Hi fellow hackers, I hope you all are hunting on your favorite targets and finding bugs. Even if you are not finding them, make sure you keep your back up and continue hunting:)
So why I am writing this blog? The reason is, a lot of people start their hacking journey but they don’t understand what leads to a successful bug bounty chase. A lot of people have asked me the same question and it is either “how to start bug bounties” or “I have started bug bounties but not finding bugs. How to find them”. So I guess this is the time to clear the doubts and talk with them through this article:)
Basically there are two types of bug hunters out there, The ONES who love hacking like me and others who have forced themselves to get into
this just for money. I would suggest you all to check in your self and find which category you fall in. If it is the 2nd one I am afraid you need to re-think. You can leave this article as this won’t cover much of how to earn money from bounties:) If you fall into the 1st category and you are really curious, cheers! We will walk this road together.
We will talk about two general scenarios here. First would be let’s assume you have been really working hard on targets and not finding good bugs.
Second is you are already finding low level bugs but not satisfied and want to go further. Starting with the first one first, you will need to change your methodology. I am not using “might”, I know you will need to. Remember this line:- Practice doesn’t make anyone perfect. It’s perfect practice who does it. So make sure you are doing the things in a right way. I won’t go deeper how to get started. Here is a very good blog by Udit Bhadauria which will surely help you a lot. you need to check where are you doing mistakes. You might have seen people who are quite new but their findings are awesome. So just in case you don’t have an idea, start to spend time on burp, a lot. You need to understand this ASAP, automation works only as a reference and you won’t be able to find good bugs with it unless you are luckiest at that day. So, start using burp a lot and understand how a site works. That will really help. I use to spend like ONE WHOLE DAY only in understanding how a site works and what it is used for. Also, choose your targets wisely. Choose a program with maximum functionality like input fields, file uploads, external link interaction etc.
Starting with bugs, you won’t always find a userID in burp where you can change it and get good bucks. You will need to learn some bypassing as well,
it will come with experience. If you’re really struggling for bugs, start with business logics. Think what are the things which could affect an organization.
If you can create two users, play with them, play a lot. Try to do different things like can you access someone else’s data without their interaction?
It contains a lot of vulns, you will need to have a checklist which you can use in the app. You must create your own checklist of vulns which you know to exploit. Once you have your own checklist, check every bug which you have mentioned there.
The other type of bug type you should check is, access controls and authentication errors. You might find good things once you check them
in a good way. Pentesterlab has some awesome labs on it, do check them. Also, authorizations are good to check. As we all know, we all can’t be equally good in coding, you will need to focus on logical bugs, but make sure you become the best version of yourself in finding them:) Also, make sure you try the android app of your favorite target. If you have not started android hacking yet, I would highly suggest you to learn it. Not a lot of people are doing android pentesting and chances are you might find the bugs people have not explored yet. Sometimes you will find the same bugs for eg. if you found an IDOR in web app, make sure to check the same thing in their android app as well. I found 2 IDORS like this.
Moving on the second type:) Lets assume you want to find P1s and P2s but not getting them, try to explore your target as much as you can.
Subdomains are likely to be more insecure. If you get a subdomain with some good functionalities for eg. file uploads and external URLs upload, there are more chances you will find a good bug out there. Also, chaining is really important. Suppose you found a reflected XSS, try to craft a payload which contains some SQLi or SSRF paylaods. I have seen it working many times. Also, if you get a bug like XSS, try to find it in every subdomain where you get almost same funtionalities.
In recent days, I have worked on two type of vulns a lot. Those are SQLi and SSRF. One more tip for you, once you have some experience in
hunting, pick a vulnerability and start finding it everywhere(However, do what works for you:). Once you find some, escalate it to something, bigger. Always try to expand the impact of a bug, but make sure you submit your previous one otherwise you will be late and someone else will snitch what you have as well. Once you have a good idea about the low level bugs, get into some critical ones. Even if you don’t find them anywhere, you need to have the knowledge. SSRFs and SQLis are good to start with. Check every default parameters which the URL is using. Burp search will help you a lot in this. Once you get a URL redirection, escalate it to SSRF. Yeah you will need to bypass filters ofcourse:)
I would like to add some more things. The ones who are having difficulties in finding bugs even it’s been some months, you should focus on
one platform. Also, never jump on one target to another. You will get exhausted and feel demotivated. Better to stick with a program and I am sure
you will be telling me about your findings. Also, make sure you give priority to what you love and this should work for you. I mean you need to
leave all the meaningless things over hacking.
In the end, it is all about how differently you can think. See web apps are built to hack. Not a single application is 100% safe. If we can hack Apple, we can hack anything. So never feel disappointed and never underestimate yourself. If you don’t have much skillset than others, build it. Learning is a process which never ends. Remember, hacking is not a destination, it’s a journey. Once you are in, there is no way out if you love hacking. We might have different brains but we all have same opportunities. Utilize your time in good things, rest all are temporary, hacking is forever:)
I believe you get something from it, since a lot of people were asking for the same. If you liked it, give me a clap. Also, you can follow me on twitter. I usually stay active there and if you have any doubts, just ping me.
So this will be it till next time. I’m going to put some write-ups on my recent findings as well. See you soon:)
Take care, happy hacking!
Adios ❤
LinkedIn:- https://www.linkedin.com/in/manas-harsh-05636a154/