ZERO-DAY HUNTING | WEEK 2

Week 2

What I Did This Week

This week I found and tested an application off of docker called ‘Plone.’

• https://hub.docker.com/_/plone
• https://github.com/plone/plone.docker

The reasons I’d chosen Plone was due to it having prior CVEs, it being relatively easy to get an instance running, and being an open source content management system.

I wanted to choose an application that has prior history of CVEs so that I know the developers know what a CVE is and how to hand it if I found one and presented it to them. Docker made spinning up an instance of Plone an easy process and I was able to get it up and running in about 15 minutes.

Plone

I set up the application on a Kali Linux instance so I’d have most of the tools I needed at my disposal.

From there I started my attack.

Reconnaissance

After installation, I began active information gathering.

I used gobuster and FFuF for directory enumeration. Finding many directories but none that really lead to anything.

I tested for directory traversal attacks, cross-site scripting(XSS), SQL injection, command injection on all potential input values.

Tried to upload malicious files to check for file upload vulnerabilities. Tried to change the manipulate the extensions of those files to pass through.

I used Burpsuite to intercept and inspect web requests.

In the end, the application looked secure. There were no obvious signs of vulnerabilities for me to exploit.

Plans for Next Week

I’d spent on average 30 minutes a day this week to test this application. About 3-4 hours total.

This is something I’d like to increase to 1-2 hours per day by mid Sept. but given my current time commitments 30 minutes per day will have to due for now.

This upcoming week I will find another application and test it like I did with Plone.

I suspect that finding a suitable open source application will be the most difficult part of the process.

Applications can be very convoluted to get an instance running. Many have probably recently been tested for vulnerabilities. So I will need to be more diligent when choosing the right application.

I also need to be continuously sharpening my skills as a penetration tester. Particularly in the realm of web application penetration testing.

These are my positive takeaways this week:

• Learned docker
• Got an instance running locally

These are things that I want to remember and incorporate into my pentesting for next week:

• Spend more time searching for prime targets.
• Look at the applications past CVEs to get a feel for what else might be vulnerable.
• Test those CVEs if possible.
• Improve web app pentesting skills (HTB academy Bug Bounty path).