STRLCPY/Cipherops

GITBOOK-14: change request with no subject merged in GitBook
Adwaith committed with gitbook-bot 1 year ago

1f392240

1 parent c3270a31

Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)

.gitbook/assets/image (1).png
.gitbook/assets/image (10).png
.gitbook/assets/image (2).png
.gitbook/assets/image (4).png
.gitbook/assets/image (5).png
.gitbook/assets/image (7).png
.gitbook/assets/image (9).png
.gitbook/assets/image.png

■ ■ ■ ■ ■ ■

README.md

		skipped 1 lines
2	2
3	3		<div align="left">
4	4
5		-	<figure><img src=".gitbook/assets/image (7).png" alt="Cipherops.tech" width="188"><figcaption></figcaption></figure>
	5	+	<figure><img src=".gitbook/assets/image (2).png" alt="Cipherops.tech" width="188"><figcaption></figcaption></figure>
6	6
7	7		</div>
8	8
		skipped 34 lines

■ ■ ■ ■ ■ ■

SUMMARY.md

		skipped 40 lines
41	41		* [GraphQL Injection,Insecure Deserialization,Header Injection](exploitation/graphql-injection-insecure-deserialization-header-injection.md)
42	42		* [Insecure Direct Object References, Open Redirect, Request Smuggling](exploitation/insecure-direct-object-references-open-redirect-request-smuggling.md)
43	43
	44	+	## 🐦 Twitter Threads
	45	+
	46	+	* [Thread by @ArchAngelDDay on Thread Reader App](twitter-threads/thread-by-archangeldday-on-thread-reader-app.md)
	47	+	* [Page 1](twitter-threads/page-1.md)
	48	+

■ ■ ■ ■ ■ ■

overview/recon-tips/README.md

		skipped 1 lines
2	2
3	3		<div data-full-width="false">
4	4
5		-	<figure><img src="../../.gitbook/assets/image (2).png" alt=""><figcaption><p>The Bug Hunter's Methodology v4.0 - Recon Edition Breakdown,thanks to<a href="https://t.me/jhaddix"> @jhaddix</a></p></figcaption></figure>
	5	+	<figure><img src="../../.gitbook/assets/image (4).png" alt=""><figcaption><p>The Bug Hunter's Methodology v4.0 - Recon Edition Breakdown,thanks to<a href="https://t.me/jhaddix"> @jhaddix</a></p></figcaption></figure>
6	6
7	7		</div>
8	8
		skipped 5 lines

■ ■ ■ ■ ■ ■

overview/recon-tips/resources/best-recon-technique-for-active-subdomain-enumeration.md

		skipped 18 lines
19	19		Command: altdns -i hackerone.txt -o data_output -r -s final.txt -w words.txt
20	20		```
21	21
22		-	<figure><img src="../../../.gitbook/assets/image (4).png" alt="Active Subdomain Enumeration Using FFUF"><figcaption><p>Active Subdomain Enumeration Using FFUF</p></figcaption></figure>
	22	+	<figure><img src="../../../.gitbook/assets/image (1).png" alt="Active Subdomain Enumeration Using FFUF"><figcaption><p>Active Subdomain Enumeration Using FFUF</p></figcaption></figure>
23	23
24	24		<mark style="color:green;">Technique 2:</mark> Favicon Hashes Favicons, the icons representing your website, possess unique hash values that can aid in discovering domains sharing the same hash function. Use the FavFreak tool to calculate favicon hashes. Execute the following command:
25	25
		skipped 1 lines
27	27		Command: cat urls.txt \| python3 favfreak.py
28	28		```
29	29
30		-	<figure><img src="../../../.gitbook/assets/image (1).png" alt="Favicon hash detecting using FavFreak"><figcaption><p>Favicon hash detecting using FavFreak</p></figcaption></figure>
	30	+	<figure><img src="../../../.gitbook/assets/image (5).png" alt="Favicon hash detecting using FavFreak"><figcaption><p>Favicon hash detecting using FavFreak</p></figcaption></figure>
31	31
32	32		Once the hash is calculated, you can use the same on internet search engines such as shodan to get the mass websites.
33	33
		skipped 7 lines
41	41		command: cat subdomains.txt \| dnsx -a -resp-only \| nrich -
42	42		```
43	43
44		-	<figure><img src="../../../.gitbook/assets/image (5).png" alt="Using shodan Search Engine to detect site that have same favicon hashed"><figcaption><p>use a nrich tool to check out the subdomains </p></figcaption></figure>
	44	+	<figure><img src="../../../.gitbook/assets/image.png" alt="Using shodan Search Engine to detect site that have same favicon hashed"><figcaption><p>use a nrich tool to check out the subdomains </p></figcaption></figure>
45	45
46	46		<mark style="color:green;">Technique 4:</mark> Choosing the Right Target When dealing with applications that have numerous subdomains, selecting the right subdomain to start hunting can be challenging. Utilize the interesting subs gf pattern list to identify interesting subdomains worth investigating. Execute the following command:
47	47
		skipped 19 lines
67	67		Command: cat dorks.txt \| uncover
68	68		```
69	69
70		-	<figure><img src="../../../.gitbook/assets/image (10).png" alt=""><figcaption><p>uncover tool link <a href="https://github.com/projectdiscovery/uncover">https://github.com/projectdiscovery/uncover</a></p></figcaption></figure>
	70	+	<figure><img src="../../../.gitbook/assets/image (9).png" alt=""><figcaption><p>uncover tool link <a href="https://github.com/projectdiscovery/uncover">https://github.com/projectdiscovery/uncover</a></p></figcaption></figure>
71	71
72	72
73	73
		skipped 11 lines
85	85		Command: naabu -host target.com
86	86		```
87	87
88		-	<figure><img src="../../../.gitbook/assets/image (9).png" alt=""><figcaption><p>Finding open ports and service running using naabu</p></figcaption></figure>
	88	+	<figure><img src="../../../.gitbook/assets/image (7).png" alt=""><figcaption><p>Finding open ports and service running using naabu</p></figcaption></figure>
89	89
90	90		:clap:Thank you for taking the time to explore these amazing reconnaissance techniques. :smile:We hope you found this blog informative and useful in your endeavors.
91	91

■ ■ ■ ■ ■ ■

twitter-threads/page-1.md

1 + # Page 1
2 +
3 +

All occurrences

■ ■ ■ ■ ■ ■

twitter-threads/thread-by-archangeldday-on-thread-reader-app.md

1	+	# Thread by @ArchAngelDDay on Thread Reader App
2	+
3	+	![douglasday.eth Profile picture](https://pbs.twimg.com/profile\_images/1578051823453495296/5br2cb\_v\_bigger.png)
4	+
5	+	100 (very) short bug bounty rules:
6	+
7	+	1/ Spend at least 30 minutes on a new target\
8	+	2/ Look for “No”s\
9	+	3/ Use Italics Tags in your inputs instead of XSS payloads\
10	+	4/ Focus on SaaS apps that are multi-tenant\
11	+	5/ Buy Burp Pro
12	+
13	+	6/ On a new target go straight to the User Management section\
14	+	7/ See if inviting an existing user to your org exposes their name\
15	+	8/ See if inviting an existing user removes them from their own org\
16	+	9/ If the scope has a wildcard, use sub finder to find subdomains
17	+
18	+	10/ Run HTTPX on the list of subdomains to narrow down alive targets\
19	+	11/ On an app you’re not familiar with, use it like a normal user first\
20	+	12/ If the docs say you can’t do X, but you can do X then you have a bug\
21	+	13/ Use match & replace rules to find new endpoints
22	+
23	+	14/ Budget time into your week specifically for hacking\
24	+	15/ Give yourself a no-bug time limit. I do 3 hours.\
25	+	16/ Go back to old dupes and see if you can still reproduce.\
26	+	17/ Look for “+2” in your reputation log to find dupes that should be now.\
27	+	18/Ask for help from other hackers
28	+
29	+	19/ Make your report a conversation, not a sales pitch\
30	+	20/ Accept & expect that dupes will happen\
31	+	21/ File & Forget\
32	+	22/ If an endpoint has “api/v2/“, try “api/v1/”\
33	+	23/ If an endpoint has “api/v2”, try removing the “v2” altogether
34	+
35	+	24/ 6 $1000 Mediums pay more than 1 $5,000 crit. Don’t ignore any bugs\
36	+	25/ Lows are still bugs that should be filed\
37	+	26/ Be kind to your triager\
38	+	27/ Say “thank you” when you get a bounty
39	+
40	+	28/ If an app uses UUIDs, you can still look for IDORs. Just set “AC:H”.\
41	+	29/ If UUID IDORs exist, then look for an endpoint that exposes UUIDs\
42	+	30/ Pin your success on whether your followed your plan, not if you found bugs
43	+
44	+	31/ A program that has a lot of hackers doesn’t mean there isn’t low-hanging fruit\
45	+	32/ Going deep \_will\_ payoff\
46	+	33/ Working with new hackers will payoff in dividends\
47	+	34/ Don’t be jealous
48	+
49	+	35/ Bug Bounty income isn’t consistent. Be okay with peaks & valleys for your own sanity\
50	+	36/ If you find a bug that’s OOS, still ask the customer if they care\
51	+	37/ There’s no end. Enjoy the journey\
52	+	38/ Have a hobby that’s not related to hacking
53	+
54	+	39/ Have friends that don’t hack\
55	+	40/ Figure out what time of day you hack the best. Late nights aren’t for me.\
56	+	41/ Spend that extra 2 minutes to make your report look/read nice\
57	+	42/ “Subscribe” to programs that pay well and have good scope
58	+
59	+	43/ Don’t whine on Twitter about a single report. Or at all for that matter.\
60	+	44/ IDORs and Privilege Escalations are a great place to start\
61	+	45/ Unmet expectations lead to disappointment\
62	+	46/ Teach someone else how to hack\
63	+	47/ Time spent reading/learning is time-well spent
64	+
65	+	48/ Focus on programs that you actually use in your day-to-day\
66	+	49/ Establish a relationship with the program\
67	+	50/ Try asking the program what types of bugs they want to see\
68	+	51/ Look at a programs leaderboard to see who you should collar with
69	+
70	+	52/ When collaborating, an even bounty split eliminates hassle\
71	+	53/ Take a break when you stop having fun\
72	+	54/ At an LHE, start hacking ahead of time\
73	+	55/ Look for programs that are active in resolving reports
74	+
75	+	56/ Look for programs that haven’t awarded a lot recently\
76	+	57/ Look for programs that have collaboration enabled\
77	+	58/ Look for programs that don’t list out a bunch of known issues\
78	+	59/ Look for programs that have a history of adding new scope
79	+
80	+	60/ Change your strategy if you’ve gone a while without a finding\
81	+	61/ If you’re on a roll, keep doing what you’re doing\
82	+	62/ But don’t let success keep you from evolving/growing\
83	+	63/ Compare yourself against yourself from last year\
84	+	64/ Maintain online presence for new opportunities
85	+
86	+	65/ Be thankful for failure\
87	+	66/ Read disclosed reports\
88	+	67/ Focus on one program at a time. Cycle if you get bored.\
89	+	68/ Don’t spray XSS payloads everywhere\
90	+	69/ If possible, work at a company that has a BBP
91	+
92	+	70/ Spend bounty money on tools that will generate more bounties\
93	+	71/ Budget a specific amount of your bounties for fun. And stick to it.\
94	+	72/ When hacking a store, don’t be afraid to make small purchases\
95	+	73/ Look for changes in JS files to know when there may be new functionality
96	+
97	+	74/ Look for references to subdomains in a company’s GH repos\
98	+	75/ Look for references to subdomains in employee’s GH repos\
99	+	76/ If the app uses Intercom, try booting it with another email\
100	+	77/ Look for second-degree IDORs
101	+
102	+	78/ SSRFs exist when the app makes any external request. Look for these requests.\
103	+	79/ Look for actuator endpoints\
104	+	80/ Find hackers that hack differently than you.\
105	+	81/ Try hacking in a different room of the house\
106	+	82/ Try hacking at a different location altogether
107	+
108	+	83/ If you find the same bug on different endpoints, file as different bugs\
109	+	84/ Try always having some pending bugs in your pipeline\
110	+	85/ Break your yearly bounty goal into monthly goals\
111	+	86/ Know when a bounty isn’t worth fighting over
112	+
113	+	87/ Push back gently when a report gets downgraded\
114	+	88/ Use the leaderboard as motivation, not as comparison\
115	+	89/ Don’t re-invent the wheel when a tool exists\
116	+	90/ Don’t be afraid to build the wheel if the tool doesn’t\
117	+	91/ Try collabing in real time over video chat
118	+
119	+	92/ Always ask why something works the way it does\
120	+	93/ When collabing, don’t be afraid to be the underperformer\
121	+	94/ When collabing, don’t get salty about being the oqerperformer\
122	+	95/ Use mediation, but use it sparingly\
123	+	96/ Be generous with your earnings
124	+
125	+	97/ Hack for fun, not for a paycheck\
126	+	98/ LHEs are a privilege, not an expectation\
127	+	99/ Programs are your friend, not your adversary. Work with them\
128	+	100/ The platform is your friend, not your adversary. Work with them
129	+
130	+	• • •
131	+
132	+	Missing some Tweet in this thread? You can try to [force a refresh](broken-reference)
133	+
134	+
135	+

1	+	# Page 1
2	+
3	+

GITBOOK-14: change request with no subject merged in GitBook