Posts

Showing posts from October, 2020

X-Forwarded-For Header

Image
 X-Forwarded-For- Some web applications make it possible to restrict access based on IP address of the visitor. This is particularly common for administrator interfaces. It is a good idea to restrict this interface to the IP addresses that are known to be used by actual administrators. To implement this, the web application will check the REMOTE_ADDR value that the webserver passes through to the application. The X-Forwarded-For header is usually set by a proxy, but it can also be added by an attacker. By adding his own X-Forwarded-For header, the attacker can spoof his IP address. If the IP block is implemented incorrectly, it can be bypassed by putting an allowed IP address in the header, even if the connection actually originated from a blocked IP address. Without X-Forwarded-For Header Header- With X-Forwarded-For Header Header- You can use "Bypass WAF" Burp plugin to automate this with session handler rule for proxy tab for all URL's.   Redirected to 302- Other ...

XML external entity (XXE) injection Vulnerability

Image
XML external entity (XXE) injection- XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML data. It often allows an attacker to view files on the application server filesystem, and to interact with any back-end or external systems that the application itself can access. In some situations, an attacker can escalate an XXE attack to compromise the underlying server or other back-end infrastructure, by leveraging the XXE vulnerability to perform server-side request forgery (SSRF) attacks. XML external entities are a type of custom XML entity whose defined values are loaded from outside of the DTD in which they are declared. External entities are particularly interesting from a security perspective because they allow an entity to be defined based on the contents of a file path or URL. What are the types of XXE attacks-  There are various types of XXE attacks- Exploiting XXE to retri...

Basic-Recon-Massscan+nmap

Script- #!/bin/bash input=$1 masscan_scan() { mkdir -p ip tmp nmap masscan -iL $input -p 0-65535 --rate=10000 --open -oG tmp/test.txt } masscan_scan filter_ip () { cat tmp/test.txt | grep "Host" | awk '{print $2}' | sort -u > tmp/tmp.txt } filter_ip nmap_file() { for ip in $(cat tmp/tmp.txt); do echo "nmap $ip -T3 -sV -oX nmap/$ip.xml -p" > ip/tmp.txt cat tmp/test.txt | grep "Host" | awk '{print $2,$5}' | sed 's/[open/tcp]//g' | grep "$ip" | awk '{print $2}' | xargs | sed 's/ /,/g' | sort -u >> ip/tmp.txt cat ip/tmp.txt | xargs > ip/$ip rm ip/tmp.txt done } nmap_file nmap_scan() { for ip in $(ls ip/*); do sleep 2 $(cat $ip) done } nmap_scan remove_file () { rm ip tmp -R } remove_file Retrieved from-https://github.com/Musab-khan95/Basic-Recon/blob/master/scan.sh