Summary This post describes how I got the latest build of Hashcat working on a newly installed Ubuntu 20.04.4 LTS.
History My previous password cracking rig was a 2009 Mac Pro with an AMD Radeon RX580 and this proved a fast and reliable platform for several years until I upgraded the MacOS version to 10.15 (Catalina) after which hashcat started throwing runtime errors like:
Kiterunner is a context based webscanner that uses common api paths for content discovery of an application’s api paths.
Example usage:
kr scan https://example.com -w ~/kiterunner/routes.kite kr scan https://example.com -w ~/kiterunner/routes.kite --ignore-length=1234
Title : Hacking APIs - Breaking Web Application Programming Interfaces Author : Corey Ball Date : April 2022 ISBN-13: 9781718502444 Link: https://nostarch.com/hacking-apis Our penetration testing engagements web applications increasingly involve URLs with /api/ in their path. Of course these can be tested just like any other URL but it became obvious that there are subtleties to testing APIs that required a new set of testing methods.
This book promises to provide a thorough grounding in API testing.
On 3 May 2022, @Jhaddix tweeted about his Bug Hunter’s Methodology Application Analysis v1.
This led me to his original guide titled "(4.02) to The Bug Hunter’s Methodology" which can be downloaded from Google Docs. A great overview of tools and techniques.
Background CVE-2022-1388 is a critical vulnerability (CVSS 9.8) in the management interface of F5 Networks’ BIG-IP solution that enables an unauthenticated attacker to gain remote code execution on the system through bypassing F5’s iControl REST authentication. The vulnerability was disclosed publicly on 4 May 2022.
Links https://arstechnica.com/information-technology/2022/05/hackers-are-actively-exploiting-big-ip-vulnerability-with-a-9-8-severity-rating/. Testing A bash script to test for CVE-2022-1388 was published at https://www.