Everyone is sick in the house but I had some running scans I needed to check up on.
I found a SQL injection bug on a blog.
Here's how I did it, so you can learn...
👇
🚨Like, retweet, & follow for more hacker tips!🚨
1/x
Firstly, I ran reconFTW on a set of domains related to the target. I had the main domain, and several acquisition domains running too. The acquisitions were gathered from CrunchBase and Wikipedia.
ReconFTW runs screenshotting on all web-resolvable domains and subdomains.
I opened that folder and saw what looked to be a marketing campaign site that was super old for a product the company no longer supported. To further confirm the Copyright footer was from 2016
3/x
This means the site hasn't seen much love in a while.
I browsed the site and immediately saw paths that were WordPress.
When hacking WordPress, the defacto is using a tool called WPScan (@_WPScan_ ).
4/x
There are also some other free alternatives listed here:
= Stealing checks worth millions & pwning a bank =
Here’s how I did it, so you can learn.
I was once contracted to do a penetration test on a bank…
Like, retweet, and follow for more hacker stories!
(1/x)
The main website was hardened. After spending a lot of time on understanding it, most of the makeup of the transfer system was API based and the infrastructure was AWS.
I decided to open up the mobile application to see if it was any different.
🧵(2/x)
I proxied the iOS app through a proxy to see its web traffic.
I also was running the app on a jailbroken phone to see what files were created when installing and using the app.
At this time, I was using dirsearch. (I would use ffuf or feroxbuster these days)
(something like the image)
I discovered, (by proxying the site through Burp Suite and looking at responses and errors), that the application was written in CodeIgniter. Noted this down.
If you don't want to use a VPS or run native (dual-boot Linux) you can install Ubuntu and WSL 2.
(+) You'll (probably) benefit from more memory, cores, and a fast broadband connection.
(+) You can eliminate or supplement your VPS costs
(+) Usability is nice (file management, copy-paste)
(-) WSL2 does not yet support raw sockets, so no nmap or masscan
(-) Mass DNS requests (resolver tools like massdns/puredn) will crash WSL DNS for some reason
2/3
(-) on wsl 1.0 (if you decide to use that) git is painfully slow, including setting up dependencies in large frameworks like reconFTW
(+) ... Your gains in speed per dollar are good. Most gaming rigs equivalent VPS (proc/mem/storage) costs will run you $80-$120 on Digital Ocean