You may have seen my last post related to DNS exfil in a MS-SQL environment using Burp Suite’s Collaborator tool. I had mentioned that spinning up a DNS infrastructure that allows you to perform DNS exfil outside of this tool can be difficult. I was quickly notified…
I had an engagement the other week where I discovered a few instances of Blind SQL Injection in a .NET application with a Microsoft SQL Server (MS-SQL) back-end database system. The underlying account user had “sysadmin” privileges but due to the reservations of my client, I chose…
I worked through a netpen CTF the other day that provided me a jump box to access the entire scenario with. Despite there being some tools installed on the jump, I didn’t want to use it as my attacking host nor did I want to catch shells…
I was recently introduced to a really cool domain flyover tool named Aquatone written by Michael Henriksen. In the past, I had used another really cool tool known as EyeWitness to perform similar tasks. In short, both of these tools screenshot web application resources (among other things)…
I was going over an application I wrote prepping for my upcoming class and realized the shortcoming’s of Burp’s default session handling mechanisms. Not to knock Burp, but working with a Single Page Application (SPA) that makes calls to several APIs using a JSON Web Token (JWT)…
Some of the earlier tasks I work through when assessing a web application revolve around enumerating the available attack surface my target has to offer. There are a few easy ways to quickly find paths offered by an application. robots.txt The first of these would be examining…
So on to the second leg of this journey. You can find the first installment of my Burp Suite Tips series at the following link. Burp Suite Tips – Volume 1 Viewing Target and Repeater Using Tabs I much prefer viewing the Target and Repeater tabs using…