Bug Bounty Challenge (final): Day 1–21/04/2024

The first thing I did was check the “F5 BIG-IP” RCE vulnerability scanner that’s been running since yesterday. It went through over 5000+ endpoints, I provided, filtering through every result would be a headache, so I told my script to save every vulnerable endpoint into a text file, should the script run and not find a single endpoint, the file would be empty, but should there be a vulnerable endpoint, its name will be in there. My results? The file was empty, which means, yep you guessed it — no vulnerable endpoint.

I then continued my “Dorking” research, I had a lot of fun yesterday, It was exciting, and I just want to dig deeper and learn about even more “Dorks”.

If you’re looking for a gold mine full of “Google Dorks” then exploitDB(https://www.exploit-db.com/google-hacking-database) is your best friend. Deep into this rabbit hole I came across “Jenkins” and how it can lead to an RCE (critical vulnerability).

I even found a dork that allows you to see every internet-connected device in North Korea (I found this very funny) -net:175.45.176.0/22,210.52.109.0/24,77.94.35.0/24

I kept learning more and more, testing more and more, I ended up finding a domain that looked interesting to me, so I did a Google search for their bug bounty and I found one — self-hosted program and I decided to test what I’ve been learning onto this target.

I found an RCE on the target server, it is indicating all the “signs” of a vulnerable endpoint due to an outdated service being used, the only problem is that exploitation is not a straightforward process like detection, I have to do a lot of research into exploiting this, but the endpoint is vulnerable (according to the signs), I’ll keep you updated on this adventure I’ve found myself in. Happy hacking. See you tomorrow❤