100 Days of Hacking — DAY 2

“Ah shit, here we go again” (just kidding all I have is this strange enthusiasm to learn)

DAY 2

Good morning fellow hackers! it’s the second day of the sabbatical that I took the #100DaysOfHacking. I don’t have that many viewers and hence it feels so comfy to rant my learnings here.

Objectives of day 1 :

1. Theory…theory…theory and oh some practical stuff on passive information gathering both OSCP and open-source youtube videos. I’ve used many recon tools it’s time that I read through their code and see how it goes
2. To update my LORA project (Lazy open redirect automation).
3. XSS labs in portswigger (Haven’t finished them yet:”)
4. Spend quality time on my research paper (quality >> quantity)
5. Practice few challenges in Websec.fr

Reports of day 2 :

It’s 11:32 AM IST I have completed the entire theory (OSCP video lectures + recon 2.0 by nahamsec), ah! it was dreadful at its best. I executed some recon tools on bug bounty domains so that I won’t be bored :p.

It’s 5:00 PM IST I am done with 1,3,4 and now I'm at websec.fr. I am doing the baby steps and some easy ones most of the vulns I could find in the docs and nothing tricky except the 25th one. I’m stuck at it like I am looking at it for more than an hour now. So obviously my payload or my vulnerability assumption is wrong. I assumed there’s the catch in this statement the payload I supplied is %252566lag since there was an article that exposed a vuln of stripos for accepting double URL encoding. The payload is working since there wasn’t any error but I couldn’t get the flag.txt so I'm trying out other methods.

It’s near 6 PM IST I found out the fact that I am apparently dumb of course the payload won’t execute because include <file.php> can’t decode double URL encoding. So I found another catch there’s a possible vulnerability in parse_str(parse_url(…))

Yessss it works finally

It’s 9:44 PM IST I have completed every other task except the 2nd one so I’m working on it.

It’s 10:47 PM IST I slacked off a bit watching Mr. robot recaps (that counts as a productive thing right? Right? Insert *I am a clown* title. Okay now, let's be serious rn. So to improve my code I thought it would be nice to add a parameter to redirect them to a custom exploit website so that the attacker can test further SSRFor XSS bugs and some explanation about the usage of lazy-open-redirect-automation would be useful.

It’s 11:23 PM IST Yes Day 2 is well done and I have completed updating the bash script. I am not well versed in crafting payloads (the truth hits again and again I should work on that tomorrow). Also, I should work on the placement for learning to early morning so that I wouldn’t fall dead at night.

sbin/shutdown(day2)