How I got $300 for Default Credential Login at Bugcrowd 🎉

-

 



How I got $300 for Default Credential Login at Bugcrowd 🎉


Hi everyone, its cyberbeat again! Today I’m here to tell you about a very easy bug that I found out and hopefully will help everyone motivate you find more bugs.

So there was a target that I was hacking on and I was using Shodan to look for vulnerabilities. Oh by the way, Shodan is a search engine specifically designed for internet-connected devices and systems. Unlike traditional search engines that index web content, Shodan indexes information about devices on the internet. It’s often referred to as a “search engine for hackers” because it can be used to find devices and systems that may have security vulnerabilities. I specifically use this to find vulnerabilities in the target that I’m trying to hack.

Back to the story, I figured out an IP that was pointing to the target. The shodan link was looking something like www.shodan.io/host/xx.xx.xx.xx . Upon further investigation, I ran a port scan and found out that one of the port 8855, there was a login panel there (https://xx.xx.xx.xx:8855/site). I wanted to bypass the admin panel to gain access so I tried SQLMap which it failed. It didn’t clicked in my mind but suddenly when I tried admin/admin it logged me in!!!

I was so happy about it and wanted to find other domains that could have default credential access. So I used one of the tools called dirsearch. It is a tool that does directory brute forcing and I found out couple of directories in that domain.

Some targets where I was able to find default logins were:

  1. https://xx.xx.xx.xx/admin/adminx/login
  2. https://xx.xx.xx.xx/loadtest/pcx/login

I submitted the report and was able to get $300 for the bounty!

I hope this helped you motivate towards bug bounty. It is hard at first but if you remain persistent, you will definitely get success in it. See you next time with some other good reports!


Comments

Post a Comment

Popular posts from this blog

Diamond Hack Website FF Latest December 19 2023 100% Working

-
Image
D iamond Hack FFMax Diamond Hack FFMax APK  for Android Free In English V  1.0 4.3 (126 ) APK Status Free Download for Android Free diamond tool for Free Fire Diamond Hack FFMax  is a free-to-use  utility  designed to help players better manage and grow their diamonds, a valuable in-game resource in the  battle royale  game,  Garena Free Fire . This third-party app makes quick  price checks and conversions  for you, checking different  locations  on your behalf. Aside from this economic tool, this app also offers a couple of game  optimization  options to improve your gameplay experience. Unlike other literal diamond hacking apps, Diamond Hack FFMax only helps players manage diamonds and improve game performance. It’s like a cross between  Love FF Diamond  and  GFX Tool - Free Fire Booster . Manage diamonds and optimize the game Despite the seeming misnomer, Diamond Hack FFMax  doesn’t hack into the game  in any form. Instead, it serves as a third-party platform that lets you  view dia
Read more

Java Runtime Setup for win10

-
JAVA RUNTIME ENVIRONMENT Java Runtime Environment  (JRE) allows you to play online games,  chat with people around the world , calculate your mortgage interest, and view images in 3D, just to name a few. It's also integral to the intranet applications and other e-business solutions that are the foundation of corporate computing. It provides the libraries, the Java Virtual Machine, and other components to run applets and applications written in the Java programming language. In addition, two key deployment technologies are part of the JRE: Java Plug-in, which  Enables Applets to Run in Popular Browsers ; and Web Start, which deploys standalone applications over a network. Many cross platform applications also require Java to operate properly. Itis a programming language and computing platform first released by Sun Microsystems in 1995. There are lots of applications and websites that will not work unless you have Java installed, and more are created every day. The program is f
Read more

DOWNLOAD DROIDJACK 4.4 FULL VERSION – REMOTE ADMINISTRATION TOOLS

-
Image
DOWNLOAD DROIDJACK 4.4 FULL VERSION – REMOTE ADMINISTRATION TOOLS There is nothing that you can do with a PC, you can’t do using an Android phone. Since the power in the hand has grown so much, a control over that power is also needed. DroidJack is what you need for that. DroidJack gives you the power to establish control over your beloveds’ Android devices with an easy to use GUI and all the features you need to monitor them. Build a custom APK or bind the payload to an already existing APK such as a game or social media app. Download droidjack 4.4 full version free of cost. FEATURES: Bind your server APK with any other Game or App. Explore Files with full access. Read/Write Messages. Make a call, record a call and browse call logs. Read and write contact list. Capture photos and videos. Listen live conversation through mic, record mic sound live. Check browser history. Get GPS Location. Check installed apps. Get phone’s information (IMEI, WIFI MAC, PHONE CARRIER). Fully Stealth. DOWN
Read more