If you’re like most hackers, you probably start your hacking session in one of two ways:
- You spin up your recon engine and look at any automated findings it has found.
- You open the app you’re hacking on and start poking around each api call to see if it’s vulnerable to IDOR, SQLI, etc. and fill in each user input field with an XSS payload.
Both of these are fine, and if they work for you, then keep doing what you’re doing, pal. I’m not your dad.
But what if I told you that there’s a third way? Yep, get your hooks and peg legs ready, and whistle your parrot Polly over, because today we’re hacking like a pirate, matey!
You see, pirates don’t just sail aimlessly around the seven seas hoping to stumble across some buried treasure. They don’t just go digging on every island they come across. Or at least the good ones don’t. They have a map with a big red X marking exactly where they need to go. And once they have that destination in mind, they’ll navigate through storms, battle rival ships, and overcome any obstacle in their path to reach that treasure.
That’s how I’ve enjoyed hacking lately, particularly on very large targets. Before going and looking for vulnerabilities, I’ll decide what the X-marks-the-spot is. And it’s entirely application specific.
For example, if I’m hacking on an e-commerce site, I’m gunning for price manipulation. If I’m hacking on an education app, the X is cheating or grade modification. If I’m looking at a healthcare app, I’ll be digging for PII and health records.
Once you’ve identified your X, you’re no longer aimlessly poking around. You’re now plotting a course to get there. If we look at the healthcare app example, I’ll be taking a look at every place the user’s own data is exposed and try finding IDORs to get other users. If I’m trying to cheat in an education app for better grades, I’ll be looking to see if quiz/test answers are stored client-side.
Without going into detail, I’ve had a wildly successful January looking for a particular piece of data in a particular application. I know what data I want (my X) and I’ve spent weeks just looking across the entirety of the app for every piece of functionality that interacts with that data.
You see, by having a distinct impact in mind, you have direction in how you approach your target and can make more informed decisions about where to look. And direction, my land lubber friends, will save you a lot of heartache and sail across the seas to victory.