I would like to share whatever I have learned during the OSCP course so that others also will get the benefit. Because I have gained the knowledge through many interesting blogs and I too would like to pass on the experience to others. The difference in this blog is that I have focused more on service level enumeration and privilege escalation.Cybersecurity folks especially penetration testers would know what is the OSCP challenge. You can check out below link to have an idea about this course.

Here, as part of this blog, I would like to share enumeration checklist for multiple…


authentication bypass test scenarios

This is going to be a series of blogs in web application security test scenarios and this is one of them. As we all know, web applications have become an integral part of our life. People use web applications for most of the services. Customers register and store their personal data in some company’s web applications. There are so many attacks targeted on web applications by attackers. At the same time, organizations ask penetration testers to identify the loop holes/ vulnerabilities existing in web applications before the attackers do.

As part of the security assessment, the penetration tester will perform…


This is another bug bounty automation blog explaining my thought process for crawling and enumerating JavaScript file. Modern web applications are heavily built on JavaScript. Starting from API calls to most business logics, many critical functionalities are built on client-side nowadays. It is just that if we are able to completely understand the client side logic of a target, then we will able to disclose some unique vulnerabilities.

There are lot of great open source tools specifically built for crawling and enumerating JavaScript files. Every bug hunting individual will have unique thought process in terms of approaching the target and…


It has been long since I have posted my blog on security. However, this time I would like to bring you a top of bug bounty. I know!! as a security researcher most of you will be doing bug bounty hunting as part time or full time. Bug hunting is very challenging but there are many open source tools existing on internet to simplify the job. Today, we are going to check out an automation tool which I created based on an inspiration from iamj0ker (kudos to him!!)

Being a bug bounty hunter, every individual would have definitely encountered 403…


In modern-day web applications, critical application development has been done on javascript files. Java script files contain some sensitive information such as API secret key and other internal domain URL values.

When the attackers get hold of such information, they will be able to talk to API and make changes to them. In one of my target application, API secret was found to be very sensitive. Let us check out how it was identified.

Here, I would like to share the enumeration method of how the key was found. …


What is CVE-2019–19781?

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.

As stated above all the CITRIX ADC with versions specified above are vulnerable to this attack. When I was working on a target, I was enumerating the list of IP addresses.

How to find the IP address of a target?

Using the above methods, one will be able to identify the list of IP addresses of a target application. …


What is SSRF attack?

I have always been curious about finding out SSRF vulnerability. This was the one the bugs that I have recently identified in my target application.

Enumeration:

When I was checking the target application, I will normally look for any URL redirection parameter. This can be identified in multiple ways.

  1. URL query parameters
  2. Search for URL/redirect/http/.com string values in burpsuite sitemap
  3. Use waybackurl tool to identify any historic links have any redirection parameter or not.

4. Look at your request and responses for the redirection parameter

I have found the redirection parameter in the response body when…


String.xml is a single location for various strings your application needs. Here every string has a unique id, this id you use in your code to use that string. It is always recommended not to store critical data. Sometimes due to insecure coding practices, some sensitive information might be stored in strings.xml file. When an attacker performs code analysis of the android application, he/she will be able to get hold of such sensitive information which will lead to compromise of application security.

I have identified such sensitive information in one of the android application’s strings.xml file.

In the target android…


This is going to be the first blog of my bug hunting journey. As many of you are hunting for bugs in different bug hunting forums, I feel that sharing knowledge is like giving back to the security community which has given me a great platform to learn and grow.

I would like to thank everyone who has put extra effort to contribute to the community and help secure the internet from attacks.

In my initial phase of hunting for bug bounties, I was working on a gaming target and able to find out the simple but severe vulnerability in…


Today let us check out how XML file is being processed in java web application and how a malicious input will make an impact on the web application and underlying server due to an insecure XML file parsing process.

XXE attack flow

As most of the penetration testers know what is XXE attack, I would like to talk about how an insecure coding leads to the attack rather than explaining what is XXE attack. If you would like to learn what is the XXE attack, please check out the below links.

I have implemented the basic XXE attack with a java web application…

Pravinrp

OSCP/Security geek &researcher(Application/infrastructure/Mobile/cloud security)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store