How I got my first Appreciation ?!

3 years ago 173
BOOK THIS SPACE FOR AD
ARTICLE AD

5h1b1L

In a Responsible Disclosure Program.

Like every noob , I am also stuck in between where to start in bug bounty and how to select a target ? , even though I am doing pen testing for months !

Finally, after roaming weeks by weeks I catch up something and started to hunt . Then I realized that I am wasting time , because I opted the bad approach . Every-time when someone posts their bug bounties $$ my inner-self was hurting . But I didn’t give up , I started learning again by reading blogs , write-ups , watching POC and all .

This time I choose less traveled road ! Nothing but the google dorks .

One after one I checked the sites and their In-scope and Out of scope stuffs. Later ,I choose one target called redact.com and stick to it . Yaaaaeeeaay !!

Focus on the journey, not the destination. Joy is found not in finishing an activity but in doing it.-Greg Anderson

Started to Recon and enumerated subdomains . Then got an interesting subdomain called dashboard.redact.com . Opened the subdomain in browser and checked its content . Its redirected to a login page !

I tried to login with default credentials , but F.A.I.L.E.D miserably. Then did the brute-forcing , nothing happened . Now I change my mind and go for the directory brute-forcing . . . . . . . . . . T A — D A ! got something . . . . . . . . . . . .

I got an interesting endpoint called /metrices . Once hit the enter , it exposes the dashboard metrices to the instance. I got some information exposed including OS Information , Response time , Admin and Users counts etc . . .

Feeling Happy finally , didn’t waste a time and started to make the report and send send them on the same day . After couple of weeks, got a response from the security team stating that they acknowledged the issue and it is valid .

This is the exact feeling once I got the response from the asset owner

Thank you for Passing by 🙏

NB : This is my very first write-up in this platform . Kindly pardon me for the typos,grammar and made u sleep for reading this ! .

Read Entire Article