Share this page!

Abhishek Meena Profile picture
Twitter logo
Nov 28 3 tweets 3 min read
Bypass Linux Shell Restrictions { v1 }
#bugbounty #Infosec #pentest

Look the thread 🧵Below :👇
🏹Common Limitations Bypasses
#bugbounty #infosec

• Reverse Shell : 👇

• Short Rev shell : 👇
• Bypass Paths and forbidden words :🖼👇

• Bypass forbidden spaces : 🖼👇

• Bypass backslash and slash :🖼👇

• Bypass pipes : ↙

bash<<<$(base64 -d<<<Y2F0IC9ldGMvcGFzc3dkIHwgZ3JlcCAzMw==)

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Abhishek Meena

Abhishek Meena Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @Aacle_

Abhishek Meena Profile picture
Nov 29
⭐ JWT Testing Guide ⭐
#bugbounty #infosec

Thread🧵:👇
Some Sort of Tools :

• That would be helpful for Testing Flows in the process of Authentication or Authorization 🖼 ->👇

More🧵:👇 Image
General Info That you should know about

• Some Major flows in Stablishment of JWT Token :

1. Leak Sensitive Info
2. Send without signature
3. Change algorythm r to h
4. Crack the secret h256
5. KID manipulation

See IMG For More : 👇

More Thread 🧵:👇 Image
Read 5 tweets
Abhishek Meena Profile picture
Nov 28
Code Review 👩‍💻 Resources for Bug Bounty
#bugbounty #infosec

======
Bugbounty Tips Group Link :
t.me/bugbountyresou…
======

See Below 🧵(1/4) :👇
• Javascript Code Review : medium.com/techiepedia/ja…

• Code Review by Vickie Li : attacker-codeninja.github.io/2021-08-24-cod…

• Code Review Video by OWASP develop :

• Analyze Code For Bugs by BBH & Vickie Li Video :

More🧵(2/4) :👇
• Analyzing JS Files Video by XSSRat :

• Code Review With Chrome Extension Video by BugCrowd :

• Source Review Video by hackerone :

More🧵(3/4) :👇
Read 6 tweets
Abhishek Meena Profile picture
Nov 27
Master OAuth 2.0 Vulnerability
#bugbounty #infosec

Difficulty : Any

OAuth 2.0 Resources🧵:👇
owasp.org/www-pdf-archiv…

medium.com/@lokeshdlk77/s…

medium.com/a-bugz-life/th…

gauravnarwani.com/misconfigured-…

medium.com/@Jacksonkv22/o…

medium.com/@logicbomb_1/b…

medium.com/@protector47/f…

More OAuth 2.0 Resources🧵:👇
hackerone.com/reports/49759

hackerone.com/reports/131202

hackerone.com/reports/6017

hackerone.com/reports/7900

hackerone.com/reports/244958

hackerone.com/reports/405100

ysamm.com/?p=379

amolbaikar.com/facebook-oauth…

medium.com/@godofdarkness…

More OAuth 2.0 Resources🧵:👇
Read 5 tweets
Abhishek Meena Profile picture
Nov 27
OAuth 2.0 Explained ! 📌v2
#bugbounty #infosec

Difficulty : Beginner & Intermediate

Read Thread🧵:👇
⭕ Weak redirect_uri

1. Alter the redirect_uri URL with TLD
aws.console.amazon.com/myservice -> aws.console.amazon.com

2. Finish OAuth flow and check if you're redirected to the TLD, then is vulnerable

3. Check your redirect is not to Referer header or other param [See ->🖼:👇]

🧵:👇
⭕Path traversal :
https: //yourtweetreader.com/callback/../redirect?url=https://evil.com

⭕HTML Injection and stealing tokens via referer header.

• Check referer header in the requests for sensitive info

🧵:👇
Read 9 tweets
Abhishek Meena Profile picture
Nov 27
OAuth 2.0 Explained ! 📌v1
#bugbounty #Infosec

Difficulty : Beginners

See Thread 🧵:👇
When OAuth 2.0 is in Work :
#bugbounty #Infosec

• YourWeb tried integrate with Twitter.
• YourWeb request to Twitter if you authorize.
• Prompt with a consent.
• Once accepted Twitter send request redirect_uri with code and state.
• YourWeb take code and it's own client_id and client_secret and ask server for access_token.
• YourWeb call Twitter API with access_token.

Some Definitions Explained : 🖼:👇
#bugbounty #infosec
Read 4 tweets
Abhishek Meena Profile picture
Nov 25
⭐ Broken Authentication And Session Management.
#bugbounty #Infosec

Step by Step Explanation

See 🧵:
📌Old Session Does Not Expire After Password Change :

Steps🖼 :👇
📌Session Hijacking (Intended Behavior)
#bugbounty #infosec

Impact: If attacker get cookies of victim it will leads to account takeover.

Steps :👇
Read 10 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(