Posts

Showing posts from October, 2022

Open redirection vulnerability

 Common open redirection vulnerability parameter ; /{payload} ?next= ?url= ?target= ?rurl= ?dest= ?destination= ?redir= redirect_uri= ?redirect_url= ?redirect= /redirect/ cgi-bin/redirect.cgi?{} /out/ /out? ?view= /login?to= ?image_url= ?go= ?return= ?returnTo= ?return_to= ?checkout_url= Other common parameters: dest, redirect, uri, path, continue, url, window, to, out, view, dir, show, navigation, Open, url, file, val, validate, domain, callback, return, page, feed, host, port, next, data, reference, site, html

Endpoints to look while testing

Image
 

WordPress Juicy Endpoints

 Wordpress juicy endpoints ! 1) wp-admin.php 2) wp-config.php 3) wp-content/uploads 4) Wp-load 5) wp-signup.php 6) Wp-json 7) wp-includes [directory] 8) index.php 9) wp-login.php 10) wp-links-opml.php  11) wp-activate.php 12) wp-blog-header.php 13) wp-cron.php 14) wp-links.php 15) wp-mail.php 16) xmlrpc.php 17) wp-settings.php 18) wp-trackback.php 19) wp-signup.php 20) admin-bar.php 21) wp-content/debug.log 22) wp-config.bkp 23) wp-admin/admin.php 24) -wpeprivate 25:)  -wpeprivate/config.json              Thank you !       

Networking Cheatsheet and Amount Manipulation Testing !

Image
 Networking Cheatsheet ! Amount Manipulation Testing !

XML Attack !

Image
What is XML external entity injection? XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. In some situations, an attacker can escalate an XXE attack to compromise the underlying server or other back-end infrastructure, by leveraging the XXE vulnerability to perform server-side request forgery (SSRF) attacks. How do XML vulnerabilities arise? While XML is an extremely popular format used by developers to transfer data between the web browser and the server, this results in XXE being a common security flaw. XML requires a parser, which is typically where vulnerabilities occur. XXE enables an entity to be defined based on the content of a file path or URL. When the XML attack payload is read by the ser

Code Review Mindmap and Recon methodology

Image
 Code Review Mindmap !           Pentesting Mindmap/Recon Methodology !   

Two Factor Authentication ! [2FA]

Image
 Two Factor Authentication ! What is 2FA 🤔 ? Let's get started , 2FA stands for 2-factor authentication. It is used as an additional layer of security for user accounts. This simply means there will be two factors for you to authenticate into your account. One is simply your credentials, and if due to some case they are compromised the additional layer(second authentication) can protect your account from getting takeover. This can be of many forms like ;    1:) Sending verification code to email. 2:) Sending OTP to email or mobile number. 3:) Third-party app-generated codes. 4:) Verification through QR codes. 5:)     SMS verification. This provides an extra layer of security for user accounts. Even if your credentials got exposed, your account can still be safe if you have your 2FA turned on. But what if this 2FA is also vulnerable. Then your account is not safe even if you have your 2FA turned on. So this vulnerability is a serious one and can be used to take over other accounts

Authentication Testing( Who are you) !

Image
 Let's get started ! To identify individuals in a group of people we need any unique combination of resources by which we can identify the individual. That combination can be his first name, last name, address or SSN. These all are resources that can help users to identify uniquely. This is the case with humans but if we want to identify in web- application for that web-application uses “Authentication”. Let us discuss it in detail.           What Is Authentication !             Well , It is the process of verifying the identity of a person or a device. Authentication is used by a server when the server needs to know exactly who is accessing their information or site. In authentication, the user or computer has to prove its identity to the server or client. A common example is entering a username and password when you log into the website. In the case of a web application they use different methods of authentications , it can be username password or username with the OTP sent to yo

Know what is Shodan Exactly !

Image
 What Is Shodan Exactly? Shodan is a search engine for Internet-connected devices. It is different from search engines like Google and Bing because Google and Bing are great for finding websites but Shodan helps in finding different things like popular versions of Microsoft IIS, control servers for Malware, how many host are affected with the new CVEs, which countries are becoming more connected, SSL certificates of the websites etc. Difference between Shodan and Google : The major difference between Shodan and Google is that, that Shodan analyzes the internet and Google analyzes the Word Wide Web.        Description : Shodan is the most popular search engine ever seen. It has the capability to index small desktops, CCTVs, nuclear power plants etc. Nowadays shodan has become very popular in the world of penetration testing, bug bounties, digital forensics, threat hunting etc. Shodan’s Search Query Insights : Shodan gathers information by interacting with web services and this informati

Do Reconnaissance in More Deep !

Image
              Thank you @Nahamsec

Cheatsheet to examine any file upload functionality !

Image
 

GitHub Dorking methodology

Image
  Manual Approach ; Let’s start with how you can get sensitive information leak Sensitive information is as follows ; "Company name" credentials                   Keywords 👇 {User_names , password, token , Secret key , backup file , pwd, credentials, ftp, JDBC, LDAP, key , pass , pw, user_auth } GitHub Dorks for Finding Files: “company name” filename:database “company name” filename:secrets.yml “company name” filename:passwd “company name” filename:LocalSettings.php “company name” filename:config.php “company name” filename:config.inc.php “company name” filename:configuration.php “company name” filename:shadow “company name” filename:.env “company name” filename:wp-config.php “company name” filename:credentials “company name” filename:id_rsa “company name” filename:id_dsa “company name” filename:.sqlite “company name” filename:secret_token.rb “company name” filename:settings.py “company name” filename:credentials.xml GitHub Dorks for Finding information sensitive from progra

Identifying threats and attacks !

Image
 

Pentesting Methodology and Cyber Security Domain !

Image
Pentesting Mindmap  Cyber security domain!  

Server Side request Forgery

Server-side request forgery ! Common injection parameters "access=", "admin=", "dbg=", "debug=", "edit=", "grant=", "test=", "alter=", "clone=", "create=", "delete=", "disable=", "enable=", "exec=", "execute=", "load=", "make=", "modify=", "rename=", "reset=", "shell=", "toggle=", "adm=", "root=", "cfg=", "dest=", "redirect=", "uri=", "path=", "continue=", "url=", "window=", "next=", "data=", "reference=", "site=", "html=", "val=", "validate=", "domain=", "callback=", "return=", "page=", "feed=", "host=", "port=", "to=", &q

Some cool bypass for the endpoints !

Image
                       Thank you !

Centralized Log Management

Image
What is Centralized Log Management? In case of a cyber security incident, logs play a vital role in various activities such as establishing the point of compromise, tracing the actions of an attacker, further investigation, and regulatory proceedings before an authority, etc. Logs are generated by every application, let it be a general application like performance monitoring or security specific application like a firewall. Logs assist in understanding how changes have taken place in a particular system. By searching, sorting, and filtering the log data, it becomes easy to pinpoint errors, issues, loopholes, or gaps that might have occurred. Manually doing so can be an extremely time-consuming process as one needs to look at thousands of log entries coming from hundreds of log files. In order to make this entire process easy, you need a Centralized Log Management system. Collecting Evidence from Network Infrastructure Devices You can collect a lot of information from network infrastruc

Recon Methodology !

Image
 

Testing Mindmap !

Image
                Thank you !

Endpoints to look while testing !

Image
                     Thank you ! Via  https://twitter.com/ManieshNeupane/status/1575890241285947393?s=19

Android Application Pentesting Checklist

Image
  Thank you ! Via ; https://twitter.com/ManieshNeupane/status/1576791692216217600?t=sauvUTyKWa9gZzIe-YSyCA&s=19

Search Engines for Pentesters !

Image
                 Thank you !                    Maniesh Neupane 🇳🇵 Via: https://twitter.com/ManieshNeupane/status/1569647860421099520?t=G7-1NnF6qZOQmlsvVfYxJg&s=19

Testing Authentication Flaws in Web Application !

Image
                      Thank you !                         Maniesh Neupane 🇳🇵