Show more
ath0  

Day20: Published my start/stop script to github (github.com/stop-a/misc_scripts). Bashed at github.com/DevSlop/Pixi in my lab. Got a little more acquainted with Postman.

1
ath0  

Day21: Enumeration and attacks on crAPI. Error message on one of the screens suggested I might be able to brute force 'a thing'. Used ZAP's regex fuzzer for the first time. Didn't get a hit, so I've either mis-inferred what the message meant or it's a lie. After registering a user, attacked jwt with jwtcrack to see if I could get the secret. Success! JWT payload may be an unfortunate decision, so next step is to find other users to see if I can impersonate them.

1
ath0  

Day22: Found some users. With the secret from "my" jwt and was able forge tokens for each user. With the forged tokens, I could reset their passwords. However, logging in yielded a blank page. Trying out kiterunner to find other API endpoints while I watch the Jan 6 hearings.

1
ath0  

Day23: Another chapter down in _Hacking APIs_ and tinkering with postman. Time for a cocktail and then pick it back up after dinner.

1
ath0  

Day24: Continued on the exercise from Chapter 9. Couldn't get postman to reproduce the results I was expecting. So, I wrote a bash script to do the enumeration. I get the point. Icing would be to rewrite in python and add some processing.

1
ath0  

Day25: Continued tinkering with script and postman to refine enumeration process on crAPI. Still bash über alles! I *think* I'm finding different version of APIs, so need to work through how to confirm and then, once confirmed, how to exploit.

1
ath0  

Day26: Continued reviewing results of running script for 3 scenarios--got a couple of more I could try, but I want to tweak the output. Read chapter 10 of _Hacking APIs_, in the past I've failed to consider the the real signal in an HTTP 405. Do better!

1
ath0  

Day27: Tried out the exercise at the end of chapter 10. Read chapter 11 of _Hacking APIs_.

1
ath0  

Day28: Time to read chapters 12 and 13 of _Hacking APIs_. Busy day.

1
ath0  

Day29: Time to read chapter 14 of _Hacking APIs_. Tomorrow, labs for 12, 13, & 14.

1
ath0  

Day30: Finished _Hacking APIs_ last night. Will review and finish labs tomorrow. Spent a couple of hours looking at a VDP/Bug Bounty program with a really big scope. Started nailing down and documenting some of the detailed scope—DNS domains, net blocks, websites, etc.

1
ath0  

Day31: Diving back into _Bug Bounty Bootcamp_ by Vickie Li (@vickieli7/twitter). Skimmed/refreshed chapters 1-4. Slowed down on chapter 5 and started blindly applying examples to the VDP I picked last night. Finding hosts and subdomains.

1
ath0  

Day32: More enumeration of VDP scope. A host/subdomain I initially picked off looks to be an orphaned DNS name. Will keep an eye out for calls to it from other assets. Maybe the glb/waf is looking for something "magical". Found a doc spelling out a policy that may help.

1
ath0  

Day33: More enum. Found a new tld to chew on. Started poking at an apparent code repository, but it's pretty thin. Need to do some reading on the product. Another host is H U G E, relatively speaking, and is running Wordpress. Managed to get my IP baninated spidering the site. Getting acquainted with axiom now.

1
ath0  

Day34 (1/3rd of the way!): A scan is still going, but it's NAT is likely sinkholed. Will wait until scan is done to confirm. Spider results from ZAP are still getting chewed on. So, in the meantime, read ahead on _Bug Bounty Bootcamp_.

1
ath0  

Day35: Scan is done and the results are thin. I did feed it too much, but the results suggest I may have misused the tool. Shrinking the target and trying another tool. Some of the URLs in the spider results have queries, so checking for sqli test candidates. ZAP continues trying to choke down the analysis of the spidering.

1
ath0  

Day36: Tried out feroxbuster. Seems like it's hung, so I'll give it some more time. Took another look at the code repository's search function to see if I could find more 'stuff'. No joy there. Need to read some more. Might be time to look at another host in the VDP.

1
ath0  

Day37-ish: Feroxbuster was hung. Killed it off, pulled state file and output log back for additional analysis. Gave to face discussions with a netsec vendor about netflow analysis, which dovetailed with risky.biz podcast I listened today. They talked w/Gigamon on the same topic.

1
ath0  

Day38: Vacation! Which is going to cramp my activities. Reading chapter 6 of _Bug Bounty Bootcamp_.

1
ath0  

Day39: Vacation! Reading chapter 7 of _Bug Bounty Bootcamp_.

1
ath0  

Day40: Still vacationing. Read Chapter 8 of _Bug Bounty Bootcamp_. (Also watched _Dr. Strange and the Multiverse of Madness_.)

1
ath0  

Day41: Read chapter 9 of _Bug Bounty Bootcamp_.

1
ath0  

Day42: Read chapter 10 of _Bug Bounty Bootcamp_.

1
ath0  

Day43: Read chapters 11 & 12 of _Bug Bounty Bootcamp_. Tomorrow is travel day.

1
ath0  

Day44: Chapter 13 of _Bug Bounty Bootcamp_ done.

1
ath0  

Day45: Baseball Hall of Fame visited today and Chapter 14 of _Bug Bounty Bootcamp_ done. Going to need to do some more labs and walkthroughs of deserialization. Feels a bit like a dark art.

1
ath0  

Day46: “Home again, home again, jiggity jig.” Rock and Roll Hall of Fame and chapter 15 of _Bug Bounty Bootcamp_ done. Enjoying a jigger of Canadian whiskey to unwind.

1
ath0  

Day47: Read chapter 16 of _Bug Bounty Bootcamp_.

1
ath0  

Day48: Mixed it up today. Started watching youtube.com/watch?v=Llw2PAlXUo, which led to a twitter/@Alh4zr3d livestream on twitch.tv/alh4zr3d, which then led me to twitter/@mttaggart and led me to youtube.com/taggarttech which has an API hacking video I want to watch next.

1
ath0  

Day49: Read chapters 17 and 18 of _Bug Bounty Bootcamp_.

1
ath0  

Day50: Watched some more of a stream with alh4zred. Shadowed someone on discord while they hacked on an android app. Got to see similarities between web apps and mobile apps. Also got to point out a ZAP feature, so I contributed a little bit! ;)

1+
ath0  

Day51: Flippin' power outage. It's back on and the day isn't done. I've been enumerating htb/trick. Once service appears to be a dead end. Another service is not giving anything up easily. A third service is interesting, I'm not as well versed in its tech. Fortunately, there's metasploit for that. For now, anyways.

1
ath0  

Day52: Kept at htb/trick. Had to spend some time getting acquainted with how "Break" works in ZAP. Wanted to edit a page coming from the server. Didn't get the result I was hoping for. Got one more setting to try before ruling this approach out.

1
ath0  

Day52.1: Went to the forums for some hints. Revisited a service I thought was a dead end. Double-checked syntax and tried another potential configurable. Boom. Found another entry point. Now I'm starting to get some progress. ...and I'm leaving to go to a concert soon. Gotta unplug for a bit, every now and again!

1
ath0  

Day53: Got creds from yesterday's scans. Explored the app, looking for escalation vector. Found limited LFI, so progress!

1
ath0  

Day54: Read another chapter, chapter 19, of _Bug Bounty Bootcamp_.

1
ath0  

Day55: More banging on trick.htb. Found a new potential entry point. Took a while to figure out how to find it, but didn't get terribly far on it before I had to pack it in.

1
ath0  

Day56: More cracking at trick.htb. Found a thing on an entry point, but I'm stuck turning it into something more useful. Tantalizing config on entry point two, but it isn't giving me any goods.

1
ath0  

Day57: watched a live stream, Alh4zr3d breaks two k8s challenges on try hack me

1
ath0
Follow

Day58: Read chapter 21 in _Bug Bounty Bootcamp_. Dangling CNAME is bad, m'kay? A deeper dive on sign-sign-on exploits is really going to be needed for effectiveness.

· 1· 0· 0
ath0  

Day59: Turns out I read chapter 20 yesterday and chapter 21 tonight. Duh. Saw a walk through yesterday that leveraged looking for .git on a web page. I haven’t done an analysis on that kind of information disclosure vuln, but I reckon it’s rare but damaging. Tomorrow, we read code.

1
ath0  

Day 60: Read chapter 22 of _Bug Bounty Bootcamp_.

1
ath0  

Day61: Finished _Bug Bounty Bootcamp_, skipped chapter 23 and read chapters 24 & 25. Tomorrow, back to .

1
ath0  

Day62: Okay, I lied. Not HtB. Looked at an Offensive Security Proving Grounds-Playground box. Watched a live walk-through on the box. Also watched an Ippsec video re: LFI.

1
ath0  

Day63: Hack the Box Academy today. Worked on LFI module.

1+
ath0  

Day64: Started a multiday CTF. Got three of the first five challenges presented and am sitting on 800/1000 points. Going to sit in on Alh4zr3d stream before making dinner and watching the Jan6 shennanigans.

1
ath0  

Day65: Looked at the CTF again. No new challenges. Did more enum on one of the remaining, but didn't make progress. Hit Offsec Proving Grounds Play and pwned "Dawn", so that helped recover some ego.

1
ath0  

Day66: Took a quick look at an Offsec Proving Grounds Play box. Found an LFI. Have a couple of users. Didn't find anything else terribly fun. Making a run at brute forcing a password.

1
ath0  

Day67: Hack the Box Academy, did the ffuf module.

1
ath0  

Day68: More work on Hack the Box Academy and on the ffuf module. Not making it through it as fast as I would like. Practice make perfect!

1+
ath0  

Day69: More work on HtB Academy & ffuf. One more exercise to complete. Also kibbutzed on Al4zr3d stream while he walked through a couple of TryHackMe boxes.

1
ath0  

Day70: More work on HtB Academy & ffuf. Made some progress and then stalled. Looks like word list choice is finicky. Read this article and found it pretty interesting: blog.includesecurity.com/2022/. Signed up for the beta of git CodeSearch.

1
ath0  

Day71: almost forgot to log it. Watched a stream. Hacked on a ctf. Figured out limited rce, but stumped on turning it into something really useful. It’ll be on tomorrow, so maybe a fresh look after sleep and coffee.

1
ath0  

Day72: Continued banging on ctf. Limited rce was sneaky rabbit hole. Found correct path to get shell. New one on me, so that was fun. Working on pivot point. This one's a little tougher.

1
ath0  

Day72.1: Update. I eventually figured the pivot—“pcap, or it didn’t happen!” Learned a bit more about Docker and worked on Wireshark skill. Ended up w/in top 10 and got a cyberrange voucher from the prize pool. I reckon there were between 50 and 100 people taking a crack at it.

1
ath0  

Day73: Took a crack at today's release on HtB. Bunch of enumeration. Still poking around to find entry point. Not a webserver and I'm out of practice on anything but web servers, so this is good. Slow. But good.

1
ath0  

Day74: Found a user w/low priv on the HtB box--based on the hostname, I took a flyer at a username I thought would match. Was able to use it to enumerate some additional users. Now brute-forcing for passwords. No school like the old school. Really wish folks would use fasttrack.txt for password brute forcing. Fairly long list of users, so this will take a while.

1
ath0  

Day75: Got my CTF prize, a month-long access to Offsec Proving Grounds Practice, so started on that. Hitting the first easy box. Basic enumeration in-flight. SSH, DNS, and two web services and and two mqueue listeners.

1
ath0  

Day76: Listened in on a couple of twitch streams by Alh4zr3d and mmtaggart. Poked at a Winderz box on offsec proving grounds.

1
Show more
KETCHUP  

@scottlink try the academy

1
ath0  

@ketchup9080 "do or do not, there is no try!" ;) I've been chipping at it here and there. Time to dig in.

0
KETCHUP  

@scottlink if you need help, let me know

1
ath0  

@ketchup9080 Thanks! I'm, laughingly, banging on the last ffuf challenge before the skills assessment. I've been interleaving it with watching an Alh4zr3d stream, dinner, etc. If I don't get it sorted tonight, I'll ping you tomorrow.

0
Sign in to participate in the conversation

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.

Resources

Developers

What is CounterSocial?

Created by potrace 1.15, written by Peter Selinger 2001-2017

counter.social

More…