.png)
3 months ago
61 BOOK THIS SPACE FOR AD
ARTICLE AD
This Third chapter will be focusing on Brute-forcing ( continued from Part (2): https://medium.com/@lukwagoasuman236/bug-bounty-for-beginners-2024-part-2-d29e3d26786a
And The different extensions that is provided from the market place.
These extensions will provide a more in-depth analysis with the vulnerabilities aspect and improve on our bug bounty beginner’s knowledge as we dive further into Bug bounty programs, platforms and the policies that govern these programs.
Cloud bug bounty programs are initiatives established by cloud service providers to encourage security researchers and ethical hackers to identify and report vulnerabilities in their cloud computing platforms. These programs aim to enhance the security of cloud services by leveraging the expertise of the global security community.
Bug bounty programs define the scope of testing, outlining which assets and services are eligible for testing. This ensures that researchers focus on areas of particular interest to the organization, preventing unintentional disruption of critical services.
Some examples of the many available Bug Bounty platforms you too can join…
fire up the Zap:
Add ZAP Extensions:
Go to: Manage Add-ons…
As you can see below, we can view both the market place and Installed Add-ons together with their respected descriptions…
Go to the Market Place to install more of your preferred Add-ons as you progress in vulnerability analysis…
another fancy way of saying it: Bug Bounty!!!
Now that’s done… phewwww let’s get started!!!
Open the browser you’ve chosen in the Quick Start tab pre-configured to proxy through ZAP on your upper right !
For authentication, we shall use the fasttrack as our wordlist for approaching our vulnerable application for bug hunting.
Click Ok and proceed.
Visit Our Selected application for Bug Bounty Or Bug Hunting then try to log in with a random password.
At this point, you get a login failed, Then On both of your left and right side panels, click on the Start Spider and Start Ajax Spider.
We are going to notice that a bunch of vulnerabilities show up.
call them Bugs as you like…. vulnerabilities, bugs, exploits which ever is your preference.
As seen above, we get a bunch of juicy bugs for our bug bounty exercise and more in-depth.
Let’s try to guess a password for our target!
Head over to zap and select The GET:/(Login,password,username):
Right Click and Select Attack, then FUZZ….
Select the password area where we previously used an incorrect password.
Click on the Add to specify the brute-force wordlist for our Password Fuzzing….
Select a wordlist for my case i selected “ fasttrack “…..
Hit “ Start FUZZ Attack “ and you will notice that zap has managed to fetch sensitive information due to our previous spider mapping and ajax
Note: ZAP is a buffet of all burp suite, go-buster, FFUF, Nikto and other vulnerability enumeration tools out there!
NOTE: You can also brute-force the discovered Fuzzed from the payload we used and also brute those vulnerabilities even further…
Here, we further attacked a fuzzed sql directory to try to discover more interesting files:
We, selected the left click on an entity we want then we selected Attack the param digger…
After this, set the param digger settings by providing a wordlist for fast brute-forcing….
Also you can add the URL Guess, Header Guess and Cookie Guess….
Also, put in contrast defining either to use the GET or POST request for the attack…
To use a custom wordlist, select custom wordlist and proceed…
With the extension Technology, you can see the different versions used and their current state…
And finally, let’s take a look at our alerts area so far…
On the bottom Right, you will notice at all the vulnerabilities you have encountered or even missed for that case. It is also more flexible if we use zap on the same site so that it can adapt to it’s environment so constant tweaking and twerking is advised as ZAP adapts every time it is working on a host….
He Adapts to every fight!!!!!
Bengali (Bangladesh) · 
English (United States) ·