- MonkeHacks
- Posts
- MonkeHacks #17
MonkeHacks #17
TypeScript, GraphQL and Hiking
MonkeHacks #17
This week, I just let my instincts guide me. This resulted in one of my most productive weeks ever. I built a unified productivity/automation management dashboard for my hacking, which is pretty much fully functional now. I’m making an effort to develop some foundational tooling for my personal methodology, to make my life easier over the next few months. So for now, the bugs are scarce, but it’ll pay off soon. Part of the bug bounty process is having faith in the long-term results of your efforts rather than fixating on the short-term results.
I went for a hike with my family, and continued to keep my step count high. My average this year is over 10,000 steps per day. It was a cloudy day but the scenery was still amazing. So while I did a lot of work, I didn’t burn out at all. I like taking photos while I travel or visit cool places, so I took a lot of photos of my parents as I hiked with them. My little brother is a long-distance runner so he ran up the mountain. I use a Ricoh GR-III camera, which is compact but much better than a normal point-and-shoot - basically, the perfect travel camera.
Usually, I walk a lot to tire myself out each day so I can sleep well at night. The problem is that my fitness is catching up to my walking, so I’ll need to start running again soon. If this continues I’ll need to start doing ultramarathons…
Hiking location. Coumshingaun, Co.Waterford, Ireland. Photo by me.
100-Hour Challenge Updates
Here are this week’s statistics:
⌛️ Hours This Week | 0 |
⏳️ Hours Left | 35 |
🗞️ Total Reports (All-Time) | 3 |
✅ Total Triages (All-Time) | 3 |
✨ New Triages (This Week) | 0 |
💸 Bounties | $25533 |
No new progress in the past week. This week, I aim to do another 10 hours on this program.
Weekly Ideas / Notes
I spent quite a lot of time this week teaching myself TypeScript and Tailwind CSS - that is, it took a while to figure out how to use the ecosystem properly; TypeScript itself is just a superset of Javascript so that part was fine.
I’ve been working on my own bug bounty management dashboard, given that I’m now full-time, as a way to organise my work. I got a ton of work done on the dashboard this week. Thank you Aituglo for the advice and resources! It was super helpful.
Caido plugins use TypeScript, so this was the second reason for my decision to familiarise myself with the technology. Soon I’ll migrate the Primate Pack over to the new official plugin system, and extend its features.
I did some GraphQL hacking this week. I got as far as listing all of the site’s orders but… there was no data there! I think Caido could benefit from a fully-featured GraphQL hacking extension. Here are some useful resources for you:
Hacktricks GraphQL has some good attack vectors and tools listed.
InQL Burpsuite Extension is great for editing GraphQL queries on the go.
Altair Debugger is another GraphQL client that might suit some people. They have a Chrome extension.
GraphQL Voyager for visualising schemas.
On the topic of my own fun findings:
I am waiting for a means of communication with one team to disclose some cool vulnerabilities as part of the 100-hour challenge.
I am waiting for another team to patch my findings - as soon as they do this (no idea when), I will publish my write-ups.
I’ve been thinking a lot about proxy servers recently. I have several research ideas that I’ll investigate soon. I’m predicting that over the next 1-2 years we’ll see far more proxy server misconfigurations or vulnerabilities appear. It wouldn’t surprise me at all if James Kettle’s web timing research touched on this. Potentially with cross-site leaks in the mix, that could set up some interesting behaviour. I’m surprised that people aren’t using timing-based cross-site leaks as a gadget for subcategories of blind SSRFs yet.
Resources
We were spoiled for good write-ups this week.
Zoom Session Takeover - Cookie Tossing Payloads, OAuth Dirty Dancing, Browser Permissions Hijacking, and WAF abuse - A great writeup on an brilliant Zoom vulnerability.
Cache Poisoning in npm - The ever-innovative Lupin outlines his research on dependencies.
PHP CGI Argument Injection Vulnerability - an RCE in PHP-CGI on Windows, abusing the encoding conversion built into Windows to break out of the argument context. It seems the official advisory linked on Orange Tsai’s blog is 404ing so I have linked two resources below that summarise it well.