Posts

Showing posts from February, 2020

API Security Tips

This challenge is Inon Shkedy's 31 days API Security Tips -API TIP: 1/31- Older APIs versions tend to be more vulnerable and they lack security mechanisms. Leverage the predictable nature of REST APIs to find old versions. Saw a call to api/v3/login? Check if api/v1/login exists as well. It might be more vulnerable. -API TIP: 2/31- Never assume there’s only one way to authenticate to an API! Modern apps have many API endpoints for AuthN: /api/mobile/login | /api/v3/login | /api/magic_link; etc.. Find and test all of them for AuthN problems. -API TIP:3/31- Remember how SQL Injections used to be extremely common 5-10 years ago, and you could break into almost every company? BOLA (IDOR) is the new epidemic of API security. As a pentester, if you understand how to exploit it, your glory is guaranteed. Learn more about BOLA : https://medium.com/@inonst/a-deep-dive-on-the-most-critical-api-vulnerability-bola-1342224ec3f2 -API TIP: 4/31- Testing a Ruby on Rails App & n...

hackNos: ReconForce Walkthrough

Image
hackNos: ReconForce Walkthrough Nmap- Nmap scan report for 192.168.56.106 Host is up, received  arp -response (0.0012s latency). Scanned at 2020-02-17 13:51:07 India Standard Time for 26s Not shown: 997 closed ports Reason: 997 resets PORT   STATE SERVICE REASON         VERSION 21/ tcp  open  ftp     syn-ack  ttl  64  vsftpd  2.0.8 or later |_ftp-anon: Anonymous FTP login allowed (FTP code 230) | ftp-syst: |   STAT: | FTP server status: |      Connected to ::ffff:192.168.56.1 |      Logged in as ftp |      TYPE: ASCII |      No session bandwidth limit |      Session timeout in seconds is 300 |      Control connection is plain text ...