Posts

OAuth and the flaws in its implementation

Image
OAuth and the flaws in its implementation ! What is OAuth? Open Authorization (also known as OAuth) is an open-source framework that allows you to create accounts on websites without having to create a different user account for each website. They rely on authentic third-party websites, such as Facebook or Google, to perform the authentication process for them. It is: It is used to log into websites without the need to form an account first. Resource sharing is performed through this method. SSO is also utilised in businesses and enterprise networks for a variety of purposes (Single Sign On) Isn’t it intriguing to think about? But what are the options for gaining access to something without having to create an account? Let’s see how well it works out for you.    How OAuth Works? To simplify the work flow let’s first isolate the entities involved. They are: User (i.e., you) Application that you want to access Authorization Server For example, you go to example.com. To access its service
Post a Comment
Read more

Ways To Bypass Authentication ;

 Ways To Bypass Authentication. 1:) Direct page request; :)a.k.a forced browsing. :)successful authentication => Redir to /admin. :)functionality is inappropriately protected , just go to:  https//your.target.site/admin. 2. Parameter Modification; :) When authentication is verified via fixed parameters. "authenticated" = "yes" "logged_in" = true "is_admin"= true 3. Session ID Prediction; :) Cookies, tokens, etc. :) If ID is predictable => can be bruteforced/guessed. 4. SQL Injection :)improper input sanitization  admin' or '1'='1 More payloads: https://gist.github.com/spenkk/2cd2f7eeb9cac92dd550855e522c558f. :)Use Intruder with default or custom payloads in Burp Suite. 5:) Default accounts ; admin/admin root/admin admin/password 6. Weak Password Change/Reset Feature ;  :)Current password not required. :)Host header poisoning: https://0xn3va.gitbook.io/cheat-sheets/web-application/broken-authentication. Video link: https://yo
Post a Comment
Read more

Web-Application Pentesting Tools

Web-Application Pentesting Tools 1. Burp Suite - Framework. 2. ZAP Proxy - Framework. 3. Dirsearch - HTTP bruteforcing. 4. Nmap - Port scanning. 5. Sublist3r - Subdomain discovery. 6. Amass - Subdomain discovery. 7. SQLmap - SQLi exploitation. 8. Metasploit - Framework. 9. WPscan - WordPress exploitation. 10. Nikto - Webserver scanning. 11. HTTPX - HTTP probing. 12. Nuclei - YAML based template scanning. 13. FFUF - HTTP probing. 14. Subfinder - Subdomain discovery. 15. Masscan - Mass IP and port scanner. 16. Lazy Recon - Subdomain discovery. 18. XSS Hunter - Blind XSS discovery. 19. Aquatone - HTTP based recon. 20. LinkFinder - Endpoint discovery through JS files. 21. JS-Scan - Endpoint discovery through JS files. 22. GAU - Historical attack surface mapping. 23. Parameth - Bruteforce GET and POST parameters. 24. truffleHog - Find credentials in GitHub commits.
2 comments
Read more

Top XSS Dorks !

 Top 25 XSS Dorks according to OpenBugBounty 1. ?q={payload} 2. ?s={payload} 3. ?search={payload} 4. ?id={payload} 5. ?lang={payload} 6. ?keyword={payload} 7. ?query={payload} 8. ?page={payload} 9. ?keywords={payload} 10. ?year={payload} 11. ?view={payload} 12. ?email={payload} 13. ?type={payload} 14. ?name={payload} 15. ?p={payload} 16. ?month={payload} 17. ?immagine={payload} 18. ?list_type={payload} 19. ?url={payload} 20. ?terms={payload} 21. ?categoryid={payload} 22. ?key={payload} 23. ?l={payload} 24. ?begindate={payload} 25. ?enddate={payload}
Post a Comment
Read more

Scope Base Recon Methodology

Image
 Scope Base Recon Methodology for Small, Medium,and Large scope tragedy by @Harsha Bothra
Post a Comment
Read more

Pre Account Takeover Methodology !

While performing penetration testing on a (website.com) target, I observed that the application allowed me to automatically login to the application as soon as I created a new account. This implies that there is no email verification at all. Similarly, the application also supported multiple social login methods such as Login with Google, Facebook and Apple.  Following the below steps, I was able to perform pre-authentication account takeover successfully. 1:) [Attacker Step] Navigate to the and register a new account with using the victim user’s email. Since the application also has a Google Authentication and Facebook option, I used a Gmail account for registration as a victim account. 2:) Observe that the application successfully logs in a user upon registration process completion, and all the features of the applications are accessible. 3:) Now, log out and navigate back to the target application’s login functionality. 4:) [Victim Step] This time, use Google Authentication and log
Post a Comment
Read more

Recon Methodology and SAML attack ;

Image
  Pentesting Mindmap ! SAML attack;
Post a Comment
Read more

Open redirection vulnerability

 Common open redirection vulnerability parameter ; /{payload} ?next= ?url= ?target= ?rurl= ?dest= ?destination= ?redir= redirect_uri= ?redirect_url= ?redirect= /redirect/ cgi-bin/redirect.cgi?{} /out/ /out? ?view= /login?to= ?image_url= ?go= ?return= ?returnTo= ?return_to= ?checkout_url= Other common parameters: dest, redirect, uri, path, continue, url, window, to, out, view, dir, show, navigation, Open, url, file, val, validate, domain, callback, return, page, feed, host, port, next, data, reference, site, html
Post a Comment
Read more

Endpoints to look while testing

Image
 
3 comments
Read more

WordPress Juicy Endpoints

 Wordpress juicy endpoints ! 1) wp-admin.php 2) wp-config.php 3) wp-content/uploads 4) Wp-load 5) wp-signup.php 6) Wp-json 7) wp-includes [directory] 8) index.php 9) wp-login.php 10) wp-links-opml.php  11) wp-activate.php 12) wp-blog-header.php 13) wp-cron.php 14) wp-links.php 15) wp-mail.php 16) xmlrpc.php 17) wp-settings.php 18) wp-trackback.php 19) wp-signup.php 20) admin-bar.php 21) wp-content/debug.log 22) wp-config.bkp 23) wp-admin/admin.php 24) -wpeprivate 25:)  -wpeprivate/config.json              Thank you !       
Post a Comment
Read more

Networking Cheatsheet and Amount Manipulation Testing !

Image
 Networking Cheatsheet ! Amount Manipulation Testing !
Post a Comment
Read more

XML Attack !

Image
What is XML external entity injection? XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. In some situations, an attacker can escalate an XXE attack to compromise the underlying server or other back-end infrastructure, by leveraging the XXE vulnerability to perform server-side request forgery (SSRF) attacks. How do XML vulnerabilities arise? While XML is an extremely popular format used by developers to transfer data between the web browser and the server, this results in XXE being a common security flaw. XML requires a parser, which is typically where vulnerabilities occur. XXE enables an entity to be defined based on the content of a file path or URL. When the XML attack payload is read by the ser
Post a Comment
Read more

Code Review Mindmap and Recon methodology

Image
 Code Review Mindmap !           Pentesting Mindmap/Recon Methodology !   
Post a Comment
Read more

Two Factor Authentication ! [2FA]

Image
 Two Factor Authentication ! What is 2FA 🤔 ? Let's get started , 2FA stands for 2-factor authentication. It is used as an additional layer of security for user accounts. This simply means there will be two factors for you to authenticate into your account. One is simply your credentials, and if due to some case they are compromised the additional layer(second authentication) can protect your account from getting takeover. This can be of many forms like ;    1:) Sending verification code to email. 2:) Sending OTP to email or mobile number. 3:) Third-party app-generated codes. 4:) Verification through QR codes. 5:)     SMS verification. This provides an extra layer of security for user accounts. Even if your credentials got exposed, your account can still be safe if you have your 2FA turned on. But what if this 2FA is also vulnerable. Then your account is not safe even if you have your 2FA turned on. So this vulnerability is a serious one and can be used to take over other accounts
2 comments
Read more

Authentication Testing( Who are you) !

Image
 Let's get started ! To identify individuals in a group of people we need any unique combination of resources by which we can identify the individual. That combination can be his first name, last name, address or SSN. These all are resources that can help users to identify uniquely. This is the case with humans but if we want to identify in web- application for that web-application uses “Authentication”. Let us discuss it in detail.           What Is Authentication !             Well , It is the process of verifying the identity of a person or a device. Authentication is used by a server when the server needs to know exactly who is accessing their information or site. In authentication, the user or computer has to prove its identity to the server or client. A common example is entering a username and password when you log into the website. In the case of a web application they use different methods of authentications , it can be username password or username with the OTP sent to yo
1 comment
Read more