Mac High Sierra root bug
Did you hear about this? Basically anybody could log in as user root on your system without a password because…there isn’t a password! Read the Twitter thread where I originally read the news here, read about the root account madness here, and then read how the fix broke file sharing here.
BPATTY ROCKS!
I tried to wiki-fy my BPATTY project to make it a bit easier to read, so head to bpatty.rocks and let me know what you think!
I’m BURPing a lot
I can’t tell you how fun it has been to get back in the pentesting saddle and hack some Web sites these past few weeks. Here are a few tips/tricks others taught me that have helped me get back in the swing of things:
-
In Burp, state files are being depreciated in favor of project files. Read more here.
-
For BApp extensions, here are a few that help you get the job done:
-
retire.js looks for old/outdated/vulnerable Javascript libraries
-
Software vulnerability scanner helps you find vulnerable software, such as old versions of IIS
-
CO2 has a bunch of tricks up its sleeve – my favorite of which is helping you craft sqlmap commands with the right flags
More on today’s show!
Share on socials: