Hello everyone, So I was doing the recon of Airbnb by the automation process for finding the open-redirection issues. I have successfully found the issues on 94 subdomains but it is stated as “Not-Applicable”. I show them the POC of complete exploitation by using TinyURL.

Reason: “external_link endpoint is working as intended”

Note: Nothing is mentioned in the out of scope for such issue or parameter.

So how I found that?

I have used the below command:

cat airbnb_subdomain.txt | waybackurls | tee -a waybackurls.txt

cat waybackurls.txt| grep -a -i \=http | qsreplace ‘google.com’ | while read host do;do curl…


This is one of the confusing topics for me but now I have completely understood. There are lots of blog posts on this with different perspectives and now I am also adding my perspective too. Hope this will help you to understand the concept.

What is a port?

Port is a virtual interface in the operating system that is used for sending and receiving TCP/UDP packets from the same system or another system. Applications interact by using a port number like SSH port 22.

What is port forwarding?

In simple language, port forwarding means redirecting the TCP packets from one…


What is PII?

Personally Identifiable Information (PII) is the data that could identify a specific person and identity.

What is included in PII?

It includes Personally Identifiable Information, it varies according to your country, but usually include the following:

  • Mobile number
  • Phone number
  • Physical Address
  • Email address
  • Aadhaar number
  • Pan number
  • Salary amount
  • Social security number
  • National ID number
  • Session cookies
  • Username
  • Password

How to find PII data in Splunk logs??

To find the PII data start with a basic query like index=test “*@gmail.com”. You will get the output with the Gmail IDs, now start finding the variable names that the company is using to define the PII data like “emailAddress”, “Phonenumber”, etc from the output…


What is sub-domain Enumeration?

Subdomain enumeration is a process of finding subdomains for one or more domains.

Why need sub-domain enumeration?

  • Sub-domain enumeration helps to create a scope of security assessment by revealing domains/sub-domains of a target organization.
  • Sub-domain enumeration increases the chance of finding vulnerabilities.
  • The sub-domain enumeration helps us in finding the web applications that might be forgotten/left unattended by the organization for the maintenance or other reasons and may lead to the disclosure of critical vulnerabilities.

Types of sub-domain enumeration

There are two types of enumeration techniques available which consist of other sub techniques.

1. Passive sub-domain enumeration

In passive sub-domain enumeration, an adversary or tester gathers the sub-domain…


Domain Name System Security Extensions (DNSSEC) is used to protect the integrity and authenticity of the data in DNS by establishing a chain of trust.

Before an understanding of DNSSEC, first, understand the basics of DNS:

What are the DNS functionalities?

DNS is used to translate the domain names to IP addresses or vice-versa.

DNS works on both TCP and UDP but normally works on UDP port 53.

TCP port 53 use when very large requests and responses, for example, Zone Transfer.

www.example.com = 192.168.1.10

192.168.1.10 = www.example.com

Why DNS?

Domain names are alphabet and they are easier to remember…


Overview

SMTP Relay Phisher is a tool for testing and exploiting the SMTP Open Relay vulnerability by simulating real-world phishing attacks. This tool used for two purposes:

  1. To run the phishing campaign by command line
  2. To exploit the SMTP Open Relay vulnerability by sending phishing email

This tool used custom SMTP-cli. I have done some basic modifications in his script. Thanks to smtp-cli for developing such a useful tool.

Feature Overview

  • Fully open-source means there are no limits on the use
  • Lightweight as compare to other phishing toolkits
  • Run multiple phishing campaigns simultaneously
  • Send an email with embedded First Name, Last Name, and…

OKCupid LIKE Restriction Bypass

Somebody said, “Loneliness help you to think different”. I was abroad for a project and was feeling very bored there as this was my fourth time here at the same place. I was checking my Instagram and I saw an advertisement for “OKCupid” “Dating Deserves Better”. I thought this was a good way for time pass and to know new humans. I installed the application and started “Right Swipe” as a normal male human.

After some “Right Swipe” the application started asking for money and blocked my “swipe” for 10 hours. Now again I started feeling bored and the question…

Rishabh Sharma

Cyber Security Consultant

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store