I began the day by doing research (if you’ve been here for a long time, you’d know that this is what I do every day before hacking), hours into this, I came across a writeup about an RCE on “F5 BIG-IP”, and I kept researching about this vulnerability. I managed to write a custom script to scan for this vulnerability (even tho there’s already a multiple available on GitHub, I wanted to write my own scanner). Furthermore, I fed the script my target list, it is currently still scanning. I’ll keep you updated on the progress.
I finished my research and I decided to expand my dorks for “Shodan” “Google” and “GitHub”. I enjoyed this process so much, I realized that you need to only include vulnerabilities you enjoy, for example, if you prefer finding XSS vulnerabilities over Request Forgery then do that, do not add “Request Forgery” to your methodology for the sake of it, add it because you enjoy and understand the vulnerability enough to spend days poking at the same endpoint looking for the vuln. Of course, this is my own opinion.
Happy hacking. See you tomorrow❤
