Bug Bounty Poc Find Vulnerability & Exploit Bug Hunting Full Guide

 

if you want to find a bug in a web application, you’ll get nowhere using a scanner, you need to understand how the website works, find endpoints, fuzz them, read and analyse requests the website is making. 

1 Gathering Knowledge From Internet 

2 Our Virtual Lab Setup

3 Website Enumeration & Information Gathering

4 Introduction To Burpsuite

5 HTML Injection

6 Command Injection_Execution

7 Broken Authentication

8 Bruteforce Attacks

9 Sensitive Data Exposure

10 Broken Access Control

11 Security Misconfiguration

12 Cross Site Scripting - XSS

13 SQL Injection

14 XML, XPath Injection, XXE

15 Components With Known Vulnerabilities

16 Insufficient Logging And Monitoring

17 Monetizing Bug Hunting 

📥Message me in telegram if you want to start your journey and learn all type of vulnerability, how to exploit them, how to scan website, using burpsuite how to find vulnerabilities, etc many.

https://t.me/DutchmanICH

1. What is bug bounty?

Identification and reporting of bugs and vulns in a responsible way.

2. All depends on  interest and hardwork, not on degree, age, branch, college, etc.

2. What to study?

1. Internet, HTTP, TCP/IP

2. Networking

3. Command line

4. Linux

5. Web technologies, javascript, php, java

6. Atleast 1 prog language (Python/C/JAVA/Ruby..)

3. Choose your path (imp)

1. Web pentesting

2. Mobile pentesting

3. Desktop application 

Practice (imp)

1. Tools

  1. Burpsuite

  2. nmap

  3. dirbuster

  4. sublist3r

  5. Netcat

6. Testing labs

  1. DVWA

  2. bWAPP

  3. Vulnhub

  4. Metasploitable

  5. CTF365

  6. Hack the box

1. Choose wisely (first not for bounty)

2. Select a bug for hunt

3. Exhaustive search

4. Not straightforward always

REPORT:

5. Create a descriptive report

6. Follow responsible disclosure

7. Create POC and steps to reproduce

Words of wisdom

1. PATIENCE IS THE KEY, takes years to master, don't fall for overnight success

2. Do not expect someone will spoon feed you everything.

3. Confidence

4. Not always for bounty

5. Learn a lot

6. Won't find at the beginning, don't lose hope

7. Stay focused

8. Depend on yourself

👉Channel link :

https://t.me/spammingvideotools

👉 Bug Hunting on nasa.gov site Proof Of Concept Video Tutorial

Read more

How to make your own DarkWeb Links | Make Your Own Deepweb Links

In this way you can Host your own Onion Website or Darkweb.

This is a great way for hackers to share any file anonymously over the Tor Network. This will generate a private key along with the onion link and only the one who has this key can access that file.

If you are using Ubuntu/another ubuntu derivative give below Command:

sudo add-apt-repository ppa:micahflee/ppa

First install tor browser (watch video) then give below commands (Kali Linux/Nethunter):

sudo apt-get update

sudo apt-get install onionshare

Tor Browser:

https://www.torproject.org/download/download-easy.html

Video Tutorial:-

Read more

HOW TO USE SILVERBULLET/OPENBULLET FOR CRACKING

 

HOW TO USE SILVERBULLET/OPENBULLET FOR CRACKING 

Get a combolist Private Tutorial 
Get free proxy from my telegram channel
Get config from below link

How to make config of Openbullet & SilverBullet?

How to make any checker in python & exe?

Many more priv8 tools with tutorials.

Go This Link Below

https://dutchman1337.mysellix.io/product/658c470c9e243

Step 1
Launch OpenBullet.exe ~> Move to the Config Tab ~> Click on Open Folder~> Open the Configs rar file select the Configs that you are going to use and move them to the folder that poped up ~> Click on Rescan

Step 2:

In this step, we are going to add our ComboList ~> Select WordLists Tab ~> Click on ADD ~> Select your ComboList location ~> Select the type of your Combo. (MAIL:PASS or USER:PASS) ~> Accept


Step 3:

In this step, we are going to add the Proxies ~> Select the Proxies Tab ~> Click "Import" ~> Select your Proxies Location ~> Select your Proxies Type (We used HTTP in this tutorial).Wait a few seconds for the proxy list to load.

Step 4:

Select Runner Tab ~> Click on New ~> Then Double Click on the Tab that pops up ~> Click on Select cfg (Config) ~> Select the desired Config of the accounts you are willing to crack (Used HULU in this example). ~> Select List ComboList) ~> Add your ComboListSelect Bots (Threads)number How fast do you want it to check accounts.) Based on the Config, you are using your Internet / CPU I wouldn't recommend going above a 100. If you have a bad CPU, unless you are using a good RDP.)Since the Config we are using require proxies, select : Prox : ONThen hit "Start" and watch it RAIN! If you didn't get any hits within the first 10k lines it means the quality of the combolist you are using is terrible. Just try a different one then.Note: You can stop / close at any moment that you want. The results will be saved.

Step 5:

Checking Hits. Select "Hits DB" Tab ~> Tada! Your Hits will pop up If your config has a capture click on "Captured Data" to make it look more organizedTo save Hits in a text document, right click > Select All > Saved Selected > Combos With Data

Read more

Open Onion Links On Any Browser | Access Darkweb Without Tor Browser

 

Today I will teach you how to access Darkweb Without Tor Browser.

Link:-

https://www.4everproxy.com/tor-proxy

Go to this link

In search bar put  onion link.

Set Web Server.

Then set Ip Location.

Then Click on Go Button.

Now you can use any browser to open that site, put Onion link, then you can access Darkweb without Tor Browser.

Video Tutorial

https://youtu.be/8HogDdbffB8

For More Join Telegram.

https://t.me/spammingvideotools

Read more

Bulk SMTP Checker | How To Get SMTP For Free | SMTP Cracked Tutorial 2024

 

MEDUSA SMTP CHECKER 2024 

SMTP checker to check Mail Access via SMTP with easy usage ! Medusa has been written and tested with Python 3.8. It should run on any OS as long as Python and all dependencies are installed.

🔗 Link : https://github.com/h3x0crypt/Medusa

⚙️ Short Setup (Win and Linux)

curl -LO https://raw.githubusercontent.com/h3x0crypt/Medusa/main/Medusa.py

💠 Windows :

py medusa.py

🐧 Linux :

python3 medusa.py

Download Python from https://python.org 

pip install requirements.txt

Download File:-  https://t.me/spammingvideotools/576

How to download?

Download telegram then click on the link you will get my channel.

Read more

How To Use OSINT For Bug Hunting

 

30 Tips how to use OSINT for bug hunting:

1. Use Google Dorks to find vulnerabilities in web applications.

https://pastebin.com/6REssLb8

2. Use Shodan to find vulnerable IoT devices. 

https://www.shodan.io/ 

3. Use Whois to find information about domain names. 

https://www.whois.com/whois/ 

4. Use Maltego to visualize relationships between entities. 

https://www.maltego.com/ 

5. Use the Wayback Machine to find old versions of websites. 

https://web.archive.org/ 

6. Use social media to gather information about targets.

7. Use LinkedIn to gather information about employees.

8. Use GitHub to find sensitive information in code repositories.

https://github.com 

9. Use Google Alerts to monitor for mentions of your target.

10. Use DNSDumpster to map out a target's infrastructure.

https://dnsdumpster.com/

11. Use Recon-ng to automate OSINT tasks.

https://github.com/lanmaster53/recon-ng 

12. Use theHarvester to gather email addresses and other information.

https://github.com/laramies/theHarvester 

13. Use SpiderFoot to automate OSINT tasks and gather intelligence.

https://github.com/smicallef/spiderfoot

14. Use FOCA (Fingerprinting Organizations with Collected Archives) to gather metadata from documents.

https://github.com/ElevenPaths/FOCA

15. Use VirusTotal to scan files for malware.

https://virustotal.com

16. Use Censys to find vulnerable systems on the internet.

https://search.censys.io/

17. Use Foca Pro to extract metadata from documents and analyze it.

18. Use FOCA Online to extract metadata from documents and analyze it in the cloud.

19. Use FOCA Free Edition for basic metadata extraction from documents.

20. Use Metagoofil to extract metadata from documents and analyze it.

https://github.com/opsdisk/metagoofil

21. Use Datasploit for automated OSINT tasks and data mining.

https://datasploit.readthedocs.io/en/latest/setupGuide/

22. Use Google Hacking Database (GHDB) for advanced Google searches.

23. Use Google Custom Search Engine (CSE) for targeted searches on specific websites or domains.

24. Use Google Advanced Search for advanced searches on Google.

25. Use Google Trends to monitor trends related to your target or industry.

26. Use Google Analytics to gather information about website traffic and user behavior.

27. Use Google AdWords Keyword Planner for keyword research related to your target or industry.

28. Use Google PageSpeed Insights to analyze website performance and identify vulnerabilities.

29. Use Google Search Console (formerly Webmaster Tools) for website analytics and vulnerability identification.

30. Use Google My Business for local SEO optimization.

Channel link : https://t.me/spammingvideotools

Read more

How to Improve Carding Skills 2024 New Update

 Checklist to improve your carding success rate 2024

We will be discussing a few things in this tutorial that will help you improve your chance of success in carding, so without further ado, let’s get down to business

1️⃣ COMPUTER ENVIRONMENT

Before you are ready to card make sure your browser language, time, IP, hardware information, and other information needs to be modified according to the region of the purchased CC, this is 2021 therefore we highly recommend that you use the Sphere browser (all useful links are at the bottom of this tutorials)

2️⃣ IP

Your IP must be corresponding within the vicinity of your CC address, what we meat is for you to select an IP with a similar address within the same area and after you select the IP you must check whether the IP is blacklisted on whoer.net. Another point is that as a bonus you check if you are already recognized as a proxy. (Link down below)

3️⃣ CVV

There are many BINs, but you must choose the right BIN for the right job depending on what you want it for because it’s imperative that you must know if the BIN is on the blacklist of the store, we don’t think there is much to say in this regard here, as this is purely down to a carders instinct and experience. Nowadays, you will come across a ton of people selling CC’s that are dead. Therefore we’d recommend that you buy a quality CC from our shop so you know that it’s NOT dead and in a rare case where the card is dead you are covered by our replacement guarantee. Stay away from prepaid cards, because people use prepaid cards for a reason to do specific tasks and after those tasks are achieved most prepaid CC don’t have any money remained in them.

CC check is not very important however those who feel the need to do it must do it according to our post (link at the bottom of this article) do NOT use CC Checkers as they will most definitely kill your card.

4️⃣ WEBSITE RISK FACTORS

Every website has its own risk factors that control its transactions, so many beginners ask me. The first thing I tell is not to go to Amazon.
Since novices cannot find Amazon’s mechanism, this will waste a lot of their time and money, therefore, you must try using other stores instead.
The mechanism of each website is different. In short, some websites simulate real browsing, some require manual input of card information, some websites have a limit on the quantity, some websites have limits on how much you can spend, etc.

So when you are carding, you must find the mechanism of the website, and then this will increase your success rate dramatically.

5️⃣ REPETITION

Ever heard of this quote "practice makes perfect"? Well, guess what? It’s absolutely spot on when it comes to carding, as long as you manage to adapt good habits while carding you will get those habits etched in your brain while you constantly card and learn.

LINKS 🔗

▪️Sphere Browser ( https://sphere.tenebris.cc/ )
▪️IP Check Whoer.net ( https://whoer.net/ )
▪️IP Proxycheck ( https://proxycheck.io/ )
▪️Browser & IP Check ( http://f.vision/ )


🦸🏻‍♂️ SHARE AND SUPPORT US 🦸🏻‍♂️
https://t.me/spammingvideotools Read more