As a user I would say that I don’t care about all these Flash stuff that try to catch my eyes, most of the time I have a plugin to disable them. As a developper, it reminds me the (not so good) old time when the marketing peoples always wanted to add “movement” in the website, yeah it looks so kool! As a hacker, well… I didn’t know how nice it could be, but I recently learned how to find issue in there and it’s funny as hell. I was close to the succes as I quickly found 3 XSS, but unfortunately all my reports were marked as duplicate :/
A friend recently asked me what methods I use to find subdomains. To be honest I was confused, like “oooohhh so much, brute force mmm… zone transfer and… brute for… wait Google and mmm… many other tools!” What a shame that I was so inaccurate after so much time spent to look for subdomains. Time to dig a little bit! After I wrote a list of the most popular methods, I tried to make a list of some tools and online resources to exploit them. Of course this list is far from exhaustive, there are many new stuff every day, but it’s still a good start :)
People are usually surprised by the answer when they ask me what I do for living, questions rain, here are some answers. My first report was a XSS on a Yahoo acquisition, it happened the 26th January 2016. Since this date, I (try to) perform Bug Bounty as a full time job on Hackerone. Did I say “job”? I don’t really consider bug bounty/hacking as a “job”, it’s more a hobby or a passion, because you have to be passionnate to perform in this domain. So let’s say that bug bounty is my main source of income. Below why I do this “job”, why it fits perfectly to me and why I love it.
This is a real story or not, that occured in mid 2017 or not, about a private program or not, on Hackerone or not, believe me or not, but it changed my life. I would like to thanks all the people from this company I talked with. They were very nice with me, very fast to fix the bugs and I always got the rewards in less than 7 days, frequently the day of the report, even for the smallest bugs. Thanks to them, I wish we could find more program like this one.
There is different ways to hunt for vulnerabilities, depending of your knowledge, your skills, your expectation and how you like to chase. I personally love programming and, as a true developper, I’m lazy, so I love to automate things. By writing some piece of code or by combining multiple tools, you can find a lot of interesting stuff. This article is about some scripts/tricks I wrote/use to perform massive tests:
- XSS with PhantomJS
- Heroku subdomain takeover
- Amazon S3 buckets theft