When I woke up today I did not feel like working at all but my desire to make it through this challenge carried me all the way through and here I am, accounting for the day.
Yesterday, I mentioned that I wanted to investigate and report 2 potential critical sensitive information disclosures, the endpoints are vulnerable, I exploited the vulnerability and looked around for the sensitive data and on both endpoints I couldn’t find anything worth reporting, I didn’t want to spend any more time away from the new program so I moved on.
I finished mapping out my target asset, I spent the majority of the day mapping as much information as I possibly could, the next step for me is manual hacking, all hands on. Even though this program has a really small scope there seems to be a lot of functionalities and that makes me excited of all the possible things that can go wrong, I’ll invest my time into this program and we’ll see how the rest plays out, as always, I’m excited for tomorrow with all its possibilities.
A google dork that was very useful to me today was:
Google dork: site:[domain] “sign up”
Google dork: site:[domain] “admin”
Need sign up pages of your target? Use these dorks. Need interesting admin related info? Use these dorks.
Thank you for taking the time to read through my post. Take care.
For updates — Twitter: https://twitter.com/wallotry/
To send me private program invites — HackerOne: https://hackerone.com/wallotry
