MIME type sniffing

MIME type sniffing is an operation conducted by many browsers. Each browser behaves differently on that matter, but overall, MIME sniffing is an action where they determine a page content type depending on that page content. This is can be dangerous as it could allow attackers to hide HTML code into a .jpg file, and have the visitor's browser interpret the page and execute client code (XSS) because the browser determined the file was HTML code instead of a JPG image.

The XCTO (X-Content-Type-Options) security header can be used to indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed by the browser depending on the pages content. Websites that implement that security header with the nosniff directive must also include a valid Content-Type header in their responses.

Resources

https://www.keycdn.com/support/what-is-mime-sniffing

https://www.denimgroup.com/resources/blog/2019/05/mime-sniffing-in-browsers-and-the-security-implications/

https://blog.mozilla.org/security/2016/08/26/mitigating-mime-confusion-attacks-in-firefox/

https://mimesniff.spec.whatwg.org/

Reconnaissance

Movement

Credentials

Dumping

Bruteforcing

MITM and coerced auths

NTLM

Kerberos

Forged tickets

Delegations

DACL abuse

Netlogon

Certificate Services (AD-CS)

SCCM / MECM

Exchange services

Print Spooler Service

Schannel

Built-ins & settings

Kerberos

Certificate Services (AD-CS)

HTTP security headers

Identity and Access Management

File inclusion

LFI to RCE

Initial access (protocols)

Windows

UNIX-like

(AV) Anti-Virus

Mifare Classic

Android

MIME type sniffing

Resources

Dumping

Bruteforcing

MITM and coerced auths

NTLM

Kerberos

Forged tickets

Delegations

DACL abuse

Certificate Services (AD-CS)

SCCM / MECM

Certificate Services (AD-CS)

HTTP security headers

File inclusion

LFI to RCE

Windows

UNIX-like

Mifare Classic

MIME type sniffing ​

Resources ​

MIME type sniffing

Resources