Mehdi Profile picture
🚀 Cofounder @ Bleetz - Future Digital Payment Solution 🥷Cyber Security Engineer 🔴 Synack Red Team Member 💻 Node.js enthusiast ... --------------- OSCP-CRTO
Apr 25, 2023 11 tweets 4 min read
🧵NEW THREAD🧵
Here is how I was able to takeover the whole company's AWS infrastructure under 10 min after a new asset launch at @Hacker0x01 private program ImageImage 1. I was invited in the morning to a private program at H1 and the program updated the scope in the evening, So I decided to take a look to see if there is something to hack
Apr 21, 2023 13 tweets 4 min read
🧵NEW Thread🧵

Here is how I found the easiest SQLi and possible RCE in less than 30 min of recon and dorking

1. I was invited to a private program at @Hacker0x01 and the first thing I usually do is to look at the scope and see if it is a wildcard domain or just a small scope. ImageImage 2. Found that the program accepts all vulnerabilities related to their assets and of course third party assets are OOS
Mar 11, 2023 9 tweets 2 min read
Here is how I chained two bugs to exploit a UUID based IDOR and gained access to admin panel.

🧵THREAD🧵
1. How I knew that the target uses the same panel for both (normal users and admins)?! This is because of two things, the first one is through subdomain enumeration The second one is from the JS files.
After enumerating the subdomains, no admin panel was found for the main app.
But when reading the main JS file of the target, there was some keywords like is_admin or administration or anything related to the super users privileges.
Feb 28, 2023 10 tweets 3 min read
Here is short writeup on how I found some hardcoded credentials inside of an exe file and got paid 2000$ even the asset was OUT OF SCOPE!

📌THREAD📌

1. I got invited to a private program with new assets
2. The asset was a web application for an Electron desktop app ImageImage 3. I tried to find the executable for the In scope app just to understand what the app will looks like when installed in the machine