Friday, June 2, 2023

How Do I Get Started With Bug Bounty ?

How do I get started with bug bounty hunting? How do I improve my skills?



These are some simple steps that every bug bounty hunter can use to get started and improve their skills:

Learn to make it; then break it!
A major chunk of the hacker's mindset consists of wanting to learn more. In order to really exploit issues and discover further potential vulnerabilities, hackers are encouraged to learn to build what they are targeting. By doing this, there is a greater likelihood that hacker will understand the component being targeted and where most issues appear. For example, when people ask me how to take over a sub-domain, I make sure they understand the Domain Name System (DNS) first and let them set up their own website to play around attempting to "claim" that domain.

Read books. Lots of books.
One way to get better is by reading fellow hunters' and hackers' write-ups. Follow /r/netsec and Twitter for fantastic write-ups ranging from a variety of security-related topics that will not only motivate you but help you improve. For a list of good books to read, please refer to "What books should I read?".

Join discussions and ask questions.
As you may be aware, the information security community is full of interesting discussions ranging from breaches to surveillance, and further. The bug bounty community consists of hunters, security analysts, and platform staff helping one and another get better at what they do. There are two very popular bug bounty forums: Bug Bounty Forum and Bug Bounty World.

Participate in open source projects; learn to code.
Go to https://github.com/explore or https://gitlab.com/explore/projects and pick a project to contribute to. By doing so you will improve your general coding and communication skills. On top of that, read https://learnpythonthehardway.org/ and https://linuxjourney.com/.

Help others. If you can teach it, you have mastered it.
Once you discover something new and believe others would benefit from learning about your discovery, publish a write-up about it. Not only will you help others, you will learn to really master the topic because you can actually explain it properly.

Smile when you get feedback and use it to your advantage.
The bug bounty community is full of people wanting to help others so do not be surprised if someone gives you some constructive feedback about your work. Learn from your mistakes and in doing so use it to your advantage. I have a little physical notebook where I keep track of the little things that I learnt during the day and the feedback that people gave me.


Learn to approach a target.
The first step when approaching a target is always going to be reconnaissance — preliminary gathering of information about the target. If the target is a web application, start by browsing around like a normal user and get to know the website's purpose. Then you can start enumerating endpoints such as sub-domains, ports and web paths.

A woodsman was once asked, "What would you do if you had just five minutes to chop down a tree?" He answered, "I would spend the first two and a half minutes sharpening my axe."
As you progress, you will start to notice patterns and find yourself refining your hunting methodology. You will probably also start automating a lot of the repetitive tasks.

Related links

  1. Hack And Tools
  2. Hacker Tools Online
  3. Best Hacking Tools 2019
  4. Bluetooth Hacking Tools Kali
  5. Hacking Tools Pc
  6. How To Hack
  7. Pentest Tools Alternative
  8. Hacking Tools For Beginners
  9. How To Make Hacking Tools
  10. Bluetooth Hacking Tools Kali
  11. Hacker Tools Hardware
  12. Hack And Tools
  13. Android Hack Tools Github
  14. Game Hacking
  15. Hacking Tools For Games
  16. Hacking Tools
  17. Pentest Tools Find Subdomains
  18. Hack Tools
  19. Underground Hacker Sites
  20. Hack Tools For Windows
  21. Hacking Tools Windows 10
  22. Hacker Hardware Tools
  23. Hacker Tools Free Download
  24. Hacking Tools 2019
  25. Hacking Tools Hardware
  26. Pentest Tools Android
  27. Hacker Tools Software
  28. Hacker Tools 2019
  29. Best Hacking Tools 2020
  30. Pentest Tools Tcp Port Scanner
  31. Hacking Tools Download
  32. Hacking Tools For Mac
  33. Pentest Tools For Android
  34. Easy Hack Tools
  35. Pentest Tools Subdomain
  36. Underground Hacker Sites
  37. Pentest Tools Linux
  38. Hacking Tools Windows 10
  39. Ethical Hacker Tools
  40. Hack Tools For Mac
  41. Pentest Automation Tools
  42. Hack Tools For Ubuntu
  43. Pentest Tools Kali Linux
  44. Hack Tools For Mac
  45. Hack Tools Online
  46. Hacking Tools For Beginners
  47. Hacking Tools For Pc
  48. Hacking Tools And Software
  49. How To Hack
  50. Hacking Tools Name
  51. Best Hacking Tools 2019
  52. Hacker Tool Kit
  53. Hacker Tools Online
  54. Pentest Tools Online
  55. Hacks And Tools
  56. Wifi Hacker Tools For Windows
  57. Hacking Tools 2020
  58. Blackhat Hacker Tools
  59. Top Pentest Tools
  60. Hacking Tools
  61. Hacker Tools Mac
  62. Pentest Tools Bluekeep
  63. Hak5 Tools
  64. Pentest Tools Apk
  65. Install Pentest Tools Ubuntu
  66. Hacking Tools Usb
  67. Hack Tools For Windows
  68. Hacking Apps
  69. Hacking Tools For Windows 7
  70. Computer Hacker
  71. Nsa Hack Tools Download
  72. New Hacker Tools
  73. Pentest Tools Github
  74. World No 1 Hacker Software
  75. Kik Hack Tools
  76. Hack Tools For Mac
  77. Top Pentest Tools
  78. Hack Tools Mac
  79. Pentest Tools For Windows
  80. Tools For Hacker
  81. Hacker Tools Free Download
  82. Hackers Toolbox
  83. Hacking Apps
  84. Hacking Tools For Kali Linux
  85. Hacker Tools Linux
  86. Hack Tools
  87. Hack Tool Apk
Posted by at No comments:

Thursday, June 1, 2023

Linux Command Line Hackery Series - Part 3


Welcome back, hope you are enjoying this series, I don't know about you but I'm enjoying it a lot. This is part 3 of the series and in this article we're going to learn some new commands. Let's get started

 Command: w
Syntax:      w
Function:   This simple function is used to see who is currently logged in and what they are doing, that is, their processes.

 Command:  whoami
Syntax:       whoami
Function: This is another simple command which is used to print  the  user  name  associated  with the current effective user ID.

 Try it and it will show up your user name.

 If you want to know information about a particular user no matter whether it is you or someone else there is a command for doing that as well.

 Command: finger
Syntax:      finger [option] [username]
Function:   finger is a user information lookup program. The [] around the arguments means that these arguments are optional this convention is used everywhere in this whole series.

 In order to find information about your current user you can simply type:

 finger username

 Here username is your current username.
To find information about root you can type:

 finger root

 and it will display info about root user.

 Command: uname
Syntax:      uname [options]
Function:   uname is used to display information about the system.

 uname is mostly used with the flag -a, which means display all information like this:

 uname -a

 Command: df
Syntax:      df [option] [FILE ...] 
Function:   df is used to display the amount of space available.
If you type df in your terminal and then hit enter you'll see the used and available space of every drive currently mounted on the system. However the information is displayed in block-size, which is not so much human friendly. But don't worry we can have a human friendly output as well using df by typing:

 df -h

 the -h flag is used to display the used and available space in a more user friendly format.
We can also view the info of a single drive by specifying the drive name after df like this:

 df -h /dev/sda2

 That's it for now about df, let's move on.

 Command:  free
Syntax:       free [options]
Function:    free is used to display the amount of free and used physical memory and swap memory in the system.
Again the displayed information is in block-size to get a more human readable format use the -h flag like this:

 free -h

 Command: cal
Syntax:      cal [options]
Function:    cal stands for calendar. It is used to display the calendar.

 If you want to display current date on the calendar you can simply type:

 cal

 and wohooo! you get a nice looking calendar on screen with current date marked but what if you want to display calendar of a previous month well you can do that as well. Say you want to display calendar of Jan 2010, then you'll have to type:

 cal -d 2010-01

 Nice little handy tool, isn't it?

Command: file
Syntax:      file filename ...
Function:   file is an awesome tool, it's used to classify a file. It is used to determine the file type.

 Let's demonstrate the usage of this command by solving a Noob's CTF challenge using file and base64 commands. We'll talk about base64 command in a bit. Go to InfoSecInstitute CTF Website. What you need to do here is to save the broken image file on your local computer in your home directory. After saving the file open your terminal (if it isn't already). Move to your home directory and then check what type of file it is using the file command:

 cd
file image.jpg

 Shocking output? The file command has identified the above file as an ASCII text file which means the above file is not an image file rather it is a text file now it's time to see it's contents so we'll type:

 cat image.jpg

 What is that? It's some kind of gibberish. Well it's base64 encoded text. We need to decode it. Let's learn how to do that.

 Command: base64
Syntax:       base64 [option] FILE ...
Function:    base64 command is used to encode/decode data and then print it to stdout.

 If we're to encode some text in base64 format we'd simply type base64 hit enter and then start typing the text in the terminal after you're done hit enter again and then press CTRL+D like this:

 base64
some text here
<CTRL+D>
c29tZSB0ZXh0IGhlcmUK        # output - the encoded string

 But in the above CTF we've got base64 encoded data we need to decode it, how are we going to do that? It's simple:

 base64 -d image.jpg

 There you go you've captured the flag.
The -d flag here specifies that we want to decode instead of encode and after it is the name of file we want to decode.

 Voila!
So now you're officially a Hacker! Sorry no certificates available here :)

 That's it for this article meet ya soon in the upcoming article.
Related posts
  1. World No 1 Hacker Software
  2. Hacking Tools For Games
  3. Hacking Tools For Windows
  4. Tools 4 Hack
  5. Hack Rom Tools
  6. Nsa Hack Tools
  7. Pentest Tools Review
  8. Pentest Tools Bluekeep
  9. Pentest Tools Website Vulnerability
  10. Hacker Tools For Ios
  11. Hacking Tools And Software
  12. Hack Tools For Ubuntu
  13. Hacking Tools Hardware
  14. Usb Pentest Tools
  15. Nsa Hack Tools Download
  16. Hacking Tools 2020
  17. What Is Hacking Tools
  18. Hacking Tools 2020
  19. Hack And Tools
  20. Hacking Tools For Windows Free Download
  21. Hacker Tools For Ios
  22. Pentest Tools Online
  23. Hacker Security Tools
  24. Pentest Tools Github
  25. Hacking Tools For Windows Free Download
  26. Pentest Reporting Tools
  27. Pentest Recon Tools
  28. Physical Pentest Tools
  29. Physical Pentest Tools
  30. Hacking Apps
  31. Hacking Tools Windows 10
  32. Pentest Tools Online
  33. Pentest Tools List
  34. Github Hacking Tools
  35. Pentest Tools For Ubuntu
  36. Hack Tool Apk
  37. Hacking Tools For Mac
  38. Best Hacking Tools 2019
  39. Hacking Tools For Kali Linux
  40. What Are Hacking Tools
  41. Hacker
  42. Hack Tools
  43. Pentest Tools For Ubuntu
  44. Hacking Tools Mac
  45. Hack Tools
  46. Pentest Tools For Mac
  47. Hacker Search Tools
  48. Hack Tools For Ubuntu
  49. Hack And Tools
  50. Hacker Tools 2020
  51. Hacking Tools 2020
  52. Hacker Tools
  53. How To Make Hacking Tools
  54. Hacking Tools And Software
  55. Beginner Hacker Tools
  56. Pentest Reporting Tools
  57. New Hacker Tools
  58. Hacking Tools Mac
  59. Free Pentest Tools For Windows
  60. Beginner Hacker Tools
  61. Tools For Hacker
  62. Hacking Tools Github
  63. Hacker
  64. Hacking Tools Hardware
  65. Hack Tools For Pc
  66. Hacker Tools Linux
  67. Hacker Tools
  68. Bluetooth Hacking Tools Kali
  69. Tools For Hacker
  70. Hacker Tools 2019
  71. Pentest Tools Free
  72. Pentest Tools Linux
  73. Pentest Tools Free
  74. Hacker Tools Software
  75. Hacker Tools Free Download
  76. Hack Tools For Pc
  77. Hacking Apps
  78. Hacker Security Tools
  79. Pentest Tools Apk
  80. Pentest Tools For Mac
  81. Hacker Tools Linux
  82. Nsa Hack Tools Download
  83. Hack Tools Download
  84. Hacking Tools For Windows Free Download
  85. World No 1 Hacker Software
  86. Hack Tools Github
  87. World No 1 Hacker Software
  88. Hack Tools Github
  89. Hacker Tools 2020
  90. Pentest Tools
  91. Pentest Tools Review
  92. Hack Tools
Posted by at No comments:

WiFiJammer: Amazing Wi-Fi Tool


The name sounds exciting but really does it jam WiFi networks? Yes, it is able to do the thing which it's name suggests. So today I'm going to show you how to annoy your friend by cutting him/her short of the WiFi service.

Requirements:


  1. A computer/laptop with WiFi capable of monitoring (monitor mode).
  2. A Linux OS (I'm using Arch Linux with BlackArch Repos)
  3. And the most obvious thing wifijammer (If you're having BlackArch then you already have it).


How does it work? You maybe thinking!, it's quite simple it sends the deauth packets from the client to the AP (Access Point) after spoofing its (client's) mac-address which makes AP think that it's the connected client who wants to disconnect and Voila!

Well to jam all WiFi networks in your range its quite easy just type:

sudo wifijammer



but wait a minute this may not be a good idea. You may jam all the networks around you, is it really what you want to do? I don't think so and I guess it's illegal.

We just want to play a prank on our friend isn't it? So we want to attack just his/her AP. To do that just type:

sudo wifijammer -a <<AP-MAC-ADDRESS>>

here -a flag specifies that we want to jam a particular AP and after it we must provide the MAC-ADDRESS of that particular AP that we want to jam.
Now how in the world am I going to know what is the MAC-ADDRESS of my friend's AP without disturbing the other people around me?
It's easy just use the Hackers all time favorite tool airodump-ng. Type in the following commands:

sudo airmon-ng

sudo airodump-ng

airmon-ng will put your device in monitor mode and airodump-ng will list all the wifi networks around you with their BSSID, MAC-ADDRESS, and CHANNELS. Now look for your friend's BSSID and grab his/her MAC-ADDRESS and plug that in the above mentioned command. Wooohooo! now you are jamming just your friend's wifi network.

Maybe that's not what you want, maybe you want to jam all the people on a particular channel well wifijammer can help you even with that just type:

sudo wifijammer -c <<CHANNEL-NUMBER>>

with -c we specify to wifijammer that we only want to deauth clients on a specified channel. Again you can see with airodump-ng who is on which channel.

wifijammer has got many other flags you can check out all flags using this command that you always knew:

sudo wifijammer -h



Hope you enjoyed it, good bye and have fun :)
Related links

  1. Bluetooth Hacking Tools Kali
  2. Hacking Tools Pc
  3. Hacking Tools Download
  4. Hacking Tools Software
  5. Hacking Tools 2019
  6. Hacker Tools Apk Download
  7. Tools Used For Hacking
  8. Bluetooth Hacking Tools Kali
  9. Pentest Tools Review
  10. Hacking Tools Kit
  11. Usb Pentest Tools
  12. Hacker Tools Windows
  13. Hacking Tools For Windows
  14. Pentest Tools Free
  15. Hacker Tools Online
  16. Hacker Security Tools
  17. Pentest Tools Download
  18. Computer Hacker
  19. Pentest Tools For Windows
  20. Underground Hacker Sites
  21. Pentest Tools Bluekeep
  22. Usb Pentest Tools
  23. Hacker Tools Mac
  24. Hacking Tools Hardware
  25. Hak5 Tools
  26. Pentest Tools Find Subdomains
  27. Pentest Tools Apk
  28. Hacker Hardware Tools
  29. Hacking Tools For Windows Free Download
  30. Beginner Hacker Tools
  31. Hacker Tools Hardware
  32. Hacking Tools 2020
  33. Pentest Tools Kali Linux
  34. Pentest Recon Tools
  35. Pentest Tools For Mac
  36. Pentest Tools Review
  37. Hacking Tools For Beginners
  38. Hak5 Tools
  39. Black Hat Hacker Tools
  40. Free Pentest Tools For Windows
  41. Hacker Tools Software
  42. Hacking Tools 2019
  43. Pentest Automation Tools
  44. Pentest Tools Url Fuzzer
  45. Hacking Tools Download
  46. Hacker Tools Apk
  47. Best Pentesting Tools 2018
  48. Pentest Tools Find Subdomains
  49. Pentest Tools Windows
  50. Hacker Tools Github
  51. Pentest Tools Url Fuzzer
  52. Pentest Tools Linux
  53. Hacking Tools
  54. How To Hack
  55. Hacking Tools Windows
  56. Best Hacking Tools 2019
  57. Pentest Tools Kali Linux
  58. Hack Tools 2019
  59. How To Hack
  60. Hacker Search Tools
  61. Hacking Tools Name
  62. Pentest Tools Find Subdomains
  63. Hacker Tools Linux
  64. World No 1 Hacker Software
  65. Hacker Tools For Pc
  66. Usb Pentest Tools
  67. Blackhat Hacker Tools
  68. Hacking Tools Software
  69. Hack Tools For Ubuntu
  70. World No 1 Hacker Software
  71. Hacking Tools 2019
  72. Pentest Tools Download
  73. Beginner Hacker Tools
  74. Hacker Tool Kit
  75. Pentest Tools
  76. Usb Pentest Tools
  77. Hack Tools Mac
  78. Pentest Recon Tools
  79. Pentest Tools Kali Linux
  80. Top Pentest Tools
Posted by at No comments:

HACKING PASSWORDS USING CREDENTIAL HARVESTER ATTACK

Everything over the internet is secured by the passwords. You need a login to do any stuff on any social or banking website. Passwords are the first security measure for these type of websites. So, I brought a tutorial on how to hack such sort of login passwords. This tutorial is based on credential harvester attack method. In which you will know about hacking passwords using credential harvester attack method.

HACKING PASSWORDS USING CREDENTIAL HARVESTER ATTACK

REQUIREMENTS

It's very simple and easy to follow. Before you start, you need the following things to work with.
  1. Kali Linux OS
  2. Target Website

STEPS TO FOLLOW

  • Run the Kali Linux machine. If you have not Kali Linux installed, you can grab a free copy and install it as a virtual machine. You can learn more about Kali Linux VirtualBox installation.
  • Sign in to Kali Linux by entering username root and password toor.
  • As you'll sign in, navigate to the Applications > Social Engineering Tools > Social Engineering as shown in the following screenshot.
  • Now you will see the different options. You have to choose Social Engineering Attacks by simply entering its number in the terminal. Once you do it, it will show a few options further. Simply choose Website Vector Attack by putting its number.
  • Website vector attack will show up it's a different type of attacks. We are going to use Credential Harvester Attack.
  • Choose the Site Clone option. As you do it, it will ask for your public IP address. Just open up a new terminal and type ifconfig. It'll show the public IP. Just copy it and paste in the previous terminal as shown in the following screenshots.
  • After we do it. Enter the target website of which passwords you want to hack. Make sure to use a website that has username and password on the same page.
  • All done now. As someone opens up the browser on the public IP we specified, it'll show up the website that we entered in the previous step. Now as someone enters their username or password, it will be captured in the terminal.

That's all. If you're not clear yet. You can watch the following complete video tutorial on how to do it.

More information


Posted by at No comments:
Subscribe to: Comments (Atom)