,162,10161,10162/udp Pentesting SNMP 623 /UDP/TCP - IPMI 1433 Pentesting mssql 2049 NFS Pentesting 3306 Pentesting Mysql 3389 Pentesting RDP 5985,5986 WinRm >Pentesting Web SQL Injections Command injection File Uploads Abusing Intermediary Applications HTTP Verb Tampering IDOR File Inclusion/Directory Traversal XXE-XEE-XML External Entity SSRF SSI/ESI SSTI XSLT Server Side Injection(Extensible Stylesheet Language Transformations) Link 🔗:- https://staphysec.gitbook.io/staphysec @GitBook_s

infosecgirls Introduction Application Details >INITIAL SETUP WITH OWASP ZAP OWASP ZAP Setup OWASP ZAP Modes Automated Scan Report Generation >INITIAL SETUP WITH BURP. Start Burp Suite Add FoxyProxy Addon Add New Proxy In FoxyProxy Configure Proxy Listener Install Burp's CA Certificate In Firefox Getting Rid of Unnecessary Browser Traffic >QUICK BASICS Disable Intercept Mode in Burp Enable Intercept Mode in Burp Send to Repeater Send to Comparer >WEB APPLICATION PENTESTING A1 - Injection A2 - Broken Authentication A3 - Sensitive Data Exposure A4- XML External Entities (XXE) A5 - Broken Access Control A6 - Security Misconfiguration A7 - Cross-Site Scripting (XSS) A8 - Insecure Deserialization A9 - Using Components with Known Vulnerabilities 10 - Insufficient Logging & Monitoring References About Us >ADDITIONAL CONTENT Insecure Direct Object Reference Security Misconfiguration Password Guessing Attack User Enumeration Custom Iterator Null Payload Request in Browser: Privilege Escalation Check >BURP EXTENDERS Target Proxy Intruder Repeater Sequencer Decoder Comparer Extender Link 🔗:- https://infosecgirls.gitbook.io/infosecgirls-training/v/appsec/ @GitBook_s

H12006 - Write up WriteUp | - Passive Reconnaissance ll - Active Reconnaissance lll - Server Side Request Forgery IV - Android Reverse Engineering V - Know your staff VI - You will pay for this ! Link 🔗:- https://techbrunch.gitbook.io/h12006 @GitBook_s

refabr1k's Pentest Notebook Steganography Kali USB with persistence memory useful tools Understanding ICACLS permissions >INFO GATHERING Port Knocking 22 tcp - SSH 25 top - SMTP 53 tcp/udp - DNS 88 tcp - Kerberos 161 udp - SNMP 1098,1099 tcp - Java RMI 8009 tcp - AJP 5901,5902 tcp - VNC >WEB XSS cookie stealing PHP Webdav Wordpress XML RPC SQL Injection SSRF >EXPLOITATION File Transfers Buffer Overflow Bruteforce PHP rce Compiling msfvenom Reverse shell Using ENV to escape Bad Characters shellshock Ncat Persistent Backdoor PRIVESC - LINUX Basic checks Upgrading Shells SUID >PRIVESC - WINDOWS Basic checks/powershell Privesc Openings LonelyPotato - SelmpersonatePrivilege Enable RDP @ Firewall NTLM (Pass The Hash) >WINDOWS NTDS.dit Responder / SMB Relay Attacking AD >METASPLOIT Basic Usage Meterpreter >UNSORTED other notes >ELEARNSECURITY EJPT eJPT notes >OSWP Getting started WEP Attacks WPA/WPA2 Attacks >SCRIPTS get port from nmap Curl response ping sweep iptables-counter.sh (DNS) zonetransfer_check.sh (DNS) dns-rev-brute.sh (DNS) dns-fwd-brute.sh (SMB) vuln-scan.sh (SMB) samba-checker.sh (SMTP) vrfy.py (SNMP) mib-check.sh >ZERODAY VULNERABILITIES EXPLAINED 2020-12 Solarwind supply chain Link 🔗:- https://refabr1k.gitbook.io/oscp @GitBook_s

Security Knowledge Framework Introduction Auth Bypass Auth Bypass - 1 Auth Bypass - 2 Auth-bypass-3 Auth-bypass-Simple Client Side Restriction Bypass Client Side Restriction Bypass - Harder Client Side Template Injection (CSTI) Command Injection (CMD) Command Injection 2 (CMD-2) Command Injection 3 (CMD-3) Command Injection 4 (CMD-4) Command Injection Blind (CMD-Blind) Content-Security-Policy (CSP) CORS exploitation Credentials Guessing Credentials Guessing - 2 Cross Site Scripting (XSS) Cross Site Scripting - Attribute (XSS-Attribute) Cross Site Scripting - href (XSS-href) Cross Site Scripting - DOM (XSS- DOM) Cross Site Scripting - DOM-2 (XSS- DOM-2) Cross Site Scripting - Stored (XSS- Stored) CSRF CSRF - Samesite CSRF - Weak CSS Injection (CSSI) Deserialisation Java (DES-Java) Deserialisation Yaml (DES-Yaml) Deserialisation Pickle (DES-Pickle) Deserialisation Pickle 2 (DES-Pickle-2) DoS Regex File upload Formula Injection GraphQL DOS GraphQL IDOR GraphQL Injections GraphQL Introspection GraphQL Mutations Host Header Injection (Authentication Bypass) HttpOnly Session Hijacking XSS Information Leakeage in Comments Information Leakeage in Metadata Insecure Direct Object References (IDOR) JWT Null JWT Secret Ldap Injection Ldap Injection - harder Local File Inclusion 1 (LFI-1) Local File Inclusion 2 (LFI-2) Local File Inclusion 3 (LFI-3) Parameter Binding Prototype Pollution Race Condition Race Condition File-Write Ratelimiting (Brute-force login) Remote File Inclusion (RFI) Right To Left Override (RTLO) Server Side Request Forgery (SSRF) Server Side Template Injection (SSTI) Session Hijacking XSS Session Puzzling Session Management 1 SQLI (Union) SQLI Login Bypass SQLI (Like) SQLI (Blind) TLS Downgrade Untrusted Sources (XSSI) URL Redirection URL Redirection - Harder URL Redirection - Harder-2 WebSocket Message Manipulation XML External Entity (XXE) Exposed docker daemon template item Link 🔗:- https://skf.gitbook.io/asvs-write-ups/ @GitBook_s

AppSec Overview Write Ups Compilations/Resources main Resources Labs >Cross Site Request Forgery > Missing Access Controls >LFI >XXE >Injection Command Injection Server Side Template Injection SQL Injection >SSRF >Unvalidated Redirects and Forwards >Verbose Error messages and Stack Traces Link 🔗:- https://evanluke.gitbook.io/appsec @GitBook_s

Leet Sheet >Reconnaissance Automated Reconnaissance Domains Scour the Web Metadata >Web App Hacking Enumeration User Attacks Database Attacks Server Attacks DNS Attacks Cloud Attacks Interesting Outdated Attacks >Network Hacking General Enumeration RPC LDAP SMB SNMP WMI SSH Kerberos NTLM Man-in-the-Middle WinRM >Post Exploitation Windows Linux Docker Container General >Various CVEs SSH Agent Hijacking Password Cracking Cryptography Non-Hacking Malware Forensics >Binary Exploitation Base Knowledge Format Strings Exploits Stack Smashing Heap Exploits Time-of-Check to Time-of-Use Shellcode Decompilation Debugging Exploit Mitigations and Protections Exploit Protection Bypassing Passing Input Fuzzing Automatic Exploitation >phisical security Mechanical Locks Electronic Locks Other Attacks Destructive Entry Elevator Attacks >Social Engineering Phishing Link 🔗:- https://heinosass.gitbook.io/leet-sheet @GitBook_s

Repost from Bug Bounty - GitBook
wiki.hackerlab.cz >Web Pentesting HTTP Request Smuggling SSTI Insecure Deserialization Brute Force Shell Fu - onliners CORS Special Chars & NULL Bytes XSS XEE SQL Injection Blind SQL Injection SQLmap NoSQL Injection CRLF Injection Input Validation - Fuzz1 HTTP Headers - X-Forwarded Log4j Enumeration with Wordlists Bug Bounty - Web Recon HTTP Proxy Override CSV Injection Windows Forbiden File Name Path Traversal OS Command Injection Open Redirect JWT Token Upload RCE GUID and UUIDs >Toolset Git - Repo and Tools Docker for Pentesters >Infrastructure Pentesting Windows Post Exploitation Dump File Analysis Active Directory NFS Enumration >Other Pentest Project Security Projects >Wifi Pentesting Kali Linux - Alpha card AWUS 1900(VirtualBox) Active Card & Monitor Mode Aircrack-ng Suite Certs >Linux Network Manager >Books The Hacker Playbook 3 Link 🔗:- https://hackerlab.gitbook.io/wiki.hackerlab.cz/ @GitBook_s

wiki.hackerlab.cz >Web Pentesting HTTP Request Smuggling SSTI Insecure Deserialization Brute Force Shell Fu - onliners CORS Special Chars & NULL Bytes XSS XEE SQL Injection Blind SQL Injection SQLmap NoSQL Injection CRLF Injection Input Validation - Fuzz1 HTTP Headers - X-Forwarded Log4j Enumeration with Wordlists Bug Bounty - Web Recon HTTP Proxy Override CSV Injection Windows Forbiden File Name Path Traversal OS Command Injection Open Redirect JWT Token Upload RCE GUID and UUIDs >Toolset Git - Repo and Tools Docker for Pentesters >Infrastructure Pentesting Windows Post Exploitation Dump File Analysis Active Directory NFS Enumration >Other Pentest Project Security Projects >Wifi Pentesting Kali Linux - Alpha card AWUS 1900(VirtualBox) Active Card & Monitor Mode Aircrack-ng Suite Certs >Linux Network Manager >Books The Hacker Playbook 3 Link 🔗:- https://hackerlab.gitbook.io/wiki.hackerlab.cz/ @GitBook_s

Got stuck during an API pentest? Expand your attack surface! Find sub/sibling domains using http://Virustotal.com & http://Censys.io. Some of these domains might expose the same APIs with different configurations/versions. #api @GitBook_s

Use Mass Assignment to bypass security mechanisms. E.g., "enter password" mechanism: POST /api/reset_pass requires old password. PUT /api/update_user is vulnerable to MA == can be used to update pass without sending the old one (For CSRF) #api @GitBook_s