<Insert inspiring quote here>
Guy who couldn’t come up with anything
Recent Posts
WebApps 101: Cross-Origin Resource Sharing (CORS)
Note: Majority of this content was taken from Portswigger Web Academy, but is not an exact copy/paste. Table of Contents: What is an “Origin”? The origin of a page is decided by three unique factors: hostname, protocol, and port number. For example: Here’s an example table taken from Mozilla with examples of origin comparisons with…
Missing Security HTTP Headers We Should Call Out
The following HTTP headers should be a standard implemented practice on web servers. If performing a penetration test and server lack any of the following headers: Quick View X-Frame-OptionsHSTS (HTTP Strict Transport Security)X-XSS-ProtectionCache-ControlContent-Security-Policy Detailed View X-Frame-Options: The X-Frame-Options HTTP header allows content publishers to prevent their own content from being used in an invisible frame…
Panning for Gold in JavaScript Files Using Burp Suite and Grep
Want to learn how to hack things without breaking the bank? Check out TCM Academy. Learn more As part of a webapp pentest, or when hunting for bug bounties, being able to find API endpoints, URIs, and sometimes even commented credentials/API keys through Javascript files is a good skillset to have. Luckily, using Burp Suite…
WebApps 101: Server-Side Request Forgery (SSRF) and PortSwigger Academy Lab Examples
Note: Majority of the content here was ripped directly from PortSwigger.net. Table of Contents: What is Server-Side Request Forgery?What is the impact of these attacks?SSRF attacks against the server itselfSSRF attacks against other back-end systemsFinding Attack Surface for SSRFWhat do we look for?Where do we look?Commonly chained exploitsBasic Bypass TechniquesBypassing black-list based defensesBypassing white-list based…
WebApps 101: Information Disclosure Vulnerabilities and PortSwigger Lab Examples
Note: Majority of the content here was ripped directly from PortSwigger.net. Table of Contents: What is information disclosure?What are some examples of information disclosure?How to prevent information disclosure vulnerabilitiesPractical Lab ExamplesExample A: Information disclosure in error messagesExample B: Information disclosure on debug page (using comments)Example C: Source code disclosure via backup filesExample D: Authentication bypass…
WebApps 101: HTTP Host Header Attacks and PortSwigger Academy Lab Examples
Note: Majority of the content here was ripped directly from PortSwigger.net. Table of Contents: What is an HTTP Host Header?What Are Host Header Injection Attacks?How Do We Test for Attacks?Checking for flawed validationInsert the payload within the port fieldProvide arbitrary domain name containing the whitelisted domain nameSending ambiguous requests to bypass front-end systems.Inserting duplicate Host…
Business Logic Flaws/Vulnerabilities and PortSwigger Lab Examples
The term “Business Logic” can be misleading, but in the context of web application security and bug bounties, a Business Logic Vulnerability is when an attacker is able to make a website or application perform an action that was never intended by the developers. For example, a eCommerce website may allow you to perform a…
WebApps 101: Directory Traversal
Anytime that you notice the URL is calling on a file name, you should test to see if there is a directory traversal vulnerability. Note: Majority of this content was taken from Portswigger Web Academy, but is not an exact copy/paste. Table of Contents What is Directory Traversal? Directory traversal (also known as file path…
WebApps 101: Broken Authorization Controls
This post intends to serve as a guide for some easy wins to look for when pentesting a web application for weak authorization controls. Note that this differs from Broken Authentication Controls, as Authentication takes place before Authorization comes in. This post will be updated as I learn more about broken controls to look for.…
WebApps 101: Broken Authentication Controls
Note: Majority of the content here was ripped directly from PortSwigger.net. This post intends to serve as a guide for some easy wins to look for when pentesting a web application for weak authentication controls. Note that this differs from Broken Authorization Controls, as Authentication takes place first. This post will be updated as I…
Using Cross Site Scripting (XSS) to Steal Cookies
Encrypt and Anonymize Your Internet Connection for as Little as $3/mo with PIA VPN. Learn More Disclaimer: This video is intended for Cyber Security professionals and Students who are looking to help others stay safe online. We can leverage the following website so that we do not need our own webserver. https://webhook.site/ With a webhook in…
Basic Cross Site Scripting (XSS) Bypass Techniques
In some cases, a bit of filtering is involved. The web developer may have added some regular expressions, to prevent simple XSS payloads from working. This post intends to serve as a list of simple bypass techniques to try when attempting to inject XSS payloads. Tweaking the case of your script tags. Some filters are…
Command Injection Tips
While working through TheCyberMentor’s Linux Privesc course, I learned something new and wanted to place this here so I can refer to it later. There’s a box on TryHackMe called ConvertMyVideo. This post does not intend to serve as a walk-through or write-up of that box, but rather is a using it as an example…
File Upload Bypass Techniques
In this guide, I’m going to show you one method to consider when you come across a file upload that only accepts PNG files. This method could theoretically be used for other file-types as well, but I’ll demonstrate uploading a PHP file on a file upload feature that “should” only allow PNG files on Popcorn…
Bypassing XSS Defenses Part 1: Finding Allowed Tags and Attributes
This post intends to serve as a guide for a common bypass technique when you’re up against a web application firewall (WAF). In the event that the WAF limits what tags and attributes are allowed to be passed, we can use BurpSuite’s Intruder functionality to learn which tags are allowed. Table of Contents: Setting the…
Exploiting Cross Site Request Forgery (CSRF) & Bypassing Defenses
Wondering what Cross Site Request Forgery is? Go check out my previous post on this topic at Let’s Talk Basics About Cross Site Request Forgery (CSRF). Ready to learn more about how to exploit it? You’re in the right place. The concepts and examples shown in this post were taken from PortSwigger’s WebSecurity Academy. Table…
Using PHP Wrappers within LFI to Obtain PHP Script Source Code
You find a Local File Inclusion (LFI) running PHP, you’re able to leverage a PHP wrapper to convert the file to Base64, which you can then decode on your own machine to view the source-code of the page. In this example, we’ll be using FRIENDZONE on HackTheBox. Confirming LFI on our example At the following…
Stay Involved
Get new content delivered directly to your inbox.
Infinite Logins 