forked from KathanP19/HowToHunt
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Patch 4
- Loading branch information
Showing
8 changed files
with
117 additions
and
0 deletions.
There are no files selected for viewing
11 changes: 11 additions & 0 deletions
11
Account_Takeovers_Methodologies/Chaining_low_impact_bugs_with_xss.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| # Chaining Session Hijacking with XSS | ||
| ``` | ||
| 1.I have add a session hijacking method in broken auth and session managment. | ||
| 2.If you find that on target. | ||
| 3.Try anyway to steal cookies on that target. | ||
| 4.Here I am saying look for xss . | ||
| 5.If you find xss you can stole the cookies of victim and using session hijacking you can takeover the account of victim. | ||
| ``` | ||
|
|
||
| ### Author | ||
| * [@Virdoex_hunter](https://twitter.com/Virdoex_hunter) |
7 changes: 7 additions & 0 deletions
7
...unt_Takeovers_Methodologies/No_rate_limit_on_login_with_weak_password_policy.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| ``` | ||
| So if you find that target have weak password policy try to go for no rate limit attacks in poc shows by creating very weak password of your account. | ||
| (May or may not be accepted) | ||
| ``` | ||
| ### Author | ||
| * [@Virdoex_hunter](https://twitter.com/Virdoex_hunter) |
12 changes: 12 additions & 0 deletions
12
Account_Takeovers_Methodologies/Password_reset_poisoning_leads_to_token_theft.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| # PASSWORD RESET POISIONING LEADS TO TOKEN THEFT | ||
| ``` | ||
| 1.Go to password reset funtion. | ||
| 2.Enter email and intercept the request. | ||
| 3.Change host header to some other host i.e, | ||
| Host:target.com | ||
| Host:attacker.com | ||
| 4.Forward this if you found that in next request attacker.com means you successfully theft the token.:) | ||
| ``` | ||
|
|
||
| ### Author | ||
| * [@Virdoex_hunter](https://twitter.com/Virdoex_hunter) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| ``` | ||
| Go to my Auth Bypass folder and there is a file otp bypass response manipulation that leads to account takeovers. | ||
| ``` | ||
|
|
||
| ### Author | ||
| * [@Virdoex_hunter](https://twitter.com/Virdoex_hunter) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| # Always try to get csrf on: | ||
| ``` | ||
| 1.Change Password function. | ||
| 2.Email change | ||
| 3.Change Security Question | ||
| ``` | ||
| ### Author | ||
| * [@Virdoex_hunter](https://twitter.com/Virdoex_hunter) |
9 changes: 9 additions & 0 deletions
9
Account_Takeovers_Methodologies/Using_sensitive_data_exposure.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| ``` | ||
| This is depends on your luck. | ||
| Sometimes using git recon and google recon you may found files that contains critical information like user tokens, usernames and their password. | ||
| ``` | ||
|
|
||
| ### Author | ||
| * [@Virdoex_hunter](https://twitter.com/Virdoex_hunter) | ||
|
|
36 changes: 36 additions & 0 deletions
36
Account_Takeovers_Methodologies/token_leaks_in_response.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| * So there are multiple ways to do it but all are same. | ||
|
|
||
| * So I will sharing my method that I have learnt here . | ||
|
|
||
| * Endpoints:(Register,Forget Password) | ||
|
|
||
| * Steps(For Registration): | ||
| ``` | ||
| 1.for registeration intercept the signup request that contains data you have entered. | ||
| 2.Click on action -> do -> intercept response to this request. | ||
| 3.Click forward. | ||
| 4.Check response it that contains any link,any token or otp. | ||
| ``` | ||
| ------------------------ | ||
| * Steps(For password reset): | ||
| ``` | ||
| 1.Intercept the forget password option. | ||
| 2.Click on action -> do -> intercept response to this request. | ||
| 3.Click forward. | ||
| 4.Check response it that contains any link,any token or otp. | ||
| ``` | ||
|
|
||
| ### Author | ||
| * [@Virdoex_hunter](https://twitter.com/Virdoex_hunter) | ||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
| Resources:Google,Twitter,Medium | ||
| Please follow me on twitter @Virdoex_hunter. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| # Easy CVES using Researching | ||
|
|
||
| ### Tools | ||
| * Nuclei | ||
|
|
||
| ## Steps: | ||
| ``` | ||
| 1.Grab all the subdomains i.e, subfinder -d domain.com | tee -a domains.txt | ||
| 2.Grap all alive domains i.e, cat domains.txt | httpx -status-code | grep 200 | cut -d " " -f1 | tee -a alive.txt | ||
| 3.Run nuclei basic-detection,panels,workflows,cves templates differently and store results in different file. i.e, cat alive.txt | nuclei -t nuclei-templates/workflows | tee -a workflows. | ||
| 4.Read each output carefully with patience. | ||
| 5.Find interest tech used by target. i.e, jira | ||
| 6.put that link into browser check the version used by target. | ||
| 7.Go on google search with jira version exploit. | ||
| 8.grep the cves | ||
| 9.Go to twitter in explore tab search CVE(that you found from google) poc or CVE exploit | ||
| 10.Go to google and put cve or some details grab from twitter for a better poc read writeups related to that. | ||
| 11.Try all cves if success report it.:) | ||
| ``` | ||
| * Please follow me on twitter [@Virdoex_hunter](https://twitter.com/Virdoex_hunter). | ||
|
|
||
| ### Authors | ||
| * [@Virdoex_hunter](https://twitter.com/Virdoex_hunter) | ||
|
|
||
|
|
||
|
|