Share this page!

Jason Haddix Profile picture
Twitter logo
Apr 3 12 tweets 4 min read
SO you're a bounty hunter with a gaming rig? 🧵

If you don't want to use a VPS or run native (dual-boot Linux) you can install Ubuntu and WSL 2.

(+) You'll (probably) benefit from more memory, cores, and a fast broadband connection.
(+) You can eliminate or supplement your VPS costs
(+) Usability is nice (file management, copy-paste)

(-) WSL2 does not yet support raw sockets, so no nmap or masscan
(-) Mass DNS requests (resolver tools like massdns/puredn) will crash WSL DNS for some reason

2/3
(-) on wsl 1.0 (if you decide to use that) git is painfully slow, including setting up dependencies in large frameworks like reconFTW

(+) ... Your gains in speed per dollar are good. Most gaming rigs equivalent VPS (proc/mem/storage) costs will run you $80-$120 on Digital Ocean
(+) using a VPN/Tor/Proxychains at the Windows level is easy and applies to your Ubuntu setup
Easy install instructions:

onmsft.com/how-to/install…

find your file system:

howtogeek.com/261383/how-to-…
^ #bugbountytips 😂
(+) Tools that run well in this setup: amass (and other sub scraping tools), web resolution & scanning tools (nuclei, httpx, gau, ++), anything processor-intensive
reconFTW by @Six2dez1 github.com/six2dez/reconf…

Green works on WSL2 Ubinut setup, Red has issues due to the aforementioned problems

(you don't see nmap because systems come with it by default)
Overall I think that I'd like to exercise my gaming rigs muscle by moving some tasks to it, especially scanning and scraping.

Will investigate using it as a node for Axiom by @pry0cc for certain tasks in the future.

github.com/pry0cc/axiom
** DISCLAIMER **

All this is after a few days of testing. If there are fixes, or additional context (pros/cons) I'll post them in this thread in the future. I don't claim to be a wizard with WSL =P

Happy hacking ;)
So I had to download the newest update to fix some things:

to update to the NEWEST WSL2 you can go here:

catalog.update.microsoft.com/Search.aspx?q=…

Let's see if it fixes any of the cons.
Last update.

Many have stated downsides. It's not perfect.

Updating WSL2 updates & fixing the VPN issue (gist.github.com/machuu/7663aa6…) I now have everything running & working for my recon chain.

Will it be my primary? no. I'll use it to supplement my VPS. It was a fun experiment!

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Jason Haddix

Jason Haddix Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @Jhaddix

Jason Haddix Profile picture
Apr 4
(a LONG thread) 🧵

Inspired by @infosec_au & @hacker_ here's one of my fun hacker stories:

= The complete compromise of a password manager company =

Here's how I did it (so you can learn):

I was given the project to pentest a password manager company: *.redacted.com

(1/16)
No physical or phishing. The site was certified McAffee Secure! 😉

The 1st two days were spent doing recon, walking the application, and doing content discovery.

I used the

github.com/danielmiessler…

github.com/danielmiessler…

bruteforce lists for content discovery.

(2/16)
At this time, I was using dirsearch. (I would use ffuf or feroxbuster these days)

(something like the image)

I discovered, (by proxying the site through Burp Suite and looking at responses and errors), that the application was written in CodeIgniter. Noted this down.

(3/16) Image
Read 16 tweets
Jason Haddix Profile picture
Mar 21
#bugbountytips

🧵 1/x

Starting from almost scratch. Testing Environment:

DO Ubuntu VPS, 2 vCPUs. 4GB mem / 60GB Disk, ($20/mo)

This works for most general tasks. In most VPS intensive tasks (content discovery, fuzzing, etc) memory is your bottleneck.
🧵 2/x

Laptop: (Ubuntu VMs & Windows)
Laptop with 16GB of RAM and a hardcore proc and my 800Mb/s home internet with VPN setup.

Desktop:
Threadripper gaming desktop
128GBRam
5 Monitors

#bugbountytips
🧵 3/x

You don't need 3 machines FYI. My desktop is a beast because it's my gaming machine. (128GB RAM is epic tho for work in Burp Pro)

The VPS handles general tasks
If the VPS is maxed out or I'm doing a long session fuzz (content discovery, fuzzing large lists) I use laptop
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @Jhaddix has new unrolls!

Check out other threads from @Jhaddix!

Read all threads by @Jhaddix

:(