Crius

After thinking about what to write about and having some ideas which are still half done and in draft.I decided to write this! As a car enthusiast with love for classic cars and passion for bringing back old cars to life. I would admit and hope my good friend mark whom we disagrees on most ideas are on the same page here.Delorean was a beauty.If you have not watched Back to the Future movies you are missing out. sit at the back left and let me drive you through time.oops! i forgot delorean is a two-passenger sports car ,but why not go to the future,2024 and get the new powerful delorean alpha5.A better looking super-fast,2+2 coupe , electric car. Enough with the car analogy,we as hackers love technical stuff,nevertheless i believe nowadays i am starting to appreciate the non-technical aspects,folks and roles in tech. In this blog i will discuss some attacks that could impact software from a time change.changing time to the future or back to the past could impact the normal working of ...

You can look for DoS vulnerabilities for any reason such as for bug bounty program,delete privacy infringement site,phishing site or the classic Lulz:) I don’t encourage illegal hacking so the techniques on this blog are for educational purposes only.All the findings were reported to bug bounty programs and fixed.for obvious reasons the programs won’t be named. 1.Long password  Sending long password on signup of two sites brought down the sites. Fix:having password length limit  Bounties:$500 ,$250 2.cache poisoning  A site running on drupal 7 with misconfigured WAF(cloud flare) could be ddosed by sending alot(50+ requests) on path ?id=11 After this finding I went to look for such misconfigurations which netted over 20 reports in 2 months Another instance of cache poisoning was via a header with malformed value such as : x-forwarded-port: xxx12. 3.wordpress CVE-2018-6389 Running the script at   https://github.com/quitten/doser.py   could bring down Wordpres...

  Hello guys, I was looking at some javascript files of some website with a bug bounty program.we'll call it redacted.com I grepped for http and https protocols.One of the https links that resembled  :https://redacted.page.link/?link=https://redacted.com i immediately knew it was a firebase dynamic link and got curious with the second redacted.com url.After replacing the second url with google.com i got redirected to google. Win! Open redirect confirmed. Dynamic links are deeplinks that allow you to send an application user or potential users to any part of the application. You can read about firebase dynamic link here https://firebase.google.com/docs/dynamic-links I reported to the company and was paid in under 3 hours. After that i remembered i had encountered some companies using firebase during my normal pentests and bug hunting so i decided to check the sites/app. I decided to FUZZ all h1 programs for the misconfiguration.Fired burp intruder and replaced the first ur...

 Hello guys, I decided to take a look at my vpn provider to assess its security posture. First i decided to check for network traffic going in the vpn.I started by proxying the application with wireshark.I saw the program was downloading an update via HTTP. This means the application was vulnerable to MITM leading to evilgrade attack where an attacker could replace program with malicious update/code leading to code execution.The updates are not digitally signed! After that i knew i could get some impactful bugs.maybe a remote or local vulnerability. Local credentials disclosure I found the program was disclosing login details in memory .This is same vulnerability that affected putty in CVE-2011-4607 and other programs such as teamviewer(https://www.exploit-db.com/exploits/40342) and mysql(https://www.exploit-db.com/exploits/40337).The program logged login details such as username.password and tokens ,also the ip address connected to original ip address and timestamps  in the m...

  A friend asked me to do a pentest for their company,A  Kenyan fintech company.For obvious reasons i cannot name the company. Everything was to be audited(sites,android and ios apps) After looking at the websites i couldn't find anything interesting except for  enabled xmrplc,broken links hijacking  and some unrestricted directories. I even tried scanning the site with wpscan.WordPress sucks! As a newbie ios pentester i decided to challenge myself to find atleast one bug on their app.After downloading the app from the appstore i proxied the iphone  to burpsuite.As static analysis of ios app is tiresome and not straightforward as android(just unpacking the apk file which is basically zip file) i opted for dynamic analysis.The procedure of setting up proxy in ios is the same as on android,just set ip address and port then install burp certificate. Fortunately ,No ssl pinning :) I started by signing up on the app.I received the confirmation  email and my 4 nu...

  DISCLAIMER!!!   This is for educational purposes only and not a guide to hacking betting sites. In this writeup i will try to provide some bugs i have found on betting sites during my almost 3years bug bounty journey.I have reported more than 100 vulnerabilities on betting websites and android application but i will only talk about some bugs.Sorry,I don't have screenshots to demonstrate the vulnerabilities so i will just list  some bugs and their impacts.I will not name the companies for obvious reasons The writeup lists some  vulnerabilities bug hunters can look for while hunting on betting platforms so grab some coffee and popcorn and enjoy! Some are interesting like  changing odds or withdrawing twice or withdrawing money more than your balance:) IDOR I found most of IDOR on betting sites on profile id parameters.some occurred on bet history where i could change user bet id history and get any user betting history on the site. SQLI Most of then were blind s...