f46b5405
20220824 - From Recon to Getting P1 on TESLA.md
From Recon to Getting P1 on TESLA 👻
1. Find out target servers IP
- Tools: Censys and dnsdumpster
2.Finding GetLab on One of the IPs
3. Misconfiguration on GitLab Target
- Any one had Access to explore in groups
4. Test Default Passwords on Found Username
- I found user allowed me to login with password: "password"
- I could manage so many projects in it.
- Program owner awarded a bounty worth P1 for this find.
Credit
Based on YoKo Kho's write-up.