You may have seen my last post related to DNS exfil in a MS-SQL environment using Burp Suite’s Collaborator tool. I had mentioned that spinning up a DNS infrastructure that allows you to perform DNS exfil outside of this tool can be difficult. I was quickly notified…
DNS Exfiltration through Blind SQL Injection in a MS-SQL Environment Using Burp Collaborator
I had an engagement the other week where I discovered a few instances of Blind SQL Injection in a .NET application with a Microsoft SQL Server (MS-SQL) back-end database system. The underlying account user had “sysadmin” privileges but due to the reservations of my client, I chose…
Forwarding Shells Through A Jump Box Using SSH
I worked through a netpen CTF the other day that provided me a jump box to access the entire scenario with. Despite there being some tools installed on the jump, I didn’t want to use it as my attacking host nor did I want to catch shells…
Application Enumeration Tips using Aquatone and Burp Suite
I was recently introduced to a really cool domain flyover tool named Aquatone written by Michael Henriksen. In the past, I had used another really cool tool known as EyeWitness to perform similar tasks. In short, both of these tools screenshot web application resources (among other things)…
Using Burp Suite’s Cookie Jar for JSON Web Tokens
I was going over an application I wrote prepping for my upcoming class and realized the shortcoming’s of Burp’s default session handling mechanisms. Not to knock Burp, but working with a Single Page Application (SPA) that makes calls to several APIs using a JSON Web Token (JWT)…
On the War Path! – Basic Application Recon
Some of the earlier tasks I work through when assessing a web application revolve around enumerating the available attack surface my target has to offer. There are a few easy ways to quickly find paths offered by an application. robots.txt The first of these would be examining…
Burp Suite Tips – Volume 2
So on to the second leg of this journey. You can find the first installment of my Burp Suite Tips series at the following link. Burp Suite Tips – Volume 1 Viewing Target and Repeater Using Tabs I much prefer viewing the Target and Repeater tabs using…