🛠️ Account deletion

Theory

Removing an account is a sensitive action that should be taken into consideration.

Practice

Some protection mechanisms should be incorporated:

Protection: when deleting an account, the web application should request the user to submit its credentials (it can prevent attacks such CSRF, XSS...).

Resources

https://infosecwriteups.com/bugbounty-how-i-was-able-to-delete-anyones-account-in-an-online-car-rental-company-8a4022cc611

Reconnaissance

Movement

Credentials

Dumping

Bruteforcing

MITM and coerced auths

NTLM

Kerberos

Forged tickets

Delegations

DACL abuse

Netlogon

Certificate Services (AD-CS)

SCCM / MECM

Exchange services

Print Spooler Service

Schannel

Built-ins & settings

Kerberos

Certificate Services (AD-CS)

HTTP security headers

Identity and Access Management

File inclusion

LFI to RCE

Initial access (protocols)

Windows

UNIX-like

(AV) Anti-Virus

Mifare Classic

Android

🛠️ Account deletion

Theory

Practice

Resources

Dumping

Bruteforcing

MITM and coerced auths

NTLM

Kerberos

Forged tickets

Delegations

DACL abuse

Certificate Services (AD-CS)

SCCM / MECM

Certificate Services (AD-CS)

HTTP security headers

File inclusion

LFI to RCE

Windows

UNIX-like

Mifare Classic

🛠️ Account deletion ​

Theory ​

Practice ​

Resources ​

🛠️ Account deletion

Theory

Practice

Resources