Share this page!

Abhishek Meena Profile picture
Twitter logo
Nov 16 13 tweets 4 min read
Recon Everything v2

#bugbounty #infosec #bugbountytips

Thread🧵:👇
• Now, if you are slightly experienced, after a few minutes of tinkering with this workflow, you will get a feeling whether it might have something interesting going on or not. This point is difficult to explain. It will come with practice.

🧵:👇
• The weird behavior doesn’t necessarily mean you have found a bug that is worth reporting. It probably means you have a good chance so you should keep digging into it more.

🧵:👇
• There is some research that might be required as well. Let’s say you found that a particular version of an email server is being used that is outdated. Look on the internet for known vulnerabilities against it. You might encounter a known CVE with a known exploit.
Try that exploit and see what happens (provided you are operating under the terms and conditions of the bug bounty).

• There might be special tools that are required. Explore into that, if possible.
Remember, Burp is a swiss army knife but you might have to use certain specific tools in certain cases. Always, be aware of that.

• After spending a few hours on this, if you think you have exhausted all your options and are not getting anything meaningful out of it,
stop and move on. Getting hung up on something is the biggest motivation killer but that doesn’t mean you are giving up. Get back to it later if something else comes up. Make a note of it.

🧵:👇
• Something that has worked for me is bounds checking on parameters, pick a parameter that has an obvious effect on the flow of the application.

For example, if a field takes a number (lets call it ID for lulz).
What happens if :

-you put in a minus number?
-you increment or decrement the number?
-you put in a really large number?
-you put in a string or symbol characters?
-you try traverse a directory with …/
-you put in XSS vectors?
-you put in SQLI vectors?
-you put in non-ascii characters?
-you mess with the variable type such as casting a string to an array
-you use null characters or no value

I would then see if I can draw any conclusions from the outcomes of these tests,
-see if I can understand what is happening based on an error
-is anything broken or exposed
-can this action affect other things in the app.
All Credit Goes To : @maverickNerd

Thanks For Reading This Amazing Thread 🧵On : Recon Everything

Here is Recon Everything v1:
I've opened My Bug Bounty tips Group

You Will Get :
➡Best Tips for Bug Bounty
➡Good And Informative Articles From Infosec Community
➡One-liners Command
➡Infosec Resources
➡ebooks - Paid ?😎
➡And Many More

Join :
t.me/bugbountyresou…

#bugbounty #infosec #hacking

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Abhishek Meena

Abhishek Meena Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @Aacle_

Abhishek Meena Profile picture
Nov 18
✨Recon Everything v3
#bugbounty #infosec

Thread🧵:👇
• Focus on site functionality that has been redesigned or changed since a previous version of the target.

Sometimes, having seen/used a bounty product before, you will notice right away any new
functionality.
A bounty brief example would be reading a brief and noticing a lot of pointed references to the API or a particular page/function in the site.
Read 9 tweets
Abhishek Meena Profile picture
Nov 16
✨Awesome Bug Bounty Tools 🌟

#bugbounty #Infosec

Thread🧵:👇
▪ Subdomain Enumeration Tools List

—————————
I've opened My Bug Bounty tips Group =>
Join Link : t.me/bugbountyresou…
—————————

#bugbounty #infosec Image
▪ Content Discovery

#bugbounty #infosec Image
Read 10 tweets
Abhishek Meena Profile picture
Nov 16
Session Management Checklist 🔗

☑ Establish how session management is handled in the application (eg, tokens in cookies, token in URL)
☑ Check session tokens for cookie flags (httpOnly and secure)
☑ Check session cookie scope (path and domain)

Thread🧵(1/n) :👇
☑ Check session cookie duration (expires and max-age)
☑ Check session termination after a maximum lifetime
☑ Check session termination after relative timeout
☑ Check session termination after logout
☑ Test to see if users can have multiple simultaneous sessions

🧵(2/n) :👇
☑ Test session cookies for randomness
☑ Confirm that new session tokens are issued on login, role change and logout
☑ Test for consistent session management across applications with shared session management
☑ Test for session puzzling
☑ Test for CSRF and clickjacking
Read 4 tweets
Abhishek Meena Profile picture
Nov 15
✨Bug Bounty Pro Tip:

➡Escalate everything you find!
#bugbounty #Infosec #hacking

• Don’t report SSRF, Escalate to RCE.
• Don’t report Self-XSS, Chain it with Clickjacking.
• Don’t report Self-Stored XSS, Chain it with CSRF.

More🧵(1/n) : 👇 Bug Bounty Pro Tips
• Don’t report Information Disclosure, try to use it (Privileges Escalation).
• Don’t report Open Redirect, Escalate it to ATO

➡List of Some Attacks Topics that You Should do some research and read the Blogs/reports on them.👇

More🧵:👇
- SQL Injection Attack
- Hibernate Query Language Injection
- Direct OS Code Injection
- XML Entity Injection
- Broken Authentication and Session Management
- Cross-Site Scripting (XSS)
Read 7 tweets
Abhishek Meena Profile picture
Nov 15
Windows OS Enumeration

Top 20 Common Enumeration Commands :

• net config Workstation
• systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
• hostname
• net users
• ipconfig /all
• route print
• arp -A
• netstat -ano

Thread🧵:👇
• netsh firewall show state
• netsh firewall show config
• schtasks /query /fo LIST /v
• tasklist /SVC
• net start
• DRIVERQUERY

🧵:👇
• reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated

#bugbounty #infosec

• reg query HKCU\SOFTWARE\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated

🧵:👇
Read 5 tweets
Abhishek Meena Profile picture
Nov 15
Recon Everything v1

#bugbounty #infosec #bugbountytips

• Bug Bounty Hunting Tip #1- Always read the Source Code

How To Approach a Target - Thread🧵:👇
Approach a Target (Lot of this section is taken from
Jason Haddix and portswigger blog)

• Ideally you wants to choose a program that has a wide scope. You’re also going to be wanting to look for a bounty program that has wider range of vulnerabilities within scope.
• Mining information about the domains, email servers and social network connections.

—————————
I've opened My Bug Bounty tips Group =>
Join Link : t.me/bugbountyresou…
—————————

Continue Your Read👇
Read 10 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(