Connect with me on twitter: https://twitter.com/@initroott

Quick intro to enumerating a specific target’s digital footprint. I take no responsibility for your use of the below, please always have permission before you engage a specific target.

The below walkthrough explains a simple enumeration of a domain. For this we’ll focus on Tesla.

The basics

For this specific target we can assume that our main target is Tesla.com.

Enumeration, specifically domain enumeration can be performed in several ways. I really like the article of Patrik Hudak, refer here https://0xpatrik.com/asset-discovery/.

The two important notes here are vertical and horizontal enumeration. …


My Twitter handle: https://twitter.com/initroott

Be sure to follow my blog at https://governit.co.uk

This would most definitely go out to my most tedious XSS attempts yet. I’ve started with Burp for a good enumeration. I set out my target scope using advance scope control and the host-name as “company.”.

I then browse the application slowly one for one, specifically I look for parameters that gets reflected. Once I suspect reflection I make use of the Intruder tab to Actively scan defined insertion points. Note that I also clear insertion points for cookies etc. I only focus on the URL parameters now.

Image for post
Image for post

Let the scanner do its job and keep fuzzing for insertion points. …


Follow on twitter: https://twitter.com/initroott

I did a quick view at a major infrastructure client. Given their modern web-design I couldn't find any reflective injection points.
I’ve let it go for a while and found myself dealing with one of their earlier versions and immediately note that the hosted site is much more outdated than their recent counterparts.

I set out scoping the application using Burp and found a reflective spot. This could lead to a type Stored XSS on the user machine as you’re adding into the container.

Wouldn’t have been able to identify the endpoint if I haven't played with the application functionality. …

About

Frans Hendrik Botes

OSCP, CISM, CISA, CRISC

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store