Scribd
Upload
451 views47 pages

Bug Bounty

Bug bounty programs invite ethical hackers to find and report security vulnerabilities to organizations in exchange for monetary rewards. Popular platforms include HackerOne, Bugcrowd, Synack, and Cobalt. Aspiring hackers should start by reading materials on web hacking and methodology, then practice finding vulnerabilities like XSS and SQLi on sites like DVWA and testphp.vulnweb.com. Manual testing can be supplemented with tools like Burp Suite, sqlmap, and content discovery utilities. Patience and persistence are key in bug bounty hunting.

Uploaded by

Prince
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
451 views47 pages

Bug Bounty

Bug bounty programs invite ethical hackers to find and report security vulnerabilities to organizations in exchange for monetary rewards. Popular platforms include HackerOne, Bugcrowd, Synack, and Cobalt. Aspiring hackers should start by reading materials on web hacking and methodology, then practice finding vulnerabilities like XSS and SQLi on sites like DVWA and testphp.vulnweb.com. Manual testing can be supplemented with tools like Burp Suite, sqlmap, and content discovery utilities. Patience and persistence are key in bug bounty hunting.

Uploaded by

Prince
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 47

What is Bug bounty?

A program where ethical hackers are invited to report security vulnerabilities


to organizations . In exchange for monetary reward or acknowledgment for
useful submissions
Popular bug bounty programs
Bug Bounty platforms
• HackeOne
• Bugcrowd
• Synack
• Cobalt
• Zero copter (private bug bounty platform)
• Microsoft
• Google
How Should I Start
Read
Web Hacking
The Hacker's Handbook
The Bug Hunters Methodology
v2.1
PRACTICE

Practice one
vulnerability per
day
PATIENCE

Patience is the key


TARGET DISCOVERY
SUBLIST3R
OTHER SUBDOMAIN ENUMERATION TOOLS

1. AQUATONE
https://github.com/michenriksen/aquatone

2. KnockPy
https://github.com/guelfoweb/knock

3. Amass
https://github.com/caffix/amass

4. SubBrute
https://github.com/TheRook/subbrute
WEB SCREENSHOT
EYEWITNESS
Web ScreenShot
https://github.com/breenmachine/httpscreenshot/

Visual Site Mapper


http://www.visualsitemapper.com/
CONTENT
DISCOVERY
DirSearch
OTHER CONTENT DISCOVERY TOOLS

1. Dirb
Inbuilt Tool in Kali Linux

2. Gobuster
https://github.com/OJ/gobuster

3. DirBuster
https://sourceforge.net/projects/dirbuster
ADVANCED GOOGLE DORKS
Google Dork is a Advanced google Query for fetching information about target
from google.
 "site:www.examlpesite.com“
"inurl:login.php“
"intext:text“
More information and Query : https://github.com/rootac355/SQL-injection-dorks-
list/blob/master/google%20dorks%20for%20sql%20injection.txt  

TECHNOLOGY BEHIND
Wappalyzer (chrome extension)
Builtwith (https://builtwith.com)
Wpscan (Built-in Tool in kali linux)
OWASP TOP 10
VULNERABILITIES
BURP SUITE
• Burp Suite is widely used pentesting framework, created by PortSwigger Web
Security, to perform security testing on web applications.

• The suite of products can be used to combine automated and manual


testing techniques
HOW TO INSTALL BURP ON
FIREFOX
• Download BurpSuite form given link
https://portswigger.net/burp/communitydownload
• Open the Burp suite →Proxy→ Option → Configure The Proxy
→Download The Certificate from http://burp
• Open your Firefox → preference → Network Proxy→ Settings
→ Configure the proxy

More information
https://webkul.com/blog/burp-suite-installation-process-for-mozilla-
firefox/
Burp Proxy → Intercepting the request from client to server
Burp Intruder → Burp Suite's Intruder tool can perform automated attacks on web
applications. 
Burp Repeater → Used to modify requests to the server, resend them, and observe
the results.
Burp Scanner → Burp Scanner is a web application security scanner, used for
performing automated vulnerability scans of web applications
Burp Decoder → Burp Decoder is a simple tool for transforming encoded data into its
decoded form, or for transforming raw data into various encoded and hashed forms.
CROSS SITE
SCRIPTING
(XSS)
Cross Site Scripting
•Xss is code injection attack allowing the attacker to inject a malicious code
into a website
•Currently one of the most common and easy attack
•Caused by insufficient input validation
IMPACTS
• Stealing other user's cookies

• Stealing their private information

• Performing actions behalf of other users

• Redirecting to other websites

• Showing ads in hidden iframes and pop-ups


TYPES OF XSS
• Non-Persistent XSS

• Persistent XSS (Stored XSS)


Where Should I Practice?
• XSS LAB – http://prompt.ml
• http://testphp.vulnweb.com/
• bWAP
• DVWA - Damn Vulnerable Web Application
SQLI (Structured Query
Language Injection)
• SQL injection is a code injection technique, used to attack data-driven
applications, in which nefarious SQL statements are inserted into an entry
field for execution

• Legitimate Query:
SELECT * from users WHERE username = ‘admin’ and
password = ‘123’

• Injected SQL code:


SELECT * from users where username = ‘admin’
and password = ‘XXX’ or ‘1’=‘1’
SQL injection exploit?
• Access sensitive data in the database,
• Modify database data,
• Execute administrative operations within the
• database (e.g. shutdown the DBMS),
• Recover the content of a given file present on
• the DBMS file system
• And in some cases issue commands to the
• operating system
Finding SQL Injection Bugs
• Submit a single quote as input
• If an error results, app is vulnerable.
• If no error, check for any output changes.
Seems Very Hard?
Don’t worry We can automate it simply
Sqlmap
CROSS SITE
REQUEST
FORGERY(CSRF)
CSRF

Cross-site Request Forgery is a vulnerability in a website that


allows attackers to force victims to perform security-sensitive
actions on that site without their knowledge.
SENSITIVE ACTION
• Password change (Account Takeover)
• Email address change (Account Takeover)
• Fund Transfer
• Delete users
• Delete Accounts
• Changing profile information's…..etc
TESTING CSRF
STEPS
1. Configure a proxy
2. Log in to the Target site
3. Perform the target functionality
4. Capture the request
5. Generate a HTML for CSRF (Burp Engagement Tool)
6. Log out 
7. Host the HTML file and send the link to victim
8. Once victim clicks some sensitive action will occur on his account.
INSECURE DIRECT
OBJECT REFERENCE
(IDOR )
IDOR
• Attackers manipulate uid or direct object reference with others uids
• Missing permission check on access control leads to IDOR
• HTTP Parameters in URLs,
• Consider a URL for deleting the profile pic of a certain user: https://samplesite.
com/deleteProfilePic?id=127

• If the application is vulnerable to IDOR:

• https://samplesite.com/deleteProfilePic?id=128 Will delete the Profile Pic of


Another User having the id of “128”
Impact
1. Access Invoices
2. Billing Data - Change or Manipulate without owners permission
3. Access Credit Card Data
4. Delete another Users Information
5. Claim gift cards of others
TALKS & CONFERENCES
• Jasson Haddix : https://www.youtube.com/watch?v=C4ZHAdI8o1w
https://www.youtube.com/watch?v=Qw1nNPiH_Go
• Frans Rosen : https://www.youtube.com/watch?v=KDo68Laayh8

• Bug Bounty Tips and Tricks :https://medium.com/bugbountywriteup/bug-


bounty-hunting-methodology-toolkit-tips-tricks-blogs-ef6542301c65

• Nullcon : https://nullcon.net/website/
MORE REFERENCE
• Web application hackers handbook → complete reference

• Hackerone Hacktivity page : https://hackerone.com/hacktivity

• Hacker101→ YouTube channel https://www.youtube.com/channel/


UCsgzmECky2Q9lQMWzDwMhYw

• Complete list of bug references : https://github.com/ngalongc/bug-bounty-


reference

• Bug Bounty Write-up’s : https://pentester.land/list-of-bug-bounty-writeups.html


ANY QUESTIONS…?
GET IN TOUCH
Jackson KV :
https://www.facebook.com/jackson.kv.5
https://www.linkedin.com/in/jackson-kv-953475129
jacksonkv67@gmail.com
THANK YOU

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy