Summary
Highlights
Because will and recon all from these
Most all Bug bounty programs. Will has a huge scope and what will to.
In this a.a is helpful.
Does it so it all work as a so we check in with a the out with it.
A go to if you are there in or there in to do.
Is it important to watch from show and host in order to grab domains you don't want to can for port ranges.
Electric for running mass, showdons is mass and database, all through Ican.
Is the first tool one should now use and what is good to be looking at sensitive
As not do what does in then then or and then
The purpose of this course is to take complete beginners to bug bounty hunters. The course walks through what you need to know to become a bug bounty hunter, emphasizing studying and understanding exploits. The content is time-stamped for specific vulnerabilities, allowing users to skip to relevant sections.
The video discusses virtual hosting software, recommending VMware over Virtual Box due to past issues with Virtual Box's performance. VMware offers a 30-day free trial. The video also notes that the course resources will contain download links for both options.
This section walks through downloading Virtual Box, extracting the download, and right-clicking on the Virtual Box image to open it. It advises clicking 'I copied it' when prompted about the machine's origin and adjusting RAM and CPU settings. The login credentials are provided as cie for both username and password.
The video provides instructions for installing VMware, emphasizing downloading the VMware Fusion Player for Mac or VMware Workstation for Windows. It advises downloading a virtual machine from CI Linux and opening it with VMware Fusion, remembering to click 'I copied it'. Configuration involves maximizing memory and cores, with default credentials being ‘cie’ for both username and password.
The video addresses scanning and fuzzing bug bounty targets safely, emphasizing the importance of understanding program rules. It recommends using Shodan to scan targets and avoiding vulnerability scanners/excessively fast fuzzing. Inmap scans should be slowed down, and its legality depends on local laws, which should be checked.
The video provides a link to a page with inmap network scanning legal issues. It then goes into the ways to fuzz specific directories safely which can include installing SEClist to use better worded options and to follow the fuff syntax.
The video covers the tool Shodan for bug bounty hunting, noting its use for finding vulnerabilities and information disclosures without directly scanning targets. It explains that Shodan crawls internet-connected devices, storing software versions and vulnerabilities. The video then demonstrates how to use Shodan via terminal and browser, including initializing the API key and performing queries. The video also describes legal and unethical use cases and the Showdown montior feature.
The video emphasizes the importance of note taking for bug bounty hunting and penetration testing. It covers using Cherry Tree, screenshotting for notes, and adopting a consistent note-taking methodology. The default credentials will be noted next to each VM. Also, creating a checklist is helpful in note taking to make sure not to miss any vulnerabilities, bugs, or subdomains previously enumerated.
The video describes the basic structure of a URL by going over the different parts and their functions in the URL. This allows for an understanding on what to fuzz and different URLs to save.
The video explains how the Domain Name System (DNS) resolves domain names to IP addresses. Steps include checking the web browser cache, querying the ISP, contacting the root server, then the TLD server, before finally reaching the name server to obtain the IP address.
The video introduces the 'dig' tool for checking DNS Zone transfers, which can reveal subdomains. It explains that a DNS Zone transfer replicates a DNS database between servers. If a system is vulnerable, you can execute dig to see potential attack vectors like emails and portals.
The video quickly reviews the recon tools 'whois' and 'NS lookup', noting they provide domain information, registration details, and IP addresses. 'theHarvester' is also mentioned to find more domains, subdomains, and emails.
The video demonstrates using 'crt.sh' to find subdomains of a target domain. The website gives certification tickets with all subdomains you are looking at.
Explanation of using Way Back Machine. It also covers installing Way Back URLs by Tom Nom Nom, the importance of the go language, and running URLs through amass. You would then run a pseudo app install HTTP probe
The video introduces Sublister but promotes Amass for its better subdomain enumeration. It shows Open List plugin to have multible URLs to pull with subdomains from AMass.
Is how quickly this is go and be helpful. We' be using that because version is be
Is what to what these have been all to and the and to the that.
The video covers tools like Wappalyzer, React Developer Tools, and W3Techs for identifying technologies running on a website. It explains how this helps in finding vulnerabilities related to software versions and web servers. Walizer provides information of a target, a react dev opens up the directory with different folders, and the W3 tecks shows the different versions of Apaches running.
The video explained about Inmap, and what kinds of details that the user should be looking for. An in map scan involves a network that brawls all of the information on all different sorts of mediums, such as Apache or Windows or web browsers.
Fuff can also be used to fuzz for the same methods. This includes good synatax shortcuts. This allows for many different endpoints to be looked at for the different protocols.
Many different tools such as notes from CTF can be found in Google dorks, or using the tool derb. The key is that having a good list tool in the tool belt and it is never the worst to have a few different recon toos so that you have a wide range of versitity for solving specific attacks.
Select the main domains. The best thing to remember and the point to this is know which websites can make easy to change and fuzz which allows you to pull bag information you do not have access to.
Sort the programs by the newest possible targets. Target what is familiar. Follow the developers.
Installing tools and seeing what the use and options are for each of the tools and how you like them or do not them use them.
A big thing to not is the value of running into Zone transfer. Using this, you can grep and sort into specific domains and files, ports, VPN, and so on.
This is something worth knowing and getting ready for. What does that tell us Google. Show done you will find in your recon phase make sure to save interesting URLs for those
How does browser know where it is going, Facebook, Wikipedia, the tour browser keeps IP secure.
Note to save URLs that look really what and what parts you can change to pull information.
Cherry Tree and Note Taking process. Keep checklists to prevent vulnerabilities and good domain structure. Default sub node is software.
If a new ability comes out you can go back to the specific domain and the what is applicable to it all as well as have something like walizer installed.
It is shown that you need to understand what URLs look interesting you can copy and paste them into your notes and then return and act upon them. 443 protocol and how host yahoos .com and other different types work.
The fact is there, a key factor is to understand, the ability from the start. Remember in setup that a cve has come out
People who like Showdown the most tend to have the ability to do any thing, and don't care about darket and that is exactly the point of all of that.
No having too to do, based to find bugs, saves you recon time and it is also easy a fast pace.
Grabbing a host. Showdone doesn't work as well as running certain host it seems and in map and so on because what is reachable and in map shows what is reachable as well.
It all about the note taking process.
Setting up directory properly and save time copy and paste to use screenshotting and save information.
Looking for Bugbounding, cves, known vunnerabilities as well as sensative information. One of the last things is showans monitor function.
Cool things filters about in Chrome and getting help from search filter.
Don't take scan and looking at program, before in scope. No need for actual exploitation. As pen testing looking for very targets and who actual vulnerabilities.
Those commands such as checking for 1.4.7 which save time from doing heavy lifting.
ShowDone crawls all devices while, Google goes out crawls all pages.
We have one those very iple from it and looking for that is based in recon. Just have a cve. Is on here
But they need to make that even though there are seven, that those do it to is a legal act.
The way to look, there a cve in all show done.com so it does that mass for the people
There also all of for of with this does.
On there using.