.png)
3 years ago
234 BOOK THIS SPACE FOR AD
ARTICLE AD
بسم الله الرحمن الرحيم
Assalamu Alaikum
(Peace Be Upon You)
My Name Irsyad people call me macha since high school..
Firstly i open my virtual private server (vps) run passive subdomain enumeration on “achmea.nl”
So here i done doing passive subdomain enumeration that time i don’t know how to perform subdomain enumeration in other way just know sublit3er and i think i am powerful hacker to enumerate subdomain.
Here i explain little bit about subdomain enumeration divide by three section
Passive subdomain enumeration (I will release my recon method in future)Active subdomain enumeration (I will release my recon method in future)Permuted/alteration enumeration (I will release my recon method in future)More will come soon based on my google researchAnd that time i don’t know how to resolve all the subdomain and i only hope sublist3r help me 😊…
I found 1 domain lead to upload malicious file example we can upload any file extension .php, .html
Hehe.. so in my mind just check the application running on what programming language. And time to upload our .hmtl file
so here my tips for reader if you see any application can upload any file
Test for SSRF attackTest for xss storedmaybe if you luck can test for local file inclusion
Finally i reported this vulnerability to achmea and i got my first swag
Forget to tell my first report i found also duplicate already another researcher found it.
The motivation it’s simple in bug hunting if you hitting duplicated all time get back a step and learn what you mistake and be ready to get your hall of fame and swag.
Stay tune i will update more about my journey…
Bengali (Bangladesh) · 
English (United States) ·