Intro Today, I would like to share some simple and quick ways to find stored XSS (Cross-site Scripting) vulnerabilities as well as 2 stored XSS vulnerabilities that I reported in HackerOne private programs. For anyone who is new to AppSec or Bug Bounty, the stored XSS (aka persistent XSS) occurs when…

Intro Around beginning of this year, I wanted to begin my journey for Offensive Security’s OSWE (WEB-300) to boost my AppSec skills. I enrolled for the updated OSWE course that was revamped in 2020. The whole experience of taking the course and the exam was amazing. It was the most valuable…

What is Crypter? A crypter is a software that can encrypt, obfuscate and manipulate malware or a RAT (Remote Access Tool) tool to potentially bypass security products such as anti-viruses. Encryption Process For creating a simple crpyter, I will be using the following process: Generate a key with random characters & seed (32 characters hard-coded…

What is Polymorphism? The polymorphism means the ability of an object to take on many forms. In computer science, the term polymorphism also means the ability of different objects/codes to respond in a unique way to the same functionality. Shellcode Selection I will use the following shellcode from the Shell-Storm to demonstrate the polymorphic shellcode: …

Msfvenom Shellcode Analysis Today I will analyze the following shellcode generated by the msfvenom, specifically in linux/x86: linux/x86/exec — Execute an arbitrary command linux/x86/shell_bind_tcp — Listen for a connection and spawn a command shell linux/x86/shell_reverse_tcp — Connect back to attacker and spawn a command shell 1) linux/x86/exec This msfvenom will execute an arbitrary command that…

What is Encoder? In computer systems, an encoder can be used for various purposes. For example, Base64 encodes binary data into an ASCII characters which are known to pretty much every computer system. Or one may use an encoder to mangle their own code to potentially bypass a security product such as AV…

Help was an easy difficulty Linux box. Good learning path for: GraphQL Query Enumeration Unauthenticated PHP File Upload (HelpDeskZ) Linux Kernel Exploit Initial Recon Nmap # nmap -Pn --open -T4 -sV -sC -p- 10.10.10.121 Starting Nmap 7.80 ( https://nmap.org ) at 2021-04-13 00:14 EDT Nmap scan report for 10.10.10.121 Host is up (0.081s latency). Not shown…

Json was a medium difficulty Windows box. Good learning path for: JSON-based deserialization (Bearer: header) JuicyPotato Exploit (SeImpersonatePrivilege) Initial Recon Nmap # nmap -Pn --open -sC -sV -p- -T4 10.10.10.158 PORT STATE SERVICE VERSION 21/tcp open ftp…