OSCP is a Journey, not a destination

Hi guys 😊

First things first, I hope all of you and your families are safe during this COVID-19 pandemic. Stay Home, Stay Safe and please take care of your loved ones!!

A heartfelt thank you to God, my family, friends, brothers, sisters, and girlfriend that upheld me with prayer and support throughout this journey. I could not have done this without you.

A brief introduction about myself –

I am currently working as a Cybersecurity Consultant in PwC and I am a bigtime security enthusiast with 3.5+ years of experience in Web/ Mobile/ Network Vulnerability Assessments and Penetration Testing. This field has always been my…


######################################################################################
# Exploit Title: D-Link DIR-615 — Vertical Privilege Escalation
# Date: 10.12.2019
# Exploit Author: Sanyam Chawla
# Vendor Homepage: http://www.dlink.co.in
# Category: Hardware (Wi-fi Router)
# Hardware Link: http://www.dlink.co.in/products/?pid=678
# Hardware Version: T1
# Firmware Version: 20.07
# Tested on: Windows 10 and Kali linux
# CVE: CVE-2019–19743

#######################################################################################

Reproduction Steps:

  1. Login to your wi-fi router gateway with normal user credentials [i.e: http://192.168.0.1]
  2. Go to the Maintenance page and click on Admin on the left panel.
  3. There is an option to create a user and by default, it shows only user accounts.

4. Create an account with a…


######################################################################################

# Exploit Title: D-Link DIR-615 Wireless Router — Persistent Cross Site Scripting
# Date: 13.12.2019
# Exploit Author: Sanyam Chawla
# Vendor Homepage: http://www.dlink.co.in
# Category: Hardware (Wi-fi Router)
# Hardware Link: http://www.dlink.co.in/products/?pid=678
# Hardware Version: T1
# Firmware Version: 20.07
# Tested on: Windows 10 and Kali linux
# CVE: CVE-2019–19742

#######################################################################################

Reproduction Steps:

— — — — — — — — — — — — — — —

  1. Login to your wi-fi router gateway with admin credentials [i.e: http://192.168.0.1]
  2. Go to Maintenance page and click on Admin on the left pannel.
  3. Put blind XSS Payload in to…


Hello Folks, I am Sanyam Chawla (@infosecsanyam) I hope you are doing hunting very well

TL: DR

This is the second write-up for bug Bounty Methodology (TTP ). Here is my first write up about the Bug Hunting Methodology Read it if you missed. I am very glad you liked that blog too much :). Most of the peoples are trying to find the right path to start in bug bounty, normal questions are how to find bugs on the targets and where I can start with the hunting. …


Hello Folks , Hope everyone is doing good. This blog is basically for Web Security Methodology (WSM).

Have you read my last post regarding “Bug Bounty Methodology” ? If you missed it go to this BBM link https://medium.com/@infosecsanyam/bug-bounty-hunting-methodology-toolkit-tips-tricks-blogs-ef6542301c65

Image from Google


Hello Readers,Hope you are doing well.

In this weekend, i learned about Nmap tool, scanning types, scanning commands and some NSE Scripts from different blogs. I gather good contents , so i want to share my research with you. Hope you like it :)

Nmap : Nmap (“Network Mapper”) is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are…


A bug bounty program is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities.

A reward offered to a perform who identifies an error or vulnerability in a computer program or system.
‘The company boosts security by offering a bug bounty’

Bug Bounty — Image Source Google

Bug Bounty Platforms

Bugcrowd
https://www.bugcrowd.com/

Hackerone
https://www.hackerone.com/

Synack
https://www.synack.com/

Japan Bug bounty Program
https://bugbounty.jp/

Cobalt
https://cobalt.io/

Zerocopter
https://zerocopter.com/

Hackenproof
https://hackenproof.com/

BountyFactory
https://bountyfactory.io

Bug Bounty Programs List
https://www.bugcrowd.com/bug-bounty-list/

AntiHack
https://www.antihack.me/


Sedna Vulnhub Machine Walkthrough

This is a vulnerable machine its created for the Hackfest 2016 CTF http://hackfest.ca/

Difficulty : Medium

Lets Start

This VM very kindly has the IP address already showing when you fire it up so I can skip the netdiscover , arp-scan and head straight to the NMAP scan to see what the VM has to offer.

Command : nmap -A 192.168.0.133


What is OWASP :

The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. OWASP is an organization filled with security experts from around the world who provide information about applications and the risks posed, in the most direct, neutral, and practical way. Since 2003, OWASP has been releasing the OWASP Top 10 list every three/four years. The list consists of the top biggest Web Application Security Risks according to OWASP.

The list is compiled with the latest vulnerabilities, threats and attacks, as well as detection tactics and remediation. OWASP Top 10 project…


Quaoar VM Walkthrough- (Vulnhub.com) Three Different Techniques to exploit a machine

Hackfest 2016- Quaoar VMWalkthrough / Writeup

Vulnhub Machine

This VM was made for hack fest 2016 and is listed as very easy. I had this one done in under an two hour with three different Techniques.

Description

Welcome to Quaoar This is a vulnerable machine which is created for http://hackfest.ca/

Difficulty : Very Easy

Tips:

Here are the tools you can research to help you to own this machine. nmap, dirb / dirbuster / BurpSmartBuster, nikto, wpscan, hydra Your Brain Coffee Google :)

Goals: This machine is intended to…

OSCP || RedTeam Member @ Synack || PenTester || Bug Bounty Hunter

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store