Turning on your Burp intercept can sometimes be a headache.
When a site is using several trackers, embedded videos, and 3rd party fonts it can be a hassle to click thru two dozen intercepted requests before getting to the one of interest.

This article will teach you how to:

  1. Exclude domains from your Interceptor
  2. How to save and reload the ‘Do Not Intercept’ list

In next screen shot we caught a request from an embedded Youtube video.
To lower the noise we have to deal with, lets add this domain to our “Don’t Intercept’ list.

How to exclude a domain…


No week 6, as I spent a long vacation with family.

03/15/21

3 hrs of hacking an SSRF to try and escalate a High to a Crit — will need to sit around for a good long while to see if they accept my escalation.

Started AWAE 30 day course, assuming this is going to eat up a lot of my time for the next month.

https://infosecwriteups.com/the-invincible-kid-7ac1ce2887c0 — Lol love these kind of bugs

03/16/21

2 hrs of hacking with nothing to show

https://hackerone.com/reports/704621

03/17/21

2 hrs of hacking with nothing

03/18/21

2 hrs of hacking with nothing

Weekly Wrap…


How many times have you been testing out a new program on Hackerone just to see they use AWS WAF and then decide to move on to an easier target?

Low hanging fruit gatherers, like myself, can be discouraged to see a WAF protecting all the poorly coded endpoints that promise to pay off my mortgage.

src: https://unsplash.com/@jimmy_conover

When you see AWS WAF on your target, do not assume that it’s been properly configured! …


2/26/21
Couple hours of hunting for auth bugs

2/27/21
Family Time

2/28/21
2 hrs of poking before bed and found a cool oracle bug to access secret data
Submitted as a crit, but waiting for triage to agree

3/1/21
1 hr of hunting for nothing

3/2/21
6 hrs of hunting for a single little auth bug

https://infosecwriteups.com/grafana-admin-panel-bypass-in-google-acquisition-virustotal-c5ecc9d7b8ae

3/3/21

Triage disagreed vehemently with my oracle bug :(
Spend the morning reading all kinds of entropy documents to try and learn more about it.

Then company reopened, so its just going to be one of ‘those’ tickets

https://orwaatyat.medium.com/your-full-map-to-github-recon-and-leaks-exposure-860c37ca2c82

3/4/21

3 hrs hunting…


I’ve been a Web Sec Engineer for a year now and I’d like to start sharing some of the scripts and tools I’ve made for myself to help others in a similar position.

The first being a simple AW Route 53 Monitor

The script is based off the steps put together by Cloud Conformity:
https://www.cloudconformity.com/knowledge-base/aws/Route53/dangling-dns-records.html

We have several AWS environments to monitor and thousands of Route53 entries so this came as a necessity to maintain the environment and to, as Cloud Conformity states:

>Ensure that any dangling DNS records are deleted from your Amazon Route 53 public hosted zones in…


In cryptography there is only one method that has been mathematically proven to be 100% secure. This method is the one time pad (OTP).
A one time pad is a key that is the same length as the plaintext message that it is trying to encrypt.

Remember XORs? I’ll be using the ^ to denote the XOR symbol, since it is the same as C++’s.
Here is a quick demonstration.

message1 in ASCII:
Hello World!
message1 in hex:
48656c6c6f20576f726c6421
That is 24 hex characters.

So for our key we will use this guy
edbf0bc557f77222dab455ca
Courtesy of random.org

message1 ^ key…


2/19/21

App has some Docx to PDF actions, looking into XXE attacks here.
I’ve never performed a MS Office XXE, so its a shot in the dark, but looking forward to the chance to learn.

2/20/21

Family visiting

2/22/21

4 hrs hacking for some business logic errors

2/23/21

Sick kids

2/24/21

3 hrs of hacking

2/25/21

https://portswigger.net/research/top-10-web-hacking-techniques-of-2020-nominations-open

4 hrs hacking for some auth issues and csrf

Weekly Wrap up

Again this week, really whiffed it on the reading.
There was a lot going on at work, so I didn’t get to hack as much as I’d like, but some bounties starting…


Source code with annotations
File named wp-class.php
Is stored as such:
eval(base64_decode("Ly8kYXV0aHBhc3MgPSAiN...
Encoded in a long encoded string, to help hide the contents.

General Info:
This file is for maintaining access after a backdoor is found, containing a command interface for Windows and Unix, some GUI tools, and a some self preservation functionality.

The backdoor functionality is only available if you have a cookie with the correct password set.
$authpass = "7b24afc8bc80e548d66c4e7ff72171c5";
That password is an MD5 hash of the word 'toor' which is root backwards. …


Intro
Nikto is a, non-stealth, web vulnerability scanner. So don’t think the NSA doesn’t know you are using it. This tool is easy to get some quick results, so I especially recommend it to beginners.
The real charm of nikto is that most positive results come with the layman’s description and a link. (Read the contents of these links to become better at life.)
You can initiate your first scan with this command

nikto -h <IP or Host name>

Lets see what we get!

First line is a finger print of the server’s operating system. Sometimes you get very specific…

Jesse Clark

Reformed Baptist Son Of A Shepard

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store