Cracking the Code: The Art of White Box Pentesting
Hi guyz wassup, hope you all are doing good at your lives, I am back again, from a huge break as usual waking up from my long nap (not really, was busy with some research work in security and school studies) but now 2–3 blogs will be coming in a goooo.
So today is a topic only for people at a advanced stage in there cybersecurity/hacking career, but that doesn’t mean everyone can’t watch it, i’ll try to to make it as understandable as I can for all of you, today I am going to talk about whitebox pentesting, as most of you know there are usually 3 types of hacking depicted by the image below:-
Each one of us is familiar with BlackBox (if not, you should be) but nonetheless we miss a major part of security preferred by the corporate world in an internal environment which is the whitebox testing, so today we will discuss about the same.
First I’ll be starting out with general knowledge of whitebox, then some actual examples from real life bugs on which recently appeared in the wild, then how can YOU do some whitebox shenanigans and become a pro++ hacker… So
So whitebox hacking, also known as white box penetration testing or ethical hacking, is a cybersecurity practice where authorized individuals or teams simulate real-world cyberattacks on a computer system, network, or application. The key characteristic of whitebox hacking is that the testers have detailed knowledge of the internal workings, architecture, and most important source code of the target system.
In a corporate setting, whitebox hacking is used to proactively find and fix vulnerabilities, assess risks, comply with regulations, audit security and develop secure applications. Also learning how to read code and find vulns actually adds up greatly to your skillset as a hacker.
Small example:-
if (strlen($_GET['id']) < 1) {
echo 'Usage: ?id=1';
} else {
$count = $db->querySingle('select count(*) from secrets where id = ' . $_GET['id']);
if ($count > 0) {
echo 'Yes!';
} else {
echo 'No!';
}
}Do you smell something suspicious in here?
The program take the ID parameter from the user without any type of escaping or sanitization, and executes it as SQL query making it vulnerable to a SQL injection vuln. how cool is that for a bounty huh,
but as dangerous for the company and the end users…
Real Life example
The Citrix XSS — Assetnote company found a XSS in one of the hidden params by actually reversing and reviewing the code of the Citrix Gateway
if (0x484 < uVar2) {
__format = "%s : OauthIDP logout request failed to extract redirect URI: missing post_logout_redirect_uri %.*s for %.*s";
LAB_0061f124:
uVar2 = snprintf(large_auditlog_message,0x3fff,__format,"ns_aaa_oauth_fetch_logout_url",
(ulong)param_3,param_2,uVar3,lVar5);
goto LAB_0061f13e;
}They identified the parameter post_logout_redirect_uri. Which could be a good candidate for some injection point eventually, and eventually the XSS was found
Xwiki Code injection — Recently a code injection vulnerability was discovered in Xwiki which is a light and powerful development platform that allows you to customize the wiki to your specific needs.
Here an attacker could include script code in the request-URI that will then be evaluated when the link is rendered, leading to code execution.
Now the fun part how can YOU do it
There is a common misconception that you need to well versed in the language you are going to review the codebase of, but thats not true the main thing is you should know about sources/sinks and how to google, yes you read it right…..
- Start off with the Owasp top 10 web vulns, actual code from Snyk…
snyk contains a number of pathways which you can follow to get basic understanding of code review.
2. Have an urge of learning the code behind every vulnerability class you learnt about and experiment upon read.
3. Read more and more code from repos like
Practice from CTFs like..
Finally monetise your skills from hunting on open source programs from Hackerone and Bugcrowd, don’t forget https://huntr.dev/ and https://huntr.mlsecops.com/
Thanks for watching, see you next time until then
PEACE OUT….
