Stop trying every tools you get on internet, stick to one tool and try to use maximum of it to get results
Just for an example: Ffuf
Refer these resources:
#bugbounty
#bugbountytip
#bugbountytips
If an LFI vulnerability exists, look for these files:
1-Linux system and user files:
/etc/passwd
/etc/shadow
/etc/issue
/etc/group
/etc/hostname
/home/user/
/home/user/.ssh
/home/user/bash_history
#bugbounty
#bugbountytip
#bugbountytips
When looking for IDORs and have 401/403 errors, some bypasses :
- Wrap ID with an array {“id”:111} --> {“id”:[111]}
- JSON wrap {“id”:111} --> {“id”:{“id”:111}}
- Send ID twice URL?id=<LEGIT>&id=<VICTIM>
- Send wildcard {""user_id"":""*""}
AWS Security Testing Checklist
=Identity and Access Management
1-Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
2-Ensure credentials unused for 90 days or greater are disabled
Just found 2 IDORs with the help of authorize
Tip-Don’t test IDOR manually,try to semi-automate using authorize
Check these blogs for better understanding
#bugbounty
#bugbountytips
I am planning to mentor(guide) 2 Students free of cost who are new into Penetration Testing/Bug Bounty
Comment these things in this post:
1-Why you need this?
2-Your career plan?
3-Your Public Profile(BugBounty/HTB/THM)
You can retweet this for maximum reach
#bugbounty
SSRF exploitation via URL Scheme
1-File:Allows an attacker to fetch the content of a file on the server
file://path/to/file
file:///etc/passwd
file://\/\/etc/passwd
ssrf.php?url=file:///etc/passwd
#bugbounty
#bugbountytips
#bugbountytip
New Updates on my web application penetration checklist
1-Wordpress Common Vulns
2-403 bypass techniques
3-Burp Suite Extensions
Link:
#BugBounty
#bugbountytip
#bugbountytips
With the help of google dorks, we can easily find bypasses
1-Normal search:
<wafname> waf bypass
2-Searching for specific version exploits: "<wafname> <version>" (bypass|exploit)
3-For specific type bypass exploits:
"<wafname>" +<bypass type> (bypass|exploit)
As a beginner,i faced lot's of difficulties in finding one single bug,i searched everywhere abt any checklist but none were available.After 3months of hardwork & constant support of
@impratikdabhi
@ADITYASHENDE17
@udit_thakkur
@manas_hunter
finally made my Bug hunting checklist
One of the best ways to confirm a SQL injection is by making it operate a logical operation and having the expected results.
For example: if the GET parameter ?username=Peter returns the same content as ?username=Peter' or '1'='1 then, you found a SQL injection.
#bugbountytips
Different tricks to turn your LFI into RCE
1-Using file upload forms/functions
2-Using the PHP wrapper expect://command
3-Using the PHP wrapper php://file
4-Using the PHP wrapper php://filter
5-Using PHP input:// stream
6-Using data://text/plain;base64,command
#bugbountytips
File Upload Restriction Bypass Checklist
1-Try various file extensions-Try different versions of the file extensions, for example php3, .php4, .php5, phtml for PHP scripts, asp,aspx
#bugbounty
#bugbountytip
#bugbountytips
Docker Security Cheat Sheet
1-Keep Host and Docker up to date
2-Set a user
3-Limit capabilities (Grant only specific capabilities, needed by a container)
4-Add –no-new-privileges flag
5-Disable inter-container communication (--icc=false)
Windows DLL Injection Basics
DLL injection is the process of inserting code into a running process. The code we usually insert is in the form of a dynamic link library(DLL)
DLL injection into four steps:
If you find SQL Injection in any program or product always check for the current database user role.If the user is a root and has the file write permission,we can upload a malicious file via SQL statement.
#bugbountytip
#bugbountytips
Where do IDORs commonly found?
-REST APIs
-GET parameters
-POST request bodies
-GraphQL endpoints
-PUT parameters
-IDs in the request header
-IDs in the cookies
AWS S3 Bucket Misconfiguration
1-Bucket takeover-If an application is using a domain-linked S3 bucket that has been deleted by developers and CNAME records from Amazone Route 53 are still pending deletion,you can claim this unclaimed S3 bucket name by using an other AWS account
I have started preparing the beginner’s content for getting started in bug bounty. It will take time for me to collect all the resources at one place. So I thought to upload the work and keep updating on every weekend during my free time to help every beginner
Link: 👇🏻