How I found a bug in Microsoft

1 week ago 14
BOOK THIS SPACE FOR AD
ARTICLE AD

NITYA NAND JHA

Just after placement, I started applying my hands in bug hunting. First, I hunted bugs in smaller programs and government websites, but later, I was motivated by my friend Sumon(bugxploit).

I used several subdomain enumeration tools( subfinder, amass, crtfinder, and sublist3r) and collected their results in a single file, and deleted the duplicate ones using Pluma text editor. Next I used HTTPX to seperate live domains from the dormant ones(cat sub.txt | httpx -o live.txt).

I ran “nuclei” with its default takeover template(/root/nuclei-templates/takeovers/) to see if I could have low hanging fruits. There were many false positives, but then…BOOM!

I found a domain pointing to an unclaimed azurewebsite which could be registered. With a quick move, I claimed it and reported it.

This is my first ever bug hunting writeup. Hope you find it insightful!

Read Entire Article