APPLICATION SECURITY & RECON | Top 5 P1 warriors @bugcrowd | hackerone.com/krishnsec_

Earth 🌏
#Beginner #recon #bugbountytips #bugbounty 1-Choose a wildscope and enumerate subs using subfinder +amass+ assetfinder + knockpy 2- Now run httpx and pic intresting subdomains only 3- Specially php aspx html asp and old looking websites 4- Now fuzz interesting subs with ffuf
1
364
1,023
I’m dead 😂
35
100
953
150,059
#LFI #P1 #bugbountytips #bugbounty 1- Go to admin. site.tld/login 2- Tried to login with wrong credentials > error 3- Send to burp repeater 4- Found new parameter filename because of error 5- tried payload ../../../../../../../../../../../../etc/passwd 6- Full LFI ✅
205
876
#P1 #sqli #bugbountytips #bugbounty Application was using php ( whenever I see php , I test sqli first ) I tried blind sqli payload in login params - not worked sprayed in user-agent - worked✅ User-Agent: "XOR(if(now()=sysdate(),sleep(5),0))XOR" ===> 5.xx seconds delay
1
221
756
#Easy #P1 #bugbountytips #bugbountytip #bugbounty Bug- Admin Panel Access Steps 1- Visit login panel 2- Enter username= admin and random password 3- click login & capture in burp 4- Do intercept 5- Update {"status":"0"} to {"status":"1","user_type":"admin"} 6- Admin console :)
27
191
715
Tips to look for log4j with @Burp_Suite - #bugbountytips #log4j #RCE #bugbounty 1- You can use wappalyzer to check whether application is using java or not addons.mozilla.org/en-US/fir… 2- Like this see attached pic 1 , web app is using java 3- Now open your burp > checkout
18
317
678
Just automated it 12 P1 now 👀 ( 2/n )
45
33
522
59,441
100 P1’s championship belt 🔥 Best swag ever , I love it Thank you @Bugcrowd ❤️ #bugcrowd #bugbounty
41
6
486
23,395
#P1 #bugbounty #bugbountytips #bugcrowd 1- on visiting url http://domain.tld it were redirecting first to http://domain.tod/dir1/dir2 then to sso login 2- Fuzzed after first redirection 3- http://domain.tld/dir1/dir2/FUZZ 4- this payload leads to 200 ok disclosed local files
21
85
481
27,052
Crossed 1k Rep on a single program on @Bugcrowd Bugs :: 9 P1s ( 8 -admin panel bypass , 1- aws keys in source code ) 5 P2s ( blind xss , 2 account takeover - csrf+xss , 2 admin panel ) 35 P3s - Ref XSS
48
19
443
39,190
LFI in misconfigured rails application `accept: ../../../../../../../../etc/passwd{{` ``` def index render file: "#{Rails.root}/some/file" end ``` #lfi #bugbountytips #bugbounty github.com/mpgn/CVE-2019-541…
18
88
438
39,342
I earned $15,000 for my submission on @bugcrowd bugcrowd.com/krishnsec #ItTakesACrowd
48
14
431
39,718
#P1 #bugbountytip #bugbounty 1- view source domain.tld 2- Found jwt token token 3- decoded at jwt.io 4- Found admin username & email 5- Tested credentials username :: username ( passwd same as username ) on each subdomain login page 6- Pwned 2 admin panels
22
78
429
36,767
/backup.tar.gz
12
32
427
79,547
If you have access to #jenkins dashboard use below Script Console cmd for poc ``` def passwdFile = new File("/etc/passwd") println passwdFile.text ``` #P1 #bugbountytips #bugbounty
14
74
414
26,976
Spamming day with 7 P1 cmdi poc cmd worked : %26ls||id%26 #bugbounty
39
52
414
37,257
tomcat /..;/
6
38
414
31,458
Great time with my recon buddy , my cool brother @GodfatherOrwa 👑 at @bsidesahmedabad
12
10
396
25,234
I started hunting on h1 last night ✌️ Found critical in 10 mins of recon Username = admin@company.tld Pass = admin123 #bugbountytips #bugbounty
1
40
363
1- LFI / 0day 2- Bypassed admin panel with ‘+’ sign in @comapny.tld email 3- auth bypass cve #bugbounty @Bugcrowd
15
22
354
20,663
If you will see below ss I came back touching local files with 500 error 😅 Payload : ../../../../../../../../../../../../../etc/passwd weird case not a full #LFI
9
54
341
#Another story - Crossed 800+ Rep on a single program on @Bugcrowd Bugs :: 14 P1s 1- geoserver -sqli 7- Auth bypassess 6- sqli
38
16
325
32,446
In top 100 on @Bugcrowd with 57 P1's I started bug bounty journey 1yr 9 months ago( Nov'2020 ) bugcrowd.com/kanhaiya_sh4rma thank you bugcrowd ⚡♥️
1
5
185
Yay, me & @DhiyaneshDK was awarded a $4,505 bounty on @Hacker0x01! #TogetherWeHitHarder Bug: CVE 2024 34102
22
13
307
16,903
made nuclei template for this last month 🙌 #bugbountytips #rce
story of very quick RCE Target/cgi-bin/dmt/reset.cgi?db_prefix=%26id%26 You can to add this paths for ur wordlist cgi-bin/dmt/reset.cgi?db_prefix=%26id%26 cgi-bin/reset.cgi?db_prefix=%26id%26 fuzzing as well cgi-bin/FUZZ.cgi?FUZZ=%26id%26 #bugbountytips ❤️
6
82
305
29,543
#New #year #Resolution This year I decided to help at least 10 BB Hunters( I will choose my own ) to get their 1st bounty on any platform Learners who r trying hard from 1 or 2years 2 already done - @starkcharry & @TheLittleH4ck3r 💪⚡️
6
36
298
38,565
Keep pwning same program: Found first P1 in jan 2022 and now it’s dec - still finding bugs here 1- url/FUZZ 2- url/web/admin/home 3- Found login 4- Enter [ admin@domain .com :: Admin@1 ] #bugbountytips #BugBounty
53
297
16,945
30+ bugs in last 24hrs on 5 different programs Can't stop myself .....
39
8
280
27,484
I earned $8 for my submission on @bugcrowd bugcrowd.com/krishnsec #ItTakesACrowd
25
5
281
24,595
Different programs but same intention Pwned microsoft sql servers with all possible ways end up with 7 P1’s
21
1
273
13,532
Don’t underestimate the power of / Just found a P1 domain.tld/FUZZ domain.tld/dir - no results domain.tld/dir/ - unauthorised access to a monitoring Panel #bugbounty
5
36
274
25,356
#bbcollab ⚡️ Me & @GodfatherOrwa earned $$ for submission on @bugcrowd #ItTakesACrowd bug : internal secrets disclose in dumped files == As always I found the bug and orwa 👑 escalated it
10
10
274
26,534
Thank you for another cool swag @Bugcrowd ❤️🙌
17
3
268
24,174
38 invites in 2 hrs 😶 @Hacker0x01 ✌️ ❣️
1
5
262
Should I take rest ? Naah .. Working hrs : 5-7hr /week
7
248
Follow me for easy bounty tips 🤐
10
16
247
22,568
#P1 > report > @RelentlessT7 < 10 min I can confirm tal_bc doesn't sleep 😅 Bug :: working aws cred were leaking in main.xx.js file Found this file in view-source - visited view-source & search '.js' - validated aws secret with @streaak github repo github.com/streaak/keyhacks#…
10
41
240
20,701
#Recon 🫰 4 SQLi , 2 Blind XSS , 3 Ref XSS on old fav program plus 1 admin last week ( by full port scan ) I hunt on this program 2 times /month and find bugs every time Read blog > got new idea > write down in notes > do recon again > hunt with notes + #TakeCareOFYourHealth
12
14
230
20,935
sqli or not ? #BugBounty so it was POST /xxx.php HTTP 1.1 with multipart params > .php 👀should I try sqli ? > replaced one param with * > saved as r.txt cmd - python3 sqlmap.py -r r.txt --level 5 --risk 3 --dbs --time-sec=15 --hostname will post if succeed 1/n
6
43
218
19,693
November goal : 25 bugs / week all platforms combined 30 push ups on each N/A or dup :) 5 P1 or critical atleast If I lost P1 goal - will give away 5 random winners with subs of their choice ( prettyrecon / htb / pentesterlab )
23
10
220
#BountyGoals2023 2X Bounties than last year 150 P1’s More collaboration Thanks @Bugcrowd for everything ❤️
7
4
205
87,092
Top 3 globally @Bugcrowd july leaderboard #bugbounty
16
203
9,870
In my opinion - It's very easy to be in the top 100 on Bugcrowd. All it takes is 8-12 hours of hacking every day for 2 years. Simple.
13
12
209
16,063
pov : you found new favourite bb program
7
5
208
30,569
Just noticed I’m in All time top 30 globally @Bugcrowd
Crossed 9K reputation on @Bugcrowd
32
199
13,746
My goals for 2022 1) Only cert - @Bugcrowd CPT 2) 10X Bounties than last year 3) Hack more rdp's 4) Collaboration with few awesome hackers 5) Do Charity 6) Gift a bike or car to myself 7) Daily 1hr for health . 8) Will share more bugbounty tips :) #bugbounty #infosec #hacking
14
5
192
I dropped RCE with poc to dutch ncsc.nl and they said not a bug 😂 In poc I executed code on their server :) #whatAsecurityTeam
41
6
203
29,336
Goal 6 ✅ New toy in garage 🙂 #infosec is ❤️
4
196
I think I should hunt on all platforms :) Bug: LOG4j rce on public program
13
8
199
21,903
I earned $1,500 for my submission on @bugcrowd bugcrowd.com/krishnsec #ItTakesACrowd
15
5
199
12,917
Finally!! Crossed 10,000 Reputation on @Bugcrowdbugcrowd.com/krishnsec #bugcrowd #bugbounty
29
1
195
8,597
few ways to try on #admin - Default login ( panel based - google ) - Response manipulation - Admin bruteforce with top 10k passwords **only if bruteforce is in scope ** - Fuzz for hidden register/signup page then signup as admin (rare)
4
42
191
18,080
I found 36 sqli on an Indian Bug Bounty Program But they will pay only 20K INR for all criticals So I left 🙂
27
4
187
29,053
Thank you everyone for following ❤️ I have 10k friends now , Will send 10 gifts🎁to first 10 randomly generated numbers just comment a number out of 1-10,000 👇 and 11th gift to last follower #Giveway
348
11
187
47,046
first collab of ‘25 @mertistaken 🤝 he is an exceptional hacker with expertise in manual hacking ❤️
10
3
185
10,614
Found another weird #P1 PII leakage of 15k users #tip - fuzz faster you fool aka #ffuf Started ffuf : 301- django error ran ffuf again -mc 200 : Critical PII disclosure 💸💸
23
188
Local files for Linux : /etc/passwd /etc/shadow /etc/shells /etc/group /etc/profile /etc/hosts /proc/self/environ /proc/self/status /proc/mounts #bugbountytips #BugBounty
2
24
203
11,161
200 P1 on @Bugcrowd
3
185
7,440
` Haters will say it's Photoshopped ` I found this P1 in just 2 min Secret Tip - Keep checking your notes #bigbountytips #FromAnotherUniverse #meme
28
10
177
29,429
Easy Admin access dev said login with admin/admin
12
19
182
19,892
I want to share a small story of life . From my first P1 to till date , It was @GodfatherOrwa behind my most of P1 successes I started hunting for P1's after reading his blog . You are a gifted brother . Many times I found any doubt on bugs , sent to you
2
6
177
171 bugs in 2 months on @Bugcrowd
3
174
15,216
hello h1 👋 again I hope won’t quit this time :)
2
3
174
13,176
#saturday hunt #bugcrowd customer said "we will accept only P1-P2 " Me : challenge accepted Going to enjoy my weekend now :)
3
7
169
reading official docs can give you fruitful results sometimes >> - whenever u encounter new service or product must read their official docs ..
5
3
168
7,384
This week I hacked 14hrs/day 100 hours of put-in work ../week #BugBounty
15
3
170
16,661
dropped a critical on @StandoffBB Got new invite mail > fuzzed main domain with tar.gz extension @amoshkov @PTsecurity_EN
6
2
169
7,962
But Don't worry @R29k_ I have 40+ new / triaged bugs pending 😅🫣💪
Replying to @R29k_ @Bugcrowd
Congrats and which is equivalent to my one month bounty , I should work hard now😬
22
6
156
51,344
🙌
2
14
155
10,192
10 % - auth bugs 10% - automation 80% - manual recon & unauth testing That’s how I pwn wildcards >>>
6
3
159
9,260
#bugbounty life in nutsell >>> There are many pros & cons of doing full time bb specifically related to health ‼️
4
12
154
11,575
It’s not difficult bcoz there’s no competition Everyone is fckking distracted Only a few are grinding It’s easy to win in today’s time .
8
17
151
12,580
I earned $99,999 for my p1 submission 🎉 tip - very deeeep recon #begbountytips #bigbounty
26
1
152
8,580
Reading again after 5 years ✌️❤️
10
2
153
7,756
He is right , with recon You can’t find more than 2 P1/day see recon makes u slow
RECON IS A SCAM HACK THE MAIN APP
16
2
148
32,467
Bug bounty is addictive only If your growth is positive else it’s fckiiig boring …
11
2
145
12,253
150 P1 warrior cool #swag ❤️@Bugcrowd #bugcrowd #bugbounty
6
1
152
12,829
One step in right direction 500 rep ✅ on @Hacker0x01
5
1
148
12,979
For the past 1.5 years, I've been very inspired by legend @mertistaken, moving from just following him to now collaborating with him🔥🙌
9
144
8,851
bug bounty year #2024 - 685 bugs !! /.exit
5
4
138
9,501
Just found an 0day by mistake :) severity critical >>
21
1
139
21,756
always record video poc for high & crits always record video poc for high & crits always record video poc for high & crits always record video poc for high & crits . . else customer may cheat >>>>>>>>>>
15
5
136
14,381
July 2022, @Bugcrowd leaderboard I just saw 👀, I was in top 10 - first time🙃 bugcrowd.com/Kanhaiya_sh4rma
10
3
139
Testing multiple targets at a time may or may not lead to good bounties But sticking with one wide-scope target and testing it at regular intervals will teach you cool things Hunt> take break> read blogs> make note(sublime) & Hunt again #bugbounty
11
13
138
9,227
it’s @Bugcrowd made $$30k + in last 30 days
Nowadays money platform is @yeswehack 🥳🤚
5
6
136
24,658
Found 25+ different critical bugs on @Hacker0x01 but ended up reporting them in just 4–5 reports. bcoz I hate writing lengthy reports with all my heart >>
15
1
139
9,856
Stats from jan 2021 till today .. #bugbounty #bugcrowd
In case you are curious here are the stats from March 2020 till today :) #bugbounty
12
6
137
32,954
Just saw , I’ve made it to the all-time Top 5 P1/P2 hackers in 🇮🇳 on @Bugcrowd from #paidprograms bugcrowd.com/leaderboard/p1p…
19
1
139
6,245
Hackers ! what makes you happy ? apart from hacking ..
118
7
126
34,764
Hackers getting ready for weekend >>
11
5
129
25,266
Yay, I was awarded a $$$$ bounty on @Hacker0x01! hackerone.com/krishnsec #TogetherWeHitHarder Bug - Sqli + Rce on Porsche
14
1
133
12,763
Hackers , apart from bug hunting what else you like ?? I'll go first - unplanned tours , spirituality , new friends , music , mcu & Bike ride 🏍️
55
6
130
22,288
Top 25 P1 Warriors ✅globally 💯 P1 ✅ @Bugcrowd
8
123
10,154
Either be disciplined or be ready for a life full of compromises :)
8
6
119
9,530
Planning to order a bugatti , what color is your bugatti ? inspired by @nav1n0x
13
117
15,870