banner
言心吾

言心吾のBlog

吾言为心声

How beginners of SRC mining can quickly find their first vulnerability (Part 2)

Introduction#

In the previous article, we detailed how beginners can quickly find their first vulnerability in the Security Response Center (SRC) mining process, including methods for mining common vulnerabilities such as SMS bombing, concurrency, CSRF, and privilege escalation. In order to further improve the efficiency and quality of vulnerability mining, we also need to develop good habits.

During the SRC mining process, systematically recording information about each test site and feature point can not only help us manage the mining process more systematically, but also provide valuable references for subsequent retrospectives and in-depth exploitation. This article will provide a detailed introduction on how to create and use Excel spreadsheets to record key information about vulnerability mining, as well as share strategies for vulnerability retrospectives and the complete vulnerability mining process, helping you become more efficient and organized in your SRC mining journey.

Using Spreadsheets to Record the Mining Process and Treasure Sites#

Using an Excel spreadsheet to record key information during the vulnerability mining process is a very good habit. This not only helps with systematic management and tracking of each test site and its feature points, but also provides valuable data support for subsequent retrospectives.

How to Create a Vulnerability Mining Record Spreadsheet#

  1. Site Information

    • Site Name: Record the name of the target site.
    • Site URL: Record the URL of the target site.
  2. Feature Points

    • Feature Name: Record the feature module or specific feature point on the site (such as registration, login, password recovery, etc.).
    • Feature URL: Record the URL of the corresponding feature.
  3. Testing Status

    • Tested: Mark whether the feature has been tested (yes/no).
    • Test Date: Record the date of testing.
  4. Testing Approach

    • Vulnerability Type: Record the possible vulnerability types for the feature (such as CSRF, privilege escalation, SMS bombing, etc.).
    • Testing Method: Record the specific testing methods and approaches.
  5. Result Recording

    • Test Result: Record the result of the test (vulnerability found/not found).
    • Vulnerability Details: Record detailed information about the discovered vulnerability, including vulnerability description, impact, exploitation methods, etc.
  6. Account Information

    • Account Type: Record the type of account used during testing (such as regular user, administrator, etc.).
    • Account Information: Record the account used for testing (such as username, password, etc.).
  7. Notes

    • Other Information: Record other relevant information or notes.

Example Spreadsheet#

Here is a simplified example of an Excel spreadsheet:

Site NameSite URLFeature NameFeature URLTestedTest DateVulnerability TypeTesting MethodTest ResultVulnerability DetailsAccount TypeAccount InformationNotes
Example Sitewww.example.comRegistration/registerYes2024-06-01CSRFConstruct malicious request and induce user clickVulnerability foundUser can be induced to change passwordRegular User[email protected]Smooth testing process
Example Sitewww.example.comLogin/loginNo
Example Sitewww.example.comPassword Recovery/reset-passwordYes2024-06-02SMS bombingSimulate a large number of SMS requestsNo vulnerability foundSMS interface has rate limiting
Example Sitewww.example.comTransfer/transferYes2024-06-03ConcurrencyUse multithreading to simulate concurrent transfer requestsVulnerability foundTransferred amount can be tampered withAdministrator[email protected]Further testing required

How to Use#

  1. Create a Template: Create an Excel template based on the above structure to ensure that it can be used directly for each new site being mined.
  2. Regular Updates: Update the spreadsheet promptly after each test to record test results and approaches.
  3. Retrospectives and Summaries: Conduct regular retrospectives, analyze tested features and discovered vulnerabilities, summarize lessons learned, and provide references for subsequent mining.
  4. Sharing and Collaboration: If working in a team, share the spreadsheet and communicate testing approaches and experiences with other team members.

Advantages#

  1. Systematic Information Management: Clear recording of the testing status and results of each site and feature point, avoiding omissions.
  2. Facilitates Retrospectives and Summaries: Systematically record the testing process and approaches, which helps with subsequent retrospectives and experience summaries.
  3. Improves Efficiency: By recording testing methods and approaches, they can be referenced and reused in subsequent similar tests, improving testing efficiency.

In conclusion, using an Excel spreadsheet to record key information during the vulnerability mining process is not only a good habit, but also an efficient working method. We hope that the above suggestions will help you better conduct SRC mining and quickly find your first vulnerability.

Vulnerability Retrospectives#

Regularly conducting vulnerability retrospectives is crucial during the vulnerability mining process. Through retrospectives, we can summarize lessons learned, optimize mining strategies, and improve the efficiency and quality of vulnerability discovery. Therefore, it is recommended to develop the habit of writing reports and retrospective documents, and systematically classify and organize them.

Developing the Habit of Writing Reports and Retrospective Documents#

  1. Regular Writing: After each vulnerability mining activity, promptly write detailed vulnerability reports and retrospective documents. The report should include vulnerability descriptions, impact analysis, exploitation methods, and remediation recommendations.
  2. Detailed Recording: In the report, provide detailed records of the discovery process, testing methods, and results for each vulnerability, ensuring completeness and accuracy of information.
  3. Classification and Organization: Classify and organize the written reports and retrospective documents according to certain standards, making them easy to reference and reuse.

Classification Standards#

To better manage and utilize the written reports and retrospective documents, they can be classified according to the following standards:

  1. Ownership Classification

    • edusrc
    • Public Welfare SRC
    • Enterprise SRC
  2. Status Classification

    • Ignored: Includes vulnerabilities that have been confirmed not to pose actual risks.
    • Passed: Records vulnerabilities that have been confirmed and fixed by the target site.
    • Repetitive: Includes vulnerabilities that are valid but have been repeated (can also be classified as ignored or passed according to personal preference).
    • Desensitized: Records vulnerabilities that require desensitization to ensure that sensitive information is not leaked when publicly shared or reported.
  3. Vulnerability Type Classification

    • Classify vulnerabilities according to different vulnerability types, such as CSRF, privilege escalation, SMS bombing, concurrency, etc.

Contents of Retrospective Documents#

Retrospective documents should include the following contents:

  1. Background Information: Briefly describe the background of vulnerability mining and information about the target site.
  2. Vulnerability Description: Provide detailed descriptions of each vulnerability, including vulnerability types and impact scope.
  3. Testing Methods: Record the methods and steps used to discover the vulnerabilities, and provide information about the tools and scripts used during testing.
  4. Result Analysis: Analyze the test results, summarize the discovered vulnerabilities and their impacts.
  5. Remediation Recommendations: Provide specific remediation recommendations for each vulnerability to help the target site improve its security.
  6. Lessons Learned: Summarize the experiences and lessons learned during the mining process, provide improvement suggestions, and provide references for subsequent mining.

By developing the habit of writing reports and retrospective documents, and organizing them systematically, we can not only help manage vulnerability mining information systematically, but also summarize experiences during retrospectives, optimize mining strategies, and improve the efficiency and effectiveness of vulnerability mining. We hope these suggestions will help you better conduct SRC mining and retrospectives.

Vulnerability Mining Process#

A systematic vulnerability mining process can help us discover and exploit vulnerabilities more efficiently. Here is a recommended mining process:

  1. Company Research
    First, use tools like "企查查" (a Chinese company information search tool) to gather basic information about the target company. This can help us better identify the target site and understand its business scope and potential attack surface.

  2. Subdomain Enumeration
    Next, use subdomain enumeration tools to find all subdomains of the target company. Subdomains are often the main targets for attackers because they may not have the same strict security measures as the main site.

  3. Live Host Discovery
    Then, perform live host discovery on all subdomains to confirm which ones are online and can be further tested. Tools like httpx can be used for live host discovery.

  4. Target Weak Points
    Finally, select feature points that appear to have weaker security measures for testing. Typically, registration, login, and other feature points involving user input and sensitive operations are the main targets for attackers.

By following this process, we can conduct vulnerability mining in a more targeted manner and increase the success rate of vulnerability discovery.

Conclusion#

In the process of SRC vulnerability mining, systematic and organized working methods can not only improve efficiency, but also help us continuously optimize and improve mining strategies. In this article, we discussed how to use Excel spreadsheets to record key information during vulnerability mining, and shared a complete vulnerability mining process and retrospective strategy.

We hope that through this article, you can master a more systematic and efficient SRC vulnerability mining method, continuously summarize and optimize it in practice, improve your vulnerability mining capabilities, and also help confused beginners quickly go from zero to one and find their own valid vulnerabilities. Vulnerability mining is a path of continuous learning and exploration. Only by maintaining curiosity and a passion for learning can we go further on this path.

We wish you fruitful results in your SRC mining journey and discover more valuable vulnerabilities!

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.