.png)
1 week ago
17 BOOK THIS SPACE FOR AD
ARTICLE ADHow I found Administrator Credentials?
In my very recent testing of a webapp, I was able to find out administrator credentials during my recon process.
Following is the way which I used to find them,
1. First find out all subdomains for target using your faviourite tool. I prefer using this site; https://subdomainfinder.c99.nl
After finding subdomains save them in a txt file, let say target.txt
2. Install tool Katana from https://github.com/projectdiscovery/katana will be used for web crawling.
After installation now run this command,
katana -u target.txt -o target1.txt
This will crawl all subdomains and save all findings to target1.txt.
3. Now for only JavaScript files,
cat target1.txt | grep js | tee target2.txt
This will grep all .js files and save them in target2.txt
4. Now Install SecretFinder tool from https://github.com/m4ll0k/SecretFinder and run this command,
cat target2.txt | while read url; do python3 SecretFinder.py -i $url -o cli; done
Here, SecretFinder tool will look in all js files and find out sensitive content and print result on terminal.
Through this, I was able to get administrator credentials, which were in one of the JavaScript files of target.
Lets connect on Linkedin: https://www.linkedin.com/in/muhammad-abdullah-32a753208/
![Finding and Exploiting open SMB service [bug bounty write-up].](https://miro.medium.com/v2/resize:fit:1200/1*oSMn0TAdbmaJ8_vcuTI9Iw.png)
Bengali (Bangladesh) · 
English (United States) ·