Posts

Site wide CSRF on a popular program

Image
I found this bug in the same program that I explained in this post " Authorization bug every bug hunter missed " I was moving through another target on this program when I noticed that there was no CSRF protection like there were no tokens etc so I wondered what they were using to prevent CSRF, I noticed some high entropy strings in headers but request worked without those headers as well so that wasn't protecting the website from CSRF. Request body consisted of JSON objects basically {key: "value"} pairs the assumption behind using it was that in a typical CSRF attack attackers don't send JSON payloads, so using JSON will naturally protect the application against CSRF. Here's where the trick comes in, It's actually more of check that you should perform while trying to find CSRF bugs, I spotted it on Twitter first you may or may not be familiar with it, here's how it works. It's very simple assume that server side framework is expe

Releasing Flumberbuckets: S3 Bucket Enumeration Tool for Bug Hunters

Image
Flumberbuckets is a part of suite of scripts that I'll be open-sourcing on GitHub in flumberboozle repository, scripts in this repository are supposed to aid bug hunters in hunting, automating workflows, etc. There is also another script in flumberboozle repository which is a portscanner with scan auto-save, auto-startup function called portboozle. What is flumberbuckets? Flumberbuckets is is yet another S3 bucket enumeration tool which you can choose to use while hunting on bug bounty programs or during security assessment. I designed this tool to serve my purposes and now I am open-sourcing it, there are several different tools that exist for people with different tastes. The aim of this tools was to present S3 bucket enumeration results in better format which is visually more appealing than scrolling through output of a bash script that just runs   aws s3 ls  in a loop. How does it work? Flumberbuckets is a really simple script which combines the best of existing S3 bucke

Authorization bug that every bug hunter missed on a popular program

Image
A story of broken access control bug I found while hunting with my friend who is a top bug hunter, huge thanks to him for sharing scope of this private program, as it is a private program I'm forbidden from disclosing name of program and the person. It started on a fine evening when my friend asked me to collaborate with him on a private program for fun and my learning. We were chatting & I was learning his methodology & how he approaches targets, in a few minutes he found few XSS on a sub-domain but that was OOS then he demonstrated how he generally checks everything, meanwhile I was struggling to keep pace with his findings and replies on chat meanwhile I had just signed up for an account on the site and Burp was logging all the traffic. After a while he was done finding XSS & CSRF and went offline I was also kind of demotivated after he went offline thinking that program being so old and popular among bug hunters there will not be any low hanging fruits esp

Installing XFCE & other things on Arch Linux

Image
How to do a complete Arch Linux install with XFCE, LightDM, Udisks, Yaourt, and other essentials Arch Linux is a lightweight Linux distribution and installing Arch Linux teaches you a lot about how system works under the hood, after you've installed Arch you'll start to appreciate command line and Arch's install procedure. I used to like distributions such as Parrot and Ubuntu because they already had packages installed and configured for me, but the point of installing Arch is to learn about Linux system. Learning core components of Linux and knowing which packages you've installed will also help you in fixing problems which might arise in the future, also building a system from command line is fun. Like Arch, XFCE Desktop Environment is also lightweight, minimal, and not resource hungry. Though XFCE is simple and lightweight it has some modern features, and if you customize it like me, It'd look really cool while taking about 200 MB to 300 MB of your m

Post Install Configuration of Arch Linux

Installing VirtualBox Guest Additions VirtualBox Guest Additions provides drivers and applications that optimize the guest operating system including improved image resolution and better control of the mouse. Official Installation Procedure To install enter the following command. sudo pacman -S virtualbox-guest-utils  I have Linux kernel so I'll choose virtualbox-guest-modules-arch , when asked. Installing Other Essential Applications You can choose between vlc and parole they're both good. screenfetch will print out system specs for you on the terminal. sudo pacman -S firefox parole screenfetch Customizing Arch Linux   Lets install good stuff! This is how I customize My preferred icons -- Paper icons My preferred theme -- Arc Dark or Arc Darker My preferred mouse -- Simple and Soft My preferred Font  -- Ubuntu 10 Lets install them sudo pacman -S ttf-ubuntu-font-family arc-gtk-theme xcursor-simpleandsoft sudo yaourt -S paper-icon-theme

How to add a Sudo User in Arch Linux

You might be installing Arch and having a root account right now, and you want to add a sudo user. Lets add my username to your machine so I could use it too. First, we need to make a new user then we will give the user sudo privileges useradd -m -G users -s /bin/bash fellchase Now we've to set up password for new user passwd fellchase Be CAREFUL now, ideally you should use visudo to edit this but I'm a nano user so I can use it too. nano /etc/sudoers Make sure you don't mess up this file by adding unnecessary tabs and spaces!!! Just type this line fellchase ALL=(ALL) ALL Below this line root ALL=(ALL) ALL Now use CTRL + X to exit hit 'y' to confirm and then hit ENTER Now reboot and then login using fellchase & try to use sudo, It should work

Automount any filesystem at startup without root & with a single command

Image
The normal method to Automount file systems at startup in Linux always has something to do with terminal, nano, editing fstab files, finding UUIDs and all, otherwise you have to download a package for doing this for you. Normal Mounting procedure in Ubuntu I use Manjaro Linux XFCE and I faced the same problem I didn't want to mess up with my fstab and other files and was trying to find another way of doing this. I seen Thunar can mount filesystems without permission or without asking any credentials, so this article should help most of the Manjaro users to mount their file systems automatically at startup. I found out that Thunar uses udisksd to do this We'll be using udisksctl in Manjaro to do this. udisksctl is a command-line program used to interact with the udisksd daemon process. If you just want to mount your desired filesystem at startup this command will help you out and you've to just launch it at startup! udisksctl mount -b /dev/sdXN Similarly