root@najam-ul-saqib:/home/posts$
-
Pentest Diaries: Complete Takeover of Firebase Database in Web Application
On a recent penetration test engagement, I was given a single URL of web application which upon initial reconnaissance turned out to be a Flutter-based application. The application was using web-sockets heavily (I’m observing rising adoption of web-sockets in web apps). Testing web-sockets is not easy and usually very cumbersome;...
-
The Blitzkrieg Effect: Infiltrating an Enterprise Active Directory Environment Twice
Active directory environments have always intrigued me but for some reasons I never got the chance to get my hands dirty on an enterprise level AD environment until this one. I was asked by a company (which we will refer to as “EvilCorp” – {inspired by Mr. Robot} to not...
-
Releasing Damn Vulnerable Electron App: A playground to learn electronJS security vulnerabilties
What is Electron JS? ElectronJS is a popular open-source framework for building cross-platform desktop applications using web technologies such as JavaScript, HTML, and CSS. With Electron, developers can build native desktop apps that run on Windows, macOS, and Linux using a single codebase. Why DVEA? As a developer and security...
-
Utilizing Data from Azure Defender for Cloud to Maximize Cloud Security with Resource Graph Explorer: A Step-by-Step Guide
Cloud security has become increasingly important as more organizations migrate their infrastructure and applications to the cloud. The benefits of the cloud, such as scalability, flexibility, and cost-effectiveness, make it an attractive option for businesses of all sizes. However, with the move to the cloud comes the need to ensure...
-
Hunting Sourcemaps On Steroids
JavaScript code analysis has got some hype shortly after people have found critical bugs like Auth Bypass, RCE, etc using JS analysis. Sourcemaps can be proved gold mine for security engineers, as they are used for reverse engineering minified client-side javascript and converting it from ugly-looking and horrible-to-read JS code...
-
The #100DaysOfHacking Challenge : A Game Changer for Me
How it all started? I have known bug hunting for 2-3 years now but I had never been able to start hunting with consistency, I used to pick up a target after spending hours deciding which one will be good for me, spending time on recon i.e collecting all the...
-
The Open Source Software That I Use
This is the list of Open Source software that I use as my daily driver! Kudos to their contributors! Browser: Mozilla Firefox, Brave Keyboard: AnySoftKeyboard Messaging: Signal Email Client: Thunderbird, FairEmail Email Providers: Protonmail, Tutanota App Store: F-Droid Laptop OS: Ubuntu, Kali Linux Office: LibreOffice FTP Client: FileZilla Password Manager:...
-
Interesting behavior of innerHTML on simple script XSS payload
While going through the secure coding practices for ReactJS I pondered on how can an application built in ReactJS be vulnerable to XSS, came to know that ReactJS inherently is pretty secure against XSS attacks and that its JSX escapes the inputs pretty well. Apart from all this, ReactJS allows...
-
Hacker 101 CTF Walkthrough: BugDB v3
This CTF like the previous one too has some mutations in it so likely we have to play with mutations. It's always a good idea to give introspection query a try with GraphQL voyager which retrieved following result: We can see something different in this graph i.e attachments. That being...
-
Hacker 101 CTF Walkthrough: BugDB v2
This is the second CTF on Hacker 101 related to GraphQL. Let's dive into it. Learning the trend from previous CTF i.e BugDB v1 I didn't dive into the introspection query graph straightaway this time rather I opened the docs of this GraphQL endpoint which showed that this time we...
-
Hacker 101 CTF Walkthrough: BugDB v1
In this post, I will be taking you through one of the CTFs on HackerOne named "BugDB v1". This CTF is focused on the basic concept of GraphQL APIs and how they works. Let's start. When you open this CTF, a minimal page opens up having a hyper link to...
-
My Transition to More Privacy-Focused Internet.
Back in October 2020 I watched Social Dilemma (A Netflix Documentary) on the recommendation of a friend, it was a documentary made on side effects of social media and those side effects were mentioned by none other than the manufacturers of those tech giants, people holding executive positions, engineering...
-
Lessons learned while escalating privileges on Vulnversity
After a long while, going through exams and other commitments I decided to play on TryHackMe. This time it was vulnversity room, I solved it and learned a lot of new stuff. Infosec is something where you get to learn new things every day (if you're involved in it). So I decided...
-
Hacker 101 CTF Walkthrough: Petshop Pro
I am back with another walkthrough to one of the HackerOne's CTF Petshop Pro. Let's look at the interface of this web page. Flag 0: This seems like a simple shopping website and remember whenever you see a shopping website like this, your first area of testing should be checkout....
-
How I got my first private invitation to a bug bounty program?
Bug bounty platforms are rapidly gaining popularity among ethical hackers and penetration testers, they provide crowdsource solutions to different companies, hackers look for security loopholes in the websites and in turn they get paid for a valid submission. But as such platforms are gaining popularity and more and more people...
-
Important points I learned from Mr Robot CTF
I did the Mr. Robot CTF today from www.tryhackme.com, I thought it would be better to share the lessons I learned from Mr. Robot's CTF rather than writing a walkthrough (as there are tons of walkthroughs available online on Mr. Robot) GoBuster is better than DirBuster: I ran gobuster on...
-
Not getting Shell on Mr.Robot CTF on TryHackMe?
Well, this was my first machine on THM and I pulled my hairs on not getting the shell when I was doing all the stuff just right. It was Mr.Robot's CTF, I tried literally everything to get the shell, I tried PHP reverse shell, meterpreter session, metasploit's wp_admin module, malicious...
-
How I barely escaped a 50000PKR cyber fraud?
On the night of 16th May 2020 I got approached by a person online (as I do freelancing so I often deal with international clients), he was from Morocco he asked me that he wants me to make a bank transaction to one of his clients in Pakistan of 50,000PKR...
-
Hacker101 CTF Walkthrough: Micro-CMS v1
Here is the walkthrough for another CTF available on Hacker 101 is Micro-CMS v1 This CTF has four flags and I will walk you off through each one of them. Let's start!This is the main page of the CTF where you have some options like you can create some pages, and read...
-
Hacker101 CTF Walkthrough: A little something to get you started
So here is my first walkthrough for you guys and that will be the easiest of the lot, this is the first CTF available on HackerOne.comWhat I like about HackerOne is that they give you private invitations to programs based on your performance in CTFs so I guess doing CTFs...
-
Kali Linux 2020.1 tty1 ERROR
I found a horrible error when I installed the latest version of Kali Linux on one of my machines, after installing the OS when I started it, it booted into a black screen which asked for my login credentials without any GUI. It is heartbreaking to see problems right away...