In one of my recent pentest, I was able to hack their zimbra webserver which is used to handle their emails. Once logged in, I was able to read all their private emails, get organization details and lot of other sensitive data!
Here's how i did that:
1. Their main application was created on angular. So by reading the source code, I identified some internal api endpoints.
2. Upon sending the request to these api endpoints, I was able to grab the credentials for webserver.
3. Enumerated all subdomains to find their mailing server and tested the creds
4. Got access to the portal!!!! (Sample picture attached for reference)
Tip: Always keep a close look at the source code, You might find something juicy there๐
Here's how i did that:
1. Their main application was created on angular. So by reading the source code, I identified some internal api endpoints.
2. Upon sending the request to these api endpoints, I was able to grab the credentials for webserver.
3. Enumerated all subdomains to find their mailing server and tested the creds
4. Got access to the portal!!!! (Sample picture attached for reference)
Tip: Always keep a close look at the source code, You might find something juicy there๐
๐ฅ27๐12
BePractical
Hi everyone, On this special occasion of getting over 1M views on YouTube and 20K+ subscribers, I'll be conducting a webinar on Securzy on server side request forgery absolutely free! If you are interested, then make sure to register yourself using theโฆ
See you all tomorrow!
๐11โค4๐ฅ3
Join with this link: https://lab.securzy.io/c/securzy-events/bug-bounty-all-about-ssrf
Securzy Lab
Bug Bounty: All About SSRF by Faiyaz | Securzy Lab
This webinar will cover everything related to ssrf with live demos, poc and will demonstrate how to effectively find ssrf in the real world using AI.
๐9โค2
Hi everyone, I hope you enjoyed the session! Once again, Thank you so much for the love and support๐ช
โค12
Regarding recording, Unfortunately, I don't think you will be able to get it unless you are a pro member on Securzy
๐10โค7๐ข1๐ณ1๐1
BePractical
Note: The recordings on this webinar could be paid so it will be best if you all can watch live!
We have already posted about it to aware you all that you may not get the recording for free. However, Given the love and support by you all, We will definitely plan to launch another session soon in the near future!
๐18๐ข1
This media is not supported in your browser
VIEW IN TELEGRAM
Hi Everyone! Apologies for the delays in video uploads. I am actually at my hometown and been really busy because of some personal reason. But finally got some time to work on a new video and trust me, You will definitely like it!!! It will be very useful when you are hacking modern apps developed in node, python etc
Keep learning & Keep Hacking!
Keep learning & Keep Hacking!
โคโ๐ฅ20โค7๐4๐ฅ3๐ณ1
How Dependency Confusion Exposed Millions: The Hack Every Developer Should Know
Ever heard of Dependency Confusion? Itโs a clever way attackers can exploit package managers to infiltrate systemsโand itโs a serious threat to software supply chains.
In my latest video, I break it all down: what it is, how it works, and how you can protect yourself. Thereโs even a live demo to make it super easy to follow.
If youโre into bug bounty hunting, ethical hacking, or just want to level up your security knowledge, this oneโs for you.
Check it out and let me know what you think!
Video Link: https://www.youtube.com/watch?v=7ZcRNvmRz6E
Ever heard of Dependency Confusion? Itโs a clever way attackers can exploit package managers to infiltrate systemsโand itโs a serious threat to software supply chains.
In my latest video, I break it all down: what it is, how it works, and how you can protect yourself. Thereโs even a live demo to make it super easy to follow.
If youโre into bug bounty hunting, ethical hacking, or just want to level up your security knowledge, this oneโs for you.
Check it out and let me know what you think!
Video Link: https://www.youtube.com/watch?v=7ZcRNvmRz6E
๐ฅ12๐7
Hi everyone, which topic do you want me to create a new video on?
Anonymous Poll
56%
RCE with Dependency Confusion
38%
Cross Site Scripting
6%
Other(mention in comment)
๐ณ7
This media is not supported in your browser
VIEW IN TELEGRAM
Thinking on creating some videos on iOS Pentesting. Let me know what you all think
โค44๐ฅ6๐6โก3๐2
Hi everyone! Hope you all are having a great day! For the past two days, I have been creating a challenge based on my recent findings in a web app pentest which was highly secured. The video of it will be releasing soon on our official channel. However, For anyone who is going to solve the challenge, their name will be mention on our new video
Target: http://portal.bepractical.tech
Credential:
username: local
password: bepractical
Hint: We already have two videos on this topic already..maybe you can use it for reference๐
You can send us the report at: business@bepractical.tech
Target: http://portal.bepractical.tech
Credential:
username: local
password: bepractical
Hint: We already have two videos on this topic already..maybe you can use it for reference๐
You can send us the report at: business@bepractical.tech
โค13๐2๐1
Just wanted to let you all know that stored xss is now a known issue. Your goal is to find other vulnerabilities on the application
๐7โค5๐ฅ2๐1
Let me rephrase the challenge for you all: Can you create more than 3 dashboard using your local account?
Website: http://portal.bepractical.tech
Username: local
Password: bepractical
Website: http://portal.bepractical.tech
Username: local
Password: bepractical
โค9๐3๐ฅ2๐2
Hi everyone, hope you all are doing well. I wanted to share something intriguing that I recently uncovered. Thereโs a vulnerability lurking in applications that most people completely overlook. Itโs subtle, sneaky, and has the potential to cause significant damage if exploitedโbut hardly anyone talks about it.
Check out the video and let me knowโhave you ever encountered something like this? Iโd love to hear your thoughts.
Video Link: https://www.youtube.com/watch?v=p7XxFeqNDko
#cybersecurity #bugbounty #bugbountytips #ethicalhacking #informationsecurity #privacy #security
Check out the video and let me knowโhave you ever encountered something like this? Iโd love to hear your thoughts.
Video Link: https://www.youtube.com/watch?v=p7XxFeqNDko
#cybersecurity #bugbounty #bugbountytips #ethicalhacking #informationsecurity #privacy #security
YouTube
This Overlooked Vulnerability Can Cause Massive Damage (Live Demonstration) | Bug Bounty | 2024
There's a vulnerability hiding in plain sightโone that most people completely overlook. It's subtle, it's sneaky, and when exploited, it can wreak havoc on applications in ways you might not expect.
In this video, I uncover the secrets of this underratedโฆ
In this video, I uncover the secrets of this underratedโฆ
โค11๐7
Hi everyone, Thank you so much for showing your support on this latest video.. By far it is ranked at number 1 video in terms of views & engagement
I worked 7 days on this video creating lab, video editing etc and I couldn't express my happiness seeing that all the work paid off! Once again, Thank you for your support๐ช
Keep hacking, Keep learning and we will meet in another video with something more interesting
-Faiyaz
I worked 7 days on this video creating lab, video editing etc and I couldn't express my happiness seeing that all the work paid off! Once again, Thank you for your support๐ช
Keep hacking, Keep learning and we will meet in another video with something more interesting
-Faiyaz
โค38๐4