@9TailsTechnologies How I would go about this is using burp to confirm that you can upload the file. How to do this is before you upload the file, do a test.txt file to see if you can upload that. But have burp intercept (I think i spell that right) on as you do this. As soon as you go to upload the .txt file go back to the intercept and find the file name. Deleted it and input the following in it place:
test.php. You also have to find the filename =“test.txt” and change that too filename=“test.php”. Now find the javascript and change it too php code:
<?php
phpinfo()
?>
to see if it works now press the forward button in burp to see if you get a POST header. if so then the attack can work. But i would not use the metasploit code since it might not be formatted right. I would use in Kali the /usr/share/webshells then the code for php to upload that next into the same steps but instead of placing the normal php code from before upload the shell code in repeater ( burp). then send the request and if you get a 200 page and a success then you got shell access.
I never dont that before but seen it in done in training videos. So it about 50/50 if this works.
First off, thank you very much for your detailed answer, I’m going to take a look at the kali-shell as you suggested.
I may not have managed to make this clear with my first post, but I already managed to do what you described. The payload is already uploaded and saved on the target-server. The problem is much rather, that I can’t manage to access it afterwards.
For example, the reverse-shell-payload is saved after upload under the URI https://example.com/uploads/shell.php. But when I try to open this URI per GET-request, I get http-code 405 since only DELETE-headers are allowed.
My question is, if there is another way to open the payload (maybe with a manipulated DELETE-request or by bypassing the protection-mechanism in some other way).
And if there should be no way to get the payload to execute, is the uploading of a malicious payload still report-worthy, even though I can’t find a way to open it afterwards?
Hello all, I come from a non-technical field so I pretty much have zero knowledge on pretty much everything regarding bug bounty hunting,we did learn to code at uni ( python,a bit JS and basic HTML5) and I could dabble with them on a decent level but that is as far as my knowledge goes. I have been interested in becoming a bug bounty hunter mainly because I find it extremely interesting ( and who knows maybe make some $$ to support my studies a bit?) I have completed all the codecademy sources as suggested in the bugcrowd university introductory video ( Python,JS,SQL,command line,deploying a website) and have tried to read as many ‘‘guides’’ as I possibly can about becoming a hunter.I managed to single out and compile a list of some resources from said guides that seem to be the most widely recommended by people with experience in this filed but I cannot figure out in which order to go through them.
Resources:
.Web application hackers handbook 2nd ed .Web hacking 101 .Owasp testing guide .Hacker101 YT video series .Bugcrowd university YT video series .PentesterLab pro exercises/guides
Anyone care to suggest with which of these should I begin or have any other resources to suggest? As I said I don’t really know anything besides some basic coding. Thank you all for taking the time to read this!
Greetings Cynical, I’m also new, but from a far more technical background. From what I can tell all the things you listed are good resources. Everyone has different learning styles, so what might be best for me, may not work for you.
I’d suggest trying a bit of each one to start and see what seems to resonate best with you.
If you feel some are equivalent, I’d suggest (especially for ‘hands on’ stuff) that you pick the newest one. That’s going to be the most likely to have instructions etc that are ‘still the same’ as when the book was published.
I’m currently following a slightly older book, but I’ve already discovered that (for example) the older version of Kali they provide a VM image for won’t work well anymore because among other things, the provided browser (which I couldn’t seem to update) doesn’t support the most modern TLS standards and breaks trying to establish a HTTPS connection.)
The pace of change is high, and trying to do ‘hands on’ instruction with things that are more than a year or two old can be very ‘challenging’
Pretend you’re starting fresh, creating a Kali vm, installing tools, etc. Do you run 32 bit or 64 bit on the Kali…
Reason for asking is I started off with 32 bit, but then rapidly got into the linux version of ‘dll hell’ where apt-get can’t install ‘kali-linux-all’ because of dependency conflicts. I managed to chase the conflict down to stuff related to gnuradio:i386 <> gnuradio-dev:i386 but have no clue how to resolve it. Wondering if maybe this is not an issue with 64 bit?
I have managed to find some balance between reading the books,watching talks and doing some basic projects so I don’t get rusty with the ( few) programming skills I have. Just two follow up questions maybe you could help me with:
To what extent should I learn JS? Generally I find coding to be really interesting and I enjoy doing it but for some reason I can’t stand JS,it just irritates me, ALOT! Do you think I should struggle to improve my skills with JS or is just understanding the basics enough?
I have always used various linux distros as my secondary OS so I have some knowledge on that area,should I invest more time into becoming more familiar with linux? I see a lot of people talking about kali but no ‘‘beginner guide’’ even mentions kali or any other linux distro as something you should learn.
Usually you’ll find a note at the end of the Scope section saying something like: Testing is only authorized on the targets listed as In-Scope. Any domain/property of xxx not listed in the targets section is out of scope. This includes any/all subdomains not listed above. But the scope only says https://www.xxx.com/, it’s fair to assume that all https://www.xxx.com/* sites are in-scope. If you’ve found a vulnerability on a subdomain, it’s wise to reach out to Bugcrowd support before submitting. They will usually respond within a day, and that way you’ll avoid N/As
I keep watching tutorials that say to use Vega scanner but I am worried about how many requests it is making when it is testing. Is there any way to throttle Vega? If not, are there any other tools like it that do allow throttling?
Vega will usually not be helpful in bounty hunting. There’s a crazy amount of false positives, and even if it finds something, it will likely not be a unique issue. Your time is better spent doing extensive recon and manual testing. If you insist on using scanners, just check the target’s policy on vulnerability scanners in the bounty brief first.
I am having a sub domain that is pointing out to https://pages.github.com/ . But also it is telling that Did you mean to visit (vulnerablewebsite.com)? Please note that this site belongs to a GitHub user and is not an official GitHub site . What can i do in this case i am confused?
If you got the skills to do it, then I would guess so. If you are able to set up a Paypal will have an effect if you are able to do this yet. But don’t take my word for it pal, i’d check with support first
I have found a subdomain which seems to be protected as you get a 403 when you try to access it.
By altering the request, it seems to bypasses this check as I’m able to access the site behind it.
However the site behind this request is a confluence page which asks for a login.
I’m not sure if this is enough to report as a bug?
Obviously the initial protection can be bypassed, which you could label as “Server security misconfiguration”.
This might be because they only want this site to be accessible from within their networks or something.
And getting the login form would allow me to start bruteforcing credentials, I haven’t checked if they have enabled captcha protection as I don’t want to interrupt their user’s work.
There doesn’t seem to be anonymous access to any content, and the version isn’t vulnerable to CVE-2019-3396.
Just exploit template injection vulnerability {{7*7}} = 49
and I m pretty sure it’s using Jinja2 template but when I trying below payloads results are blank.
Hi ive been looking around the websites for bug bounty on Youtube.i started a program today but struggling to exploit and to go from where to where like i played around with my website and i used xss and a server error came up i dont know if that is a bug or a lead to a bug that is there.Do you have any advise for me on how i could identify a bug and and lead to some king of a bug?
Usually an XSS payload will not result in an internal server error in the same way a SQLi payload might - Javascript is client-side. There is likely a WAF in place blocking potentially malicious traffic. It does not necessarily indicate an XSS vulnerability.
