Bug Bounty Poc Find Vulnerability & Exploit Bug Hunting Full Guide

January 11, 2024 By Dutchm@n , 0 comments

 


if you want to find a bug in a web application, you’ll get nowhere using a scanner, you need to understand how the website works, find endpoints, fuzz them, read and analyse requests the website is making. 

1 Gathering Knowledge From Internet 

2 Our Virtual Lab Setup

3 Website Enumeration & Information Gathering

4 Introduction To Burpsuite

5 HTML Injection

6 Command Injection_Execution

7 Broken Authentication

8 Bruteforce Attacks

9 Sensitive Data Exposure

10 Broken Access Control

11 Security Misconfiguration

12 Cross Site Scripting - XSS

13 SQL Injection

14 XML, XPath Injection, XXE

15 Components With Known Vulnerabilities

16 Insufficient Logging And Monitoring

17 Monetizing Bug Hunting 


📥Message me in telegram if you want to start your journey and learn all type of vulnerability, how to exploit them, how to scan website, using burpsuite how to find vulnerabilities, etc many.

https://t.me/DutchmanICH


1. What is bug bounty?


Identification and reporting of bugs and vulns in a responsible way.


2. All depends on  interest and hardwork, not on degree, age, branch, college, etc.


2. What to study?


1. Internet, HTTP, TCP/IP

2. Networking

3. Command line

4. Linux

5. Web technologies, javascript, php, java

6. Atleast 1 prog language (Python/C/JAVA/Ruby..)


3. Choose your path (imp)


1. Web pentesting

2. Mobile pentesting

3. Desktop application 


Practice (imp)


1. Tools

  1. Burpsuite

  2. nmap

  3. dirbuster

  4. sublist3r

  5. Netcat


6. Testing labs


  1. DVWA

  2. bWAPP

  3. Vulnhub

  4. Metasploitable

  5. CTF365

  6. Hack the box


1. Choose wisely (first not for bounty)

2. Select a bug for hunt

3. Exhaustive search

4. Not straightforward always


REPORT:


5. Create a descriptive report

6. Follow responsible disclosure

7. Create POC and steps to reproduce


Words of wisdom


1. PATIENCE IS THE KEY, takes years to master, don't fall for overnight success

2. Do not expect someone will spoon feed you everything.

3. Confidence

4. Not always for bounty

5. Learn a lot

6. Won't find at the beginning, don't lose hope

7. Stay focused

8. Depend on yourself


👉Channel link :

https://t.me/spammingvideotools


👉 Bug Hunting on nasa.gov site Proof Of Concept Video Tutorial


About the Author

Written by Admin

Thanks for reading. Join in Telegram.


0 comments:

Subscribe to: Post Comments (Atom)