recentpopularlog in

whip_lash : pentesting   49

From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13 —
I wanted to get into mobile app pentesting. While it's relatively easy to get started on Android, it's harder to get started with iOS. For example, while Android has Android Virtual Device and a host of other third-party emulators, iOS only has a Xcode's iOS Simulator, which mimics the software environment of an iPhone and not the hardware. As such, iOS app pentesting requires an actual OS device.
ios  apple  pentesting  pentest 
4 weeks ago by whip_lash
trustedsec/physical-docs: This is a collection of legal wording and documentation used for physical security assessments. The goal is to hopefully allow this as a template for other companies to use and to protect themselves when conducting physical secu
This is a collection of legal wording and documentation used for physical security assessments. The goal is to hopefully allow this as a template for other companies to use and to protect themselves when conducting physical security assessments.
document  legal  pentesting 
8 weeks ago by whip_lash
Home · ticarpi/jwt_tool Wiki
This wiki is a project to document the known attacks and potential security vulnerabilities and misconfigurations you may come across when testing JSON Web Tokens, and to provide a repeatable methodology for attacking them.
JWT  security  webap  pentest  pentesting 
9 weeks ago by whip_lash
XORpass - Encoder To Bypass WAF Filters Using XOR Operations
XORpass is an encoder to bypass WAF filters using XOR operations. Installation & Usage git clone
webapp  waf  pentest  pentesting  obfuscation 
12 weeks ago by whip_lash
Modern Wireless Tradecraft Pt I — Basic Rogue AP Theory — Evil Twin and Karma Attacks
In Part I of our series on modern wireless tradecraft, we provide a detailed technical primer on 802.11 with a focus on features that can be abused by attackers.
wireless  wifi  pentest  pentesting 
12 weeks ago by whip_lash
How I got 5500$ from Yahoo for RCE - InfoSec Write-ups - Medium
After some searches i found a twitter post with a payload that can bypass WAF to exploit this vulnerability.

The detection method i found makes use of the Content-Type HTTP header to send a specially crafted packet. The header is shown below:

Content-Type: %{#context[‘com.opensymphony.xwork2.dispatcher.HttpServletResponse’].addHeader(‘X-Ack-Th3g3nt3lman-POC’,4*4)}.multipart/form-data
struts  webapp  pentest  pentesting 
october 2019 by whip_lash
JWT (JSON Web Token) (in)security -
JWT (JSON Web Token) is a mechanism that is often used in REST APIs it can be found in popular standards, such as OpenID Connect, but we will also encounter it sometimes using OAuth2. It is used both in large companies and smaller organisations. There are many libraries available that support JWT, and the standard itself has “rich support for cryptographic mechanisms”. Does all this mean JWT is inherently safe? Let’s see.
jwt  webapp  token  json  pentest  pentesting 
october 2019 by whip_lash
crawl3r/PortswiggerXSS: gathers the XSS cheatsheet payloads and creates a usable wordlist
Gathers the cheatsheet payloads and creates a usable wordlist


Just build or run the script as is, no args needed. The rest should be handled for you.

Disclaimer: Not the cleanest code but it works :)
xss  pentest  pentesting  webapp 
october 2019 by whip_lash
Bill Sempf | Cracking and Fixing REST APIs
In this post, I’ll cover some of the common vulnerabilities that I find in REST APIs, and how to fix them. There are three main messages I want to get across: REST can be attacked like the rest of the web, REST can be attacked in special ways, and REST has special architectural considerations.
rest  api  webapp  pentest  pentesting 
october 2019 by whip_lash
Swagger API - ghostlulz - Medium
If you notice the target you are interacting with is an api or is communicating with an api you should immediately look for exposed api documentation. Some common paths to find swagger api documentation include:

swagger  api  webapp  pentest  pentesting 
october 2019 by whip_lash
Better API Penetration Testing with Postman – Part 1 – Professionally Evil Insights
Postman is a commercial desktop application, available for Windows, Mac OS, and Linux. It is available for free, with paid tiers providing collaboration and documentation features. These features are more relevant to developers than penetration testers. It manages collections of HTTP requests for testing various API calls, along with environments containing variables. This does not replace your proxy (Burp, ZAP, Mitmproxy, etc), but actually stands in as the missing browser and clie...
api  webapp  pentest  pentesting 
october 2019 by whip_lash
XXE Cheat Sheet - SecurityIdiots
Just another article bring together the tips and tricks to find/exploit XXE and bypass it.
xxe  cheatsheets  cheatsheet  webapp  pentesting  pentest 
october 2019 by whip_lash
GitHub - taviso/cefdebug: Minimal code to connect to a CEF debugger.
This is a minimal commandline utility and/or reference code for using libwebsockets to connect to an electron/CEF/chromium debugger.

You're probably thinking, "who would enable the debugger in shipping products?". Well, it turns out just about everyone shipping electron or CEF has made this mistake at least once.

In some configurations, you can pop a shell remotely just by making a victim click a link.
pentesting  electron  software  debugger  security 
october 2019 by whip_lash
The Top 8 Burp Suite Extensions That I Use to Hack Web Sites - TrustFoundry
Here’s a short list of extensions, in no particular order, that we use on nearly every engagement in 2019.
burp  webapp  pentest  pentesting 
october 2019 by whip_lash
Voulnet/barq: barq: The AWS Cloud Post Exploitation framework!
barq is a post-exploitation framework that allows you to easily perform attacks on a running AWS infrastructure. It allows you to attack running EC2 instances without having the original instance SSH keypairs. It also allows you to perform enumeration and extraction of stored Secrets and Parameters in AWS.
aws  pentest  pentesting 
august 2019 by whip_lash
Pentesting tools | theyknow
This page will be a completely chaotic list of tools, articles, and ressources I use regularly in Pentesting and CTF situations. My goal is to update this list as often as possible with examples, articles, and useful tips. It will serve as a reference for myself when I forget things and hopefully help other to discover tools that they haven’t used.
pentesting  pentest  security  tools 
july 2019 by whip_lash
Serverless Toolkit for Pentesters
Over the past few weeks as I've explored different serverless providers, I realized a lot of the simple tasks I used VPSs for could be migrated to serverless - where I never have to worry about infrastructure, and (the best part) IT'S FREE. I've put together some serverless functions that I think are extremely helpful for pentesters, and I'm hoping this post inspires more to take full advantage of "serverless" infrastructure when it comes to security testing.
infrastructure  pentesting  serverless 
july 2019 by whip_lash
Favorite tweet:

On an internal pentest today. The first 2 hours of the day I only copy and pasted commands from

MiTM6 > easy John the Ripper hash crack > local admin SAM dumps > crackmapexec PTH with --lsa against like 10 servers > DA clear text creds.

0 alerts tripped.

— Paul Seekamp (@nullenc0de) May 20, 2019
guide  hacking  pentesting  reference  security 
may 2019 by whip_lash
Impersonating Service Accounts with Silver Tickets | Insider Threat Blog
Now that we have compromised at least one service account and extracted its password, this post will explore how to further exploit that account using Silver Tickets.
activedirectory  pentesting  pentest  silverticket 
may 2019 by whip_lash
GitHub - Coalfire-Research/npk: A mostly-serverless distributed hash cracking platform
NPK lets you leverage extremely powerful hash cracking with the 'pay-as-you-go' benefits of AWS. For example, you can crank out as much as 1.2TH/s of NTLM for a mere $14.70/hr. NPK was also designed to fit easily within the free tier while you're not using it! Without the free tier, it'll still cost less than 25 CENTS per MONTH to have online!

---You can go through the entire keyspace of Upper, Lower, Num, Symbol in...

Less than 4 days.*

* NTLM Hash @ 1.89TH/s @ $22/hr

— Tinker ❎ (@TinkerSec) March 22, 2019
hacking  pentesting  security  tools  hash  hashes 
march 2019 by whip_lash
GitHub - mubix/post-exploitation-wiki: Post Exploitation Wiki
Post Exploitation Wiki. Contribute to mubix/post-exploitation-wiki development by creating an account on GitHub.
hacking  pentesting  github  postexploitation 
january 2019 by whip_lash
flAWS 2 has two paths this time: Attacker and Defender! In the Attacker path, you'll exploit your way through misconfigurations in serverless (Lambda) and containers (ECS Fargate). In the Defender path, that target is now viewed as the victim and you'll work as an incident responder for that same app, understanding how an attack happened. You'll get access to logs of a previous successful attack. As a Defender you'll learn the power of jq in analyzing logs, and instructions on how to set up Athena in your own environment.
aws  security  pentest  pentesting  ctf  tutorial 
december 2018 by whip_lash
GitHub - pentesteracademy/patoolkit: PA Toolkit is a collection of traffic analysis plugins focused on security
PA Toolkit contains plugins (both dissectors and taps) covering various scenarios for multiple protocols, including:

WiFi (WiFi network summary, Detecting beacon, deauth floods etc.)
HTTP (Listing all visited websites, downloaded files)
HTTPS (Listing all websites opened on HTTPS)
ARP (MAC-IP table, Detect MAC spoofing and ARP poisoning)
DNS (Listing DNS servers used and DNS resolution, Detecting DNS Tunnels)
The project is under active development and more plugins will be added in near future.
analysis  http  network  pentesting  https  wireshark  pcap  security 
december 2018 by whip_lash
A common path to Domain Admin - Laconic Wolf
Many common information gathering techniques and tools require you to be a part of the domain to use them (net users, etc.), so I decided to write a few IronPython scripts (located here) to do some basic enumeration tasks. I’m not going to get into the specifics of the code, but the first two scripts I wrote were a script to get a list of users and a script to guess passwords.
ironpython  bloodhound  activedirectory  privesc  privilegeescalation  pentest  pentesting 
december 2018 by whip_lash
Improved call-home SSH scripts | TXLAB
In the new approach, the remote stations have all the same script, and they only differ in SSH keys. It;s important to have unique SSH key on each machine, in order to be able to quickly disable access if the host is compromised.
ssh  pentest  pentesting 
december 2018 by whip_lash
Call-home SSH scripts | TXLAB
Here’s the startup script /etc/init.d/callhome_ssh_tunnel which brings up the tunnel at the computer boot
ssh  pentest  pentesting 
december 2018 by whip_lash
Classic 802.1x Bypass · s0lst1c3/silentbridge Wiki · GitHub
The classic 802.1x bypass is by far the simplest to perform, and is effective against 802.1x-2004 and 802.1x-2001
802.1x  portsecurity  nac  pentest  pentesting 
december 2018 by whip_lash
About /? - Red Teaming Experiments
Publicly accessible personal notes about my red teaming experiments involving playing with various tools and techniques used by red teams and advanced adversaries in a controlled environment and more.
november 2018 by whip_lash
The project collects legitimate functions of Unix binaries that can be abused to get the f**k break out restricted shells, escalate or maintain elevated privileges, transfer files, spawn bind and reverse shells, and facilitate the other post-exploitation tasks. See the full list of functions.

This was inspired by the LOLBins project for Windows.
linux  pentesting  hacking  security  shell  privesc  privilegeescalation  gtfobins  lolbins 
july 2018 by whip_lash
Attacking Java Deserialization | NickstaDB
In this blog post I’ll attempt to clear up some confusion around deserialization vulnerabilities and hopefully lower the bar to entry in exploiting them using readily available tools. I’ll be focusing on Java, however the same concepts apply to other languages. I’ll also be focusing on command execution exploits in order to keep things simple.
java  pentesting  webapp  deserialization 
may 2018 by whip_lash
Advanced Web Shell (Full Sources) : netsec
There's multiple things that makes DAws better than every Web Shell out there
webshell  webapp  pentesting  security 
may 2018 by whip_lash
caseysmithrc/MimkatzCollider: Mimikatz HashClash
mimikatz  hashes  pentesting  github 
march 2018 by whip_lash

Copy this bookmark:

to read