You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: demo_data/htb-demo-projects/cbbh.toml
+21-18Lines changed: 21 additions & 18 deletions
Original file line number
Diff line number
Diff line change
@@ -52,7 +52,24 @@ pentest_approach = "BLACKBOX"
52
52
report_version = "TODO 1.0"
53
53
customer_contacts = []
54
54
executive_summary = """
55
-
{{ report.customer_full }} (“{{ report.customer_short }}” herein) invited {{ report.candidate.name }} to a private bug bounty program to perform a targeted Web Application Penetration Test of {{ report.customer_short }}’s externally facing web applications to identify high-risk security weaknesses, determine the impact to {{ report.customer_short }}, document all findings in a clear and repeatable manner, and provide remediation recommendations. The following types of findings were in-scope for this private bug bounty program:
55
+
{{ report.customer_full }} (“{{ report.customer_short }}” herein) invited {{ report.candidate.name }} to a private bug bounty program to perform a targeted Web Application Penetration Test of {{ report.customer_short }}’s externally facing web applications to identify high-risk security weaknesses, determine the impact to {{ report.customer_short }}, document all findings in a clear and repeatable manner, and provide remediation recommendations.
56
+
"""
57
+
approach = """
58
+
{{ report.candidate.name }} performed testing under a “{{ report.pentest_approach.label }}” approach from {{ formatDate(report.pentest_start, 'long') }}, to {{ formatDate(report.pentest_end, 'long') }} without credentials or any advance knowledge of {{ report.customer_short }}’s web applications with the goal of identifying unknown weaknesses. Testing was performed from a non-evasive standpoint with the goal of uncovering as many misconfigurations and vulnerabilities as possible. Testing was performed remotely. Each weakness identified was documented and manually investigated to determine exploitation possibilities and escalation potential. {{ report.candidate.name }} sought to demonstrate the full impact of every vulnerability, up to and including internal network access.
59
+
"""
60
+
scope = """
61
+
The scope of this assessment was as follows TODO *.trilocor.local and any and all open web server ports discovered on the target IP address provided at the start of the assessment.
62
+
63
+
| Host/URL/IP Address | Description |
64
+
|:---|:---|
65
+
| TODO www.triclor.local | Main Trilocor website/unauthenticated |
66
+
| TODO exam IP address | PR website/unauthenticated |
67
+
| TODO exam IP address | Jobs Portal/unauthenticated |
68
+
| TODO exam IP address | HR website/unauthenticated |
69
+
| TODO exam IP address | Trilocor online store/unauthenticated |
70
+
71
+
72
+
The following types of findings were in-scope for this private bug bounty program:
56
73
57
74
* Sensitive or personally identifiable information disclosure
58
75
* Cross-Site Scripting (XSS)
@@ -77,20 +94,6 @@ The following types of activities were considered out-of-scope for this bug boun
77
94
* Issues with SSL certificates, open ports, TLS versions, or missing HTTP response headers
78
95
* Vulnerabilities in third party libraries unless they can be leveraged to significantly impact the target
79
96
* Any theoretical attacks or attacks that require significant user interaction or low risk
80
-
81
-
{{ report.candidate.name }} performed testing under a “{{ report.pentest_approach.label }}” approach from {{ formatDate(report.pentest_start, 'long') }}, to {{ formatDate(report.pentest_end, 'long') }} without credentials or any advance knowledge of {{ report.customer_short }}’s web applications with the goal of identifying unknown weaknesses. Testing was performed from a non-evasive standpoint with the goal of uncovering as many misconfigurations and vulnerabilities as possible. Testing was performed remotely. Each weakness identified was documented and manually investigated to determine exploitation possibilities and escalation potential. {{ report.candidate.name }} sought to demonstrate the full impact of every vulnerability, up to and including internal network access.
82
-
"""
83
-
scope = """
84
-
The scope of this assessment was as follows TODO *.trilocor.local and any and all open web server ports discovered on the target IP address provided at the start of the assessment.
85
-
86
-
### In Scope Assets
87
-
| Host/URL/IP Address | Description |
88
-
|:---|:---|
89
-
| TODO www.triclor.local | Main Trilocor website/unauthenticated |
90
-
| TODO exam IP address | PR website/unauthenticated |
91
-
| TODO exam IP address | Jobs Portal/unauthenticated |
92
-
| TODO exam IP address | HR website/unauthenticated |
93
-
| TODO exam IP address | Trilocor online store/unauthenticated |
94
97
"""
95
98
assessment_overview = """
96
99
During the course of testing against {{ report.candidate.name }} identified ...
@@ -99,9 +102,9 @@ TODO SUMMARY OF FINDINGS AND RECOMMENDATIONS HERE
Copy file name to clipboardExpand all lines: demo_data/htb-designs/cbbh.toml
+52-39Lines changed: 52 additions & 39 deletions
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
format = "projecttypes/v2"
2
2
id = "8412f94b-7eb7-4508-9397-0e1b8da5f066"
3
-
name = "HTB CBBH Report v1.1"
3
+
name = "HTB CBBH Report v1.2"
4
4
language = "en-US"
5
5
status = "finished"
6
6
tags = [
@@ -875,7 +875,38 @@ type = "markdown"
875
875
label = "Executive Summary"
876
876
origin = "custom"
877
877
default = """
878
-
{{ report.customer_full }} (“{{ report.customer_short }}” herein) invited {{ report.candidate.name }} to a private bug bounty program to perform a targeted Web Application Penetration Test of {{ report.customer_short }}’s externally facing web applications to identify high-risk security weaknesses, determine the impact to {{ report.customer_short }}, document all findings in a clear and repeatable manner, and provide remediation recommendations. The following types of findings were in-scope for this private bug bounty program:
878
+
{{ report.customer_full }} (“{{ report.customer_short }}” herein) invited {{ report.candidate.name }} to a private bug bounty program to perform a targeted Web Application Penetration Test of {{ report.customer_short }}’s externally facing web applications to identify high-risk security weaknesses, determine the impact to {{ report.customer_short }}, document all findings in a clear and repeatable manner, and provide remediation recommendations.
879
+
"""
880
+
required = true
881
+
882
+
[[report_sections.fields]]
883
+
id = "approach"
884
+
type = "markdown"
885
+
label = "Approach"
886
+
origin = "custom"
887
+
default = """
888
+
{{ report.candidate.name }} performed testing under a “{{ report.pentest_approach.label }}” approach from {{ formatDate(report.pentest_start, 'long') }}, to {{ formatDate(report.pentest_end, 'long') }} without credentials or any advance knowledge of {{ report.customer_short }}’s web applications with the goal of identifying unknown weaknesses. Testing was performed from a non-evasive standpoint with the goal of uncovering as many misconfigurations and vulnerabilities as possible. Testing was performed remotely. Each weakness identified was documented and manually investigated to determine exploitation possibilities and escalation potential. {{ report.candidate.name }} sought to demonstrate the full impact of every vulnerability, up to and including internal network access.
889
+
"""
890
+
required = true
891
+
892
+
[[report_sections.fields]]
893
+
id = "scope"
894
+
type = "markdown"
895
+
label = "Scope"
896
+
origin = "custom"
897
+
default = """
898
+
The scope of this assessment was as follows TODO *.trilocor.local and any and all open web server ports discovered on the target IP address provided at the start of the assessment.
899
+
900
+
| Host/URL/IP Address | Description |
901
+
|:---|:---|
902
+
| TODO www.triclor.local | Main Trilocor website/unauthenticated |
903
+
| TODO exam IP address | PR website/unauthenticated |
904
+
| TODO exam IP address | Jobs Portal/unauthenticated |
905
+
| TODO exam IP address | HR website/unauthenticated |
906
+
| TODO exam IP address | Trilocor online store/unauthenticated |
907
+
908
+
909
+
The following types of findings were in-scope for this private bug bounty program:
879
910
880
911
* Sensitive or personally identifiable information disclosure
881
912
* Cross-Site Scripting (XSS)
@@ -900,27 +931,6 @@ The following types of activities were considered out-of-scope for this bug boun
900
931
* Issues with SSL certificates, open ports, TLS versions, or missing HTTP response headers
901
932
* Vulnerabilities in third party libraries unless they can be leveraged to significantly impact the target
902
933
* Any theoretical attacks or attacks that require significant user interaction or low risk
903
-
904
-
{{ report.candidate.name }} performed testing under a “{{ report.pentest_approach.label }}” approach from {{ formatDate(report.pentest_start, 'long') }}, to {{ formatDate(report.pentest_end, 'long') }} without credentials or any advance knowledge of {{ report.customer_short }}’s web applications with the goal of identifying unknown weaknesses. Testing was performed from a non-evasive standpoint with the goal of uncovering as many misconfigurations and vulnerabilities as possible. Testing was performed remotely. Each weakness identified was documented and manually investigated to determine exploitation possibilities and escalation potential. {{ report.candidate.name }} sought to demonstrate the full impact of every vulnerability, up to and including internal network access.
905
-
"""
906
-
required = true
907
-
908
-
[[report_sections.fields]]
909
-
id = "scope"
910
-
type = "markdown"
911
-
label = "Scope"
912
-
origin = "custom"
913
-
default = """
914
-
The scope of this assessment was as follows TODO *.trilocor.local and any and all open web server ports discovered on the target IP address provided at the start of the assessment.
915
-
916
-
### In Scope Assets
917
-
| Host/URL/IP Address | Description |
918
-
|:---|:---|
919
-
| TODO www.triclor.local | Main Trilocor website/unauthenticated |
920
-
| TODO exam IP address | PR website/unauthenticated |
921
-
| TODO exam IP address | Jobs Portal/unauthenticated |
922
-
| TODO exam IP address | HR website/unauthenticated |
923
-
| TODO exam IP address | Trilocor online store/unauthenticated |
924
934
"""
925
935
required = true
926
936
@@ -1124,7 +1134,24 @@ pentest_end = "2023-05-31"
1124
1134
report_date = "2023-05-31"
1125
1135
report_version = "1.0"
1126
1136
executive_summary = """
1127
-
{{ report.customer_full }} (“{{ report.customer_short }}” herein) invited {{ report.candidate.name }} to a private bug bounty program to perform a targeted Web Application Penetration Test of Trilocor’s externally facing web applications to identify high-risk security weaknesses, determine the impact to Trilocor, document all findings in a clear and repeatable manner, and provide remediation recommendations. The following types of findings were in-scope for this private bug bounty program:
1137
+
{{ report.customer_full }} (“{{ report.customer_short }}” herein) invited {{ report.candidate.name }} to a private bug bounty program to perform a targeted Web Application Penetration Test of {{ report.customer_short }}’s externally facing web applications to identify high-risk security weaknesses, determine the impact to {{ report.customer_short }}, document all findings in a clear and repeatable manner, and provide remediation recommendations.
1138
+
"""
1139
+
approach = """
1140
+
{{ report.candidate.name }} performed testing under a “{{ report.pentest_approach.label }}” approach from {{ formatDate(report.pentest_start, 'long') }}, to {{ formatDate(report.pentest_end, 'long') }} without credentials or any advance knowledge of {{ report.customer_short }}’s web applications with the goal of identifying unknown weaknesses. Testing was performed from a non-evasive standpoint with the goal of uncovering as many misconfigurations and vulnerabilities as possible. Testing was performed remotely. Each weakness identified was documented and manually investigated to determine exploitation possibilities and escalation potential. {{ report.candidate.name }} sought to demonstrate the full impact of every vulnerability, up to and including internal network access.
1141
+
"""
1142
+
scope = """
1143
+
The scope of this assessment was as follows TODO *.trilocor.local and any and all open web server ports discovered on the target IP address provided at the start of the assessment.
1144
+
1145
+
| Host/URL/IP Address | Description |
1146
+
|:---|:---|
1147
+
| TODO www.triclor.local | Main Trilocor website/unauthenticated |
1148
+
| TODO exam IP address | PR website/unauthenticated |
1149
+
| TODO exam IP address | Jobs Portal/unauthenticated |
1150
+
| TODO exam IP address | HR website/unauthenticated |
1151
+
| TODO exam IP address | Trilocor online store/unauthenticated |
1152
+
1153
+
1154
+
The following types of findings were in-scope for this private bug bounty program:
1128
1155
1129
1156
* Sensitive or personally identifiable information disclosure
1130
1157
* Cross-Site Scripting (XSS)
@@ -1140,7 +1167,7 @@ executive_summary = """
1140
1167
The following types of activities were considered out-of-scope for this bug bounty program:
1141
1168
1142
1169
* Scanning and assessing any other IP in the Entry Point's network
1143
-
* Physical attacks against Trilocor properties
1170
+
* Physical attacks against {{ report.customer_short }} properties
1144
1171
* Unverified scanner output
1145
1172
* Man-in-the-Middle attacks
1146
1173
* Any vulnerabilities identified through DDoS or spam attacks
@@ -1149,20 +1176,6 @@ The following types of activities were considered out-of-scope for this bug boun
1149
1176
* Issues with SSL certificates, open ports, TLS versions, or missing HTTP response headers
1150
1177
* Vulnerabilities in third party libraries unless they can be leveraged to significantly impact the target
1151
1178
* Any theoretical attacks or attacks that require significant user interaction or low risk
1152
-
1153
-
{{ report.candidate.name }} performed testing under a “{{ report.pentest_approach.label }}” approach from {{ formatDate(report.pentest_start, 'long') }}, to {{ formatDate(report.pentest_end, 'long') }} without credentials or any advance knowledge of {{ report.customer_short }}’s web applications with the goal of identifying unknown weaknesses. Testing was performed from a non-evasive standpoint with the goal of uncovering as many misconfigurations and vulnerabilities as possible. Testing was performed remotely. Each weakness identified was documented and manually investigated to determine exploitation possibilities and escalation potential. {{ report.candidate.name }} sought to demonstrate the full impact of every vulnerability, up to and including internal network access.
1154
-
"""
1155
-
scope = """
1156
-
The scope of this assessment was as follows TODO *.trilocor.local and any and all open web server ports discovered on the target IP address provided at the start of the assessment.
1157
-
1158
-
### In Scope Assets
1159
-
| Host/URL/IP Address | Description |
1160
-
|:---|:---|
1161
-
| TODO www.trilocor.local | Main Trilocor website/unauthenticated |
1162
-
| TODO exam IP address | PR website/unauthenticated |
1163
-
| TODO exam IP address | Jobs Portal/unauthenticated |
1164
-
| TODO exam IP address | HR website/unauthenticated |
1165
-
| TODO exam IP address | Trilocor online store/unauthenticated |
1166
1179
"""
1167
1180
assessment_overview = """
1168
1181
During the course of testing against {{ report.candidate.name }} identified ...
0 commit comments