.png)
8 months ago
42 BOOK THIS SPACE FOR AD
ARTICLE ADHello Heckers,
I’m Jai Kumar, also known as Hacdoc. I’m a Cybersecurity Professional and Bug bounty hunter.
This Is my First blog,
‘The journey of a thousands miles begins with one step.’ — Lao Tzu
In this blog, I’ll be sharing the story of my first bounty on [Redacted.com] using GitHub dorks.
Introduction:
GitHub dorks, often referred to as “dorking” or “Google dorking,” involve using specific search parameters on GitHub to discover sensitive information or security vulnerabilities within code repositories. By leveraging advanced search operators, users can pinpoint exposed credentials, API keys, or other confidential data unintentionally shared in code.
For example, a GitHub dork might look like:
‘site.com’ db_Passwd
This search targets files named “db_passwd” containing the keyword “db_password.” It helps identify potential instances where sensitive information, such as passwords, may be stored inappropriately.
How I found?
I chose redacted.com as my target for hacking under their responsible disclosure program. Although they didn’t specify any information about bounty, I initiated my reconnaissance process.
I started My Passive recon on github and I always enjoy using GitHub dorks it’s my favorite technique.
I explored the GitHub repository of redacted.com, spending time trying various dorks to find interesting information. Unfortunately, my searches didn’t reveal anything noteworthy. Nevertheless, I didn’t give up, and I started global dorking again on GitHub. I used a dork called ‘redacted.com’ credentials, but found nothing. Then, I tried another dork, ‘redacted.com’ password, and got more search results. As I went through them one by one, suddenly, I stumbled upon juicy information that made my jaw drop. The details included the target having a web application with sandbox credentials, organization VPN details, and much more. I was thrilled and happy with my discovery.
These are my favorite keywords
user
login-singin
passkey-passkeys
pass
secret
SecretAccessKey
app_AWS_SECRET_ACCESS_KEY AWS_SECRET_ACCESS_KEY
credentials
config
security_credentials
All time My favorite dork
‘site.com’ Password — Secret — Credentials
I used the sandbox credentials to log in and, surprise, got full admin access. This led me to tons of customer PII (Personally Identifiable Information).
Then , I start writing the report to their security team.
Timeline
22 Dec, 2020: Report Sent to Redacted.com22 Dec, 2020: Triaged.22 Dec, 2020: Accepted and Acknowledged22 Dec, 2020: Asked to sign NDA for Reward22 Dec, 2020: Signed NDA22 Dec, 2020: Bounty assigned with $$$$26 Dec, 2020: Bounty receivedThis is how I got my first bounty which made me to take this profession as my career. And I never regret it. Fuel your passion with knowledge and hardworking.
Stay tuned for Next blog…
Bengali (Bangladesh) · 
English (United States) ·