Hey folks, here we back again with the most important topic in penetration testing or Bug Bounty Hunting “Recon” or “Information gathering”.

Content

  1. What’s Recon ?
  2. Recon based scope
  3. simple steps to collect all information in few time
  4. Recommended tools and automation frameworks
  5. Recommended blogs, streams to follow

What’s Recon ?

Before we start our talk, let’s know what’s the recon first?

Recon is the process by which you collect more information about your target, more information like subdomains, links, open ports, hidden directories, service information, etc.

To know more about recon just see this pic to know where you before and after recon…


Today, I will talk about how to write a simple Python script to automate finding bugs. I will take a sample:> “LFI findings”.

Content

  1. Requirements
  2. URLs Prerequisites
  3. Coding
  4. Bonus Options
  5. Thanks

1. Requirements

  1. Wayback URLs with parameters, you can check my simple methodology to know how to grab them. [Ex. https://example.com?file=ay_value.txt]
  2. Python3 and pip3

3. Useful tools like [GF / GF-Patterns /Uro ] and you can get them from GitHub

Let’s get started…

Warning

At the first we need to understand that we will try to exploit some GET parameters through the collected GET URLs, so we will not cover all the application…


Hey folks! Today we have a new interesting machine from HackTheBox “APT”.

This machine was my first INSANE boxes I’ve solved, so I considered it one of my favorite machines, let’s take a look at its info


Hey folks, today we have one of HackTheBox machines “Time” which medium level, let’s take a look at its info

It’s based on Linux OS and depends on CVE’s for foothold exploit, let’s get started…

What we will do ?

As usual, we have some steps which we follow to pwn any machine, our steps are:

  1. Recon / Information gathering
  2. Scanning
  3. Gaining Access
  4. Maintaining Access
  5. Reporting / Analysis

After finishing our steps we will have these informations, stay calm and follow reading :)


Hey folks, today we have a new easy machine from HTB “Luanne”, it’s an easy level and based on Enumeration, custom exploitation and have a little of CTF techniques.

What we will do ?

As usual, we have some steps which we follow to pwn any machine, our steps are:

  1. Recon / Information gathering
  2. Scanning
  3. Gaining Access
  4. Maintaining Access
  5. Reporting / Analysis

After finishing our steps we will have these informations, stay calm and follow reading :)


Hey folks, here’s the walkthrough of the crossfit machine from HTB.

You can check my Mind map


Hey friends! Today we have a new machine from HackTheBox “Reel2”.

For some personal reasons there’s no writeup for it until now, but you can check my walkthrough from this video

Stay tuned for the writeup :)


Hey folks, today we have a new machine from Hack The Box “Passage” which is a medium box and have new techniques in the privilege escalation part, let’s take a look at its info

What we will do ?

As usual, we have some steps which we follow to pwn any machine, our steps are:

  1. Recon / Information gathering
  2. Scanning
  3. Gaining Access
  4. Maintaining Access
  5. Reporting / Analysis

After finishing our steps we will have these informations, stay calm and follow reading :)


Hey folks! Today we have a new EASY machine from HackTheBox. Let’s take a look at its info before we get started.

What we will do ?

As usual, we have some steps which we follow to pwn any machine, our steps are:

  1. Recon / Information gathering
  2. Scanning
  3. Gaining Access
  4. Maintaining Access
  5. Reporting / Analysis

After finishing our steps we will have these informations, stay calm and follow reading :)


Hey folks, today we have a new HTB walkthrough with one with the best hard machines “Feline”.

What we will do ?

As usual, we have some steps which we follow to pwn any machine, our steps are:

  1. Recon / Information gathering
  2. Scanning
  3. Gaining Access
  4. Maintaining Access
  5. Reporting / Analysis

After finishing our steps we will have these informations, stay calm and follow reading :)

Eslam Akl

Offensive Security Enthusiast

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store