Here is short writeup on how I found some hardcoded credentials inside of an exe file and got paid 2000$ even the asset was OUT OF SCOPE!
📌THREAD📌
1. I got invited to a private program with new assets
2. The asset was a web application for an Electron desktop app
📌THREAD📌
1. I got invited to a private program with new assets
2. The asset was a web application for an Electron desktop app
3. I tried to find the executable for the In scope app just to understand what the app will looks like when installed in the machine
4. I finally downloaded the app from the official website lf the target and tried to extract the Exe with tools like Winzip (Electron app can be easily extracted)
5. Found a repo with the name of Resources and then found a file named app.asar
6. I opened the file with Notepad++ and done a simple search manually to see if I could hunt for low hunging fruits, suddenly when trying to find URLs inside the file, I found an URL of the target and found also an encoded string
7. Copied the string and it was obvious that it was base64 encoded, I decoded it and it was like admin:THEIRPASSWORD
8. I tried the password with the URL found earlier and got access to Sonatype Nexus Repository Manager with admin privileges
9. I immediately reported the finding and was triaged even the asset was out of scope due to the severity of the finding and I was paid 2000$ for this!
Tip: When you hunt in a target, try to think like a real hacker where anything could be useful to understand your target! (Recon is important)
Report vulnerabilities to the companies and let them judge if they accept the finding or not.
Report vulnerabilities to the companies and let them judge if they accept the finding or not.
Tip 2 : Shoutout to this writeup which contains a similar case of this finding!
hackerone.com/reports/1087489
#bugbountytips #bugbountytip #BugBounty
hackerone.com/reports/1087489
#bugbountytips #bugbountytip #BugBounty
• • •
Missing some Tweet in this thread? You can try to
force a refresh
