Lazy Hacker

  I had faced a situation where the client gave me a list of 2000 IP addresses list and after sometime client gave me another list of IP addresses which was not in scope. Now the problem was that I have to filter out the scope IP address from the IP address list.  I had two options  1. Do it manually  2. Done by automation.  I had chosen 2nd option. Initially, automation takes time, but it makes our life easy. Command: Scope_IP_Address_Filter_From_IP_Address_List.exe IPaddresslist.txt outofscope.txt Output File: Finalscope.txt Download: https://github.com/crazywifi/Filtering_Out_Outofscope_IP_From_Scope/releases/tag/Scope_IP_Address_Filter_From_IP_Address_List

  How JSON CSRF can be exploitable? The JSON CSRF can be exploited in four ways depending on other factors that we will discuss: By using normal HTML Form1: When  Content-Type  is not validating at the server-side and also not checking for the POST data if it’s correctly formatted or not. By using normal HTML Form2 (By Fetch Request): When  Content-Type  is not validating at the server-side and only checking for the POST data if it’s correctly formatted or not. By using XMLHTTP Request/AJAX request: When  Content-Type  is validating at the server-side and the server accepts only “ Content-Type: application/json” By using Flash file: When  Content-Type  is validating at the server-side and the server accepts only “ Content-Type: application/json”  and CORS is also configured properly Case1:  When Content-Type is not validating at the server-side and also not checking for the POST data if it’s correctly formatted or not. Why do we need to check by changing the Content-Type? Because we ca

  Hello Everyone, I have seen many queries on Google regarding the Veracode XML report where people are asking about that how to convert the XML report to Excel. So now the solution is here: Access my Github URL  https://github.com/crazywifi/Veracode_XML_Report_To_Excel_File_Converter Download any file [Python or EXE]. Copy the EXE file/Python file to the Veracode XML report file folder. Run the command “Veracode_XML_to_Excel.exe Veracode_XML_File.xml” or “python3 Veracode_XML_to_Excel.py Veracode_XML_File.xml” The output report will generate by the name “Veracodeout.xlsx” Features of this script: 1. You can convert the XML file to Excel. 2. The Excel file includes: * Severity * Vulnerability Name * IssueID * Description * Remediation * SourcePath * Line Number * Mitigation Status 3. Remediation is in a separate column 4. The Severity is converted to strings like Critical, High, Medium, Low, and Informational. I hope this tool will make your life a little easier :)

  I found one logical issue when I was testing. I am directly coming to the test case because there is nothing much here to explain. About the application working: An application had OpenID connect by Gmail and also had a normal registration page (username and password). An application had an email change functionality, where the user could change the email ID to any email ID. One condition was that the email should not be registered previously by a normal registration form. The application was not verifying the user's new email id. Attacker Scenario: Attacker email ID:  attacker@gmail.com Victim email ID:  victim@gmail.com (He has not registered an account in the application till step 2) The attacker created his account by using attacker@gmail.com and logged into the application. The attacker clicked on the change email functionality and mentioned the victim email ID victim@gmail.com. Now, Victim thought to create an account by using OpenID Connect (Gmail SSO). The victim logged i

Certificate Transparency is the open-source framework for the certificate authorities (CAs) under which they log the certificates to the domain name owners. In this way, anyone can see which CA has issued a certificate for which domains. It is like the inventory of all certificates, certificate authorities, and domains. Why do we need Certificate Transparency? By compromising the infrastructure of the certificate authority, the adversary can maliciously issue the certificates by the certificate authority without the consent of CA. The certificate authority can mistakenly issue a certificate to the wrong owner. The problem with the previous CAs infrastructure was that there was no effective way to audit or monitor SSL certificates in real-time. So, when any missteps or malicious activities happen, the suspect certificate was not usually detected and revoked for weeks or months. These miss issues of certificates were used to spoof a legitimate website or to install malicious software etc

The website holder generates the “public key” and “private key”. The website holder sends the “public key” with some other information like holder name, subject, serial number, signature algorithm, signature, etc to the certificate authority. The certificate authority verifies the data provided by the Website holder then builds the certificate and finally digitally signs it for the holder. A certificate is a document that contains necessary information about the website holder like the holder's public key, expiration date, name of the certificate holder, and the digital signature of the certificate-issuing authority. CA send the certificate to the website holder. The holder configures the certificate in the server.

  When we access the HTTPS website in the browser, let's say Google, the google server sends the server public key and the certificate which was signed by CA to the user. Now the user's browser verifies the authenticity of the certificate. It does this by verifying that the certificate was issued by a trusted Certificate Authority (CA). Browsers come pre-installed with a list of trusted CAs. It checks the digital signature on the certificate using the CA's public key. If the signature is valid, it means that the certificate hasn't been tampered with and was indeed issued by a trusted CA. As told in the above steps, Google sends its public key when we enter  https://www.google.com  in the browser. Any data encrypted with this public key can only be decrypted with Google’s private key which Google does not share with anyone. After certificate validation, the browser creates a new symmetric key let us say “Session Key” and make 2 copies of it. These keys can encrypt as wel

  A digital signature is a mathematical way of verifying the authenticity of digital messages or documents. The steps followed in creating a digital signature are:

  Hello everyone, So I was doing the recon of Airbnb by the automation process for finding the open-redirection issues. I have successfully found the issues on 94 subdomains but it is stated as   “Not-Applicable” . I show them the POC of complete exploitation by using TinyURL. Reason:  “external_link endpoint is working as intended” Note:  Nothing is mentioned in the out of scope for such issue or parameter. So how I found that? I have used the below command: cat airbnb_subdomain.txt | waybackurls | tee -a waybackurls.txt cat waybackurls.txt| grep -a -i \=http | qsreplace ‘google.com’ | while read host do;do curl -s -L $host -l |grep “google.com” && echo -e “$host \033[0;31mVulnerable\n” ;done | tee -a openredirect.txt Sometimes the company only allowed some domains for redirection. Why I have used “google.com” Because it is the most trusted domain and company used many libraries of google that's why. If you know that redirection is possible then you can for other methods t