Connect with me on twitter: https://twitter.com/@initroott
Quick intro to enumerating a specific target’s digital footprint. I take no responsibility for your use of the below, please always have permission before you engage a specific target.
The below walkthrough explains a simple enumeration of a domain. For this we’ll focus on Tesla.
For this specific target we can assume that our main target is Tesla.com.
Enumeration, specifically domain enumeration can be performed in several ways. I really like the article of Patrik Hudak, refer here https://0xpatrik.com/asset-discovery/.
The two important notes here are vertical and horizontal enumeration. …
My Twitter handle: https://twitter.com/initroott
Be sure to follow my blog at https://governit.co.uk
This would most definitely go out to my most tedious XSS attempts yet. I’ve started with Burp for a good enumeration. I set out my target scope using advance scope control and the host-name as “company.”.
I then browse the application slowly one for one, specifically I look for parameters that gets reflected. Once I suspect reflection I make use of the Intruder tab to Actively scan defined insertion points. Note that I also clear insertion points for cookies etc. I only focus on the URL parameters now.
Let the scanner do its job and keep fuzzing for insertion points. …
Follow on twitter: https://twitter.com/initroott
I did a quick view at a major infrastructure client. Given their modern web-design I couldn't find any reflective injection points.
I’ve let it go for a while and found myself dealing with one of their earlier versions and immediately note that the hosted site is much more outdated than their recent counterparts.
I set out scoping the application using Burp and found a reflective spot. This could lead to a type Stored XSS on the user machine as you’re adding into the container.
Wouldn’t have been able to identify the endpoint if I haven't played with the application functionality. …