Pindah directory sudomy:
cd /home/*user*
comand sudomy :Aneka Tips dan trik
Pindah directory sudomy:
cd /home/*user*
comand sudomy :1/ Spend at least 30 minutes on a new target
2/ Look for “No”s
3/ Use Italics Tags in your inputs instead of XSS payloads
4/ Focus on SaaS apps that are multi-tenant
5/ Buy Burp Pro
6/ On a new target go straight to the User Management section
7/ See if inviting an existing user to your org exposes their name
8/ See if inviting an existing user removes them from their own org
9/ If the scope has a wildcard, use sub finder to find subdomains
10/ Run HTTPX on the list of subdomains to narrow down alive targets
11/ On an app you’re not familiar with, use it like a normal user first
12/ If the docs say you can’t do X, but you can do X then you have a bug
13/ Use match & replace rules to find new endpoints
14/ Budget time into your week specifically for hacking
15/ Give yourself a no-bug time limit. I do 3 hours.
16/ Go back to old dupes and see if you can still reproduce.
17/ Look for “+2” in your reputation log to find dupes that should be now.
18/Ask for help from other hackers
19/ Make your report a conversation, not a sales pitch
20/ Accept & expect that dupes will happen
21/ File & Forget
22/ If an endpoint has “api/v2/“, try “api/v1/”
23/ If an endpoint has “api/v2”, try removing the “v2” altogether
24/ 6 $1000 Mediums pay more than 1 $5,000 crit. Don’t ignore any bugs
25/ Lows are still bugs that should be filed
26/ Be kind to your triager
27/ Say “thank you” when you get a bounty
28/ If an app uses UUIDs, you can still look for IDORs. Just set “AC:H”.
29/ If UUID IDORs exist, then look for an endpoint that exposes UUIDs
30/ Pin your success on whether your followed your plan, not if you found bugs
31/ A program that has a lot of hackers doesn’t mean there isn’t low-hanging fruit
32/ Going deep _will_ payoff
33/ Working with new hackers will payoff in dividends
34/ Don’t be jealous
35/ Bug Bounty income isn’t consistent. Be okay with peaks & valleys for your own sanity
36/ If you find a bug that’s OOS, still ask the customer if they care
37/ There’s no end. Enjoy the journey
38/ Have a hobby that’s not related to hacking
39/ Have friends that don’t hack
40/ Figure out what time of day you hack the best. Late nights aren’t for me.
41/ Spend that extra 2 minutes to make your report look/read nice
42/ “Subscribe” to programs that pay well and have good scope
43/ Don’t whine on Twitter about a single report. Or at all for that matter.
44/ IDORs and Privilege Escalations are a great place to start
45/ Unmet expectations lead to disappointment
46/ Teach someone else how to hack
47/ Time spent reading/learning is time-well spent
48/ Focus on programs that you actually use in your day-to-day
49/ Establish a relationship with the program
50/ Try asking the program what types of bugs they want to see
51/ Look at a programs leaderboard to see who you should collar with
52/ When collaborating, an even bounty split eliminates hassle
53/ Take a break when you stop having fun
54/ At an LHE, start hacking ahead of time
55/ Look for programs that are active in resolving reports
56/ Look for programs that haven’t awarded a lot recently
57/ Look for programs that have collaboration enabled
58/ Look for programs that don’t list out a bunch of known issues
59/ Look for programs that have a history of adding new scope
60/ Change your strategy if you’ve gone a while without a finding
61/ If you’re on a roll, keep doing what you’re doing
62/ But don’t let success keep you from evolving/growing
63/ Compare yourself against yourself from last year
64/ Maintain online presence for new opportunities
65/ Be thankful for failure
66/ Read disclosed reports
67/ Focus on one program at a time. Cycle if you get bored.
68/ Don’t spray XSS payloads everywhere
69/ If possible, work at a company that has a BBP
70/ Spend bounty money on tools that will generate more bounties
71/ Budget a specific amount of your bounties for fun. And stick to it.
72/ When hacking a store, don’t be afraid to make small purchases
73/ Look for changes in JS files to know when there may be new functionality
74/ Look for references to subdomains in a company’s GH repos
75/ Look for references to subdomains in employee’s GH repos
76/ If the app uses Intercom, try booting it with another email
77/ Look for second-degree IDORs
78/ SSRFs exist when the app makes any external request. Look for these requests.
79/ Look for actuator endpoints
80/ Find hackers that hack differently than you.
81/ Try hacking in a different room of the house
82/ Try hacking at a different location altogether
83/ If you find the same bug on different endpoints, file as different bugs
84/ Try always having some pending bugs in your pipeline
85/ Break your yearly bounty goal into monthly goals
86/ Know when a bounty isn’t worth fighting over
87/ Push back gently when a report gets downgraded
88/ Use the leaderboard as motivation, not as comparison
89/ Don’t re-invent the wheel when a tool exists
90/ Don’t be afraid to build the wheel if the tool doesn’t
91/ Try collabing in real time over video chat
92/ Always ask why something works the way it does
93/ When collabing, don’t be afraid to be the underperformer
94/ When collabing, don’t get salty about being the oqerperformer
95/ Use mediation, but use it sparingly
96/ Be generous with your earnings
97/ Hack for fun, not for a paycheck
98/ LHEs are a privilege, not an expectation
99/ Programs are your friend, not your adversary. Work with them
100/ The platform is your friend, not your adversary. Work with them
site:target.com inurl:redir | inurl:redir |redirect_uri |
inurl:redirect_url | inurl:return_url |inurl:href | inurl:host | inurl:next |
inurl:url | inurl:uri | inurl:origin | inurl:referrer | inurl:callback_url
|inurl:redirect | inurl:imh_url | inurl:returnto | inurl: checkout_url | inurl:continue | inurl:return_path |
inurl:destination | inurl:rurl | inurl:image_url | inurl:newurl |
inurl:redirect | inurl: redirectUrl
🛷 WEBSITES WHERE YOU CAN MAKE MONEY BY HUNTING BUGS🛷
Hackers and Cyber Security Experts get paid well but some of them doesn’t get chance so easily. So here are some platforms for bug bounty programs to earn good.
🤿Bug Bounty Platforms🥌
HackerOne
Bugcrowd
Synack
Detectify
Cobalt
Open Bug Bounty
Zero Copter
Yes We Hack
Hacken Proof
Vulnerability Lab
https://www.vulnerability-lab.com
Fire Bounty
Bug Bounty
Anti Hack
Intigrity
Safe Hats
Red Storm
Cyber Army
Yogosha
Cost = $10000+
Requirements: A clear Mindset
Most Important 1 - 4
= Important
Don’t skip anything, Everything is in order
and download the courses in small parts in order
Step - 1
Tryhackme: Beginner Level
Link - https://tryhackme.com/hacktivities
Pre Security only -
Step - 2
Networking - Networking is the most important thing in this field. You should know how the internet works, Wifi, IPV4, IPV6, Modem & Routers, TCPIP
TOTAL CompTIA A+ Certification (220-1002):
Mega Link - https://mega.nz/folder/zSpnzKKD#UPhqD2NZBoM3ImhvMsx9qA
Step - 3
CompTIA Network+ Cert. (N10-007) The Total Course part:
Mega Link - https://mega.nz/folder/fC5njSyR#NMw88ZzRaYhDTSmYewodXA
Step - 4
Linux Essentials For Hackers:
Mega Link - https://mega.nz/folder/mSZm0ToD#eHVXlQEZqjvy7wtOjr6bsQ
oR
Linux Fundamentals (only if you have much time)
Mega Link - https://mega.nz/folder/bWAzhIpK#75a7aku_sRt6xELqZx4Rtw
Step - 5:
Programming Languages
C/C++ - (don’t need to do both … only 1 of these)
[C++ recommend because it can be used for other purposes also and its has OOPs also]
C++ Programming For Beginners- From Beginner to Beyond
Mega Link - https://mega.nz/folder/mHojiKDQ#3Elcoz07kRO_wHNsqGSSyg
C Programming For Beginners - Master the C Language
Mega Link - https://mega.nz/folder/Hep3WCyL#edxDM0t-hLe56aXVJMb1Zg
NOTE - First learn C/c++ Language before start hacking. You can learn other languages while learning hacking at the same time/day.
Python courses are given at the bottom (you can do python now or after learning Basic ethical hacking.
SQL - Sql is one of the important languages in this field because there are many attacks. If we have good knowledge about SQL we can exploit databases with more ease.
The Ultimate MySQL Bootcamp Go from SQL Beginner to Expert:
Mega Link - https://mega.nz/folder/LS4FBKwI#2JKm18_PJngL8Fc4MP7mcw
The next one is Javascript-
Javascript for Pentesters 1:
Mega Link - https://mega.nz/folder/ya5W0Lxa#Ocx3Gbtkv8PqSzzSpG6PfA
Javascript for Pentesters 2:
Mega Link - https://mega.nz/folder/ub40ARZD#TmsUGA1MK4_-lVbRvJG-QQ
Step - 6
Start Learn Hacking now (courses are arranged in order)
Hacking in Practice Intensive Ethical Hacking MEGA Course:
Mega Link - https://mega.nz/folder/STp0RTgI#9evucI3TuA4ovRHwIzkZjw
Learn Ethical Hacking From Scratch:
Mega Link - https://mega.nz/folder/uOhmlJDK#XurLsSfc4Q_2lqir8__7xQ
Network Hacking Continued - Intermediate to Advanced:
Mega Link - https://mega.nz/folder/rDwizT6T#cfvtFj1U5NSML8A9e9WKKg
Website Hacking Penetration Testing & Bug Bounty Hunting:
Mega Link - https://mega.nz/folder/rLwGFBqL#fypM_Tl6_PqMLDllXPhdhw
Intro to Bug Bounty Hunting and Web Application Hacking:
Mega Link - https://mega.nz/folder/HD5kFLIb#0GL5H-vCZ97egfYQDgGHOg
Practical Ethical Hacking - The Complete Course
Mega Link - https://mega.nz/folder/CKwkRTgD#eyLfo_HAvRIDZ7hJO_1N7w
Learn Python & Ethical Hacking From Scratch:
Mega Link - https://mega.nz/folder/vTgRBCBQ#-NcoMXnPAoQ1YnT7ywpwWw
Complete Hacking Tools in Kali Linux:
Mega Link - https://mega.nz/folder/OShBhKQa#AsIpstxQ_B3At405IbhsfA
The Complete Ethical Hacking Course Beginner to Advanced:
Mega Link - https://mega.nz/folder/TXpXUSbI#5vS2-RUclbt-kqRumNjyXg
Recon for Ethical Hacking Penetration Testing & Bug Bounty:
Mega Link - https://mega.nz/folder/CDphRCJB#eBZqSmleyW6Thld_8RbZwQ
You can learn More Languages these are optional but you can try. These will improve your skills.
Do not give more time to these languages (Important are C, Python, SQL, js)
Bash Mastery The Complete Guide to Bash Shell Scripting:
Mega Link - https://mega.nz/folder/CGBj3S5S#UT2y_zzEcV8MybIEHvhpGQ
Python For Pentesters:
Mega Link - https://mega.nz/folder/DCRhGKoA#wpRiRdPwtTNeK1cYXYnRQQ
Python 101 for Hackers:
Mega Link- https://mega.nz/folder/qLBFTaDJ#V3FjAQQdBp7flYKrrF8r3g
Learn Python Programming Masterclass: (Its generic Python classes for programmers)
Mega Link - https://mega.nz/folder/OKJTFKqa#9txi45qrFK_OgoefYatLPw
Step - 7
Practice your skills here:
Portswigger:(Try to solve all the labs without solutions)
Link - https://portswigger.net/web-security/all-labs
Pentesterlab: Solve all the free labs(want to gain more knowledge, paid is the best option)
https://pentesterlab.com/exercises
Ctfchallenge:
https://ctfchallenge.com/
Over the wire: Best for to understand and to learn more advanced Linux
https://overthewire.org/wargames/
Tryhackme: Try to solve the free labs
https://tryhackme.com/
Post - thecyberworld
Post/content Update by - xa (Hacksnation.com)
KH. Akrom Sofwan SILSILAH
GURU NGAJI Nabi Muhammad Shollahu 'Alaihi Wasallam Abdulloh bin Umar RA. Syafi’ Maula Abdillah Al Imam Malik bin Anas Asy Syaikh Al Imam Al A’zhom Ibn Abdillah bin Idris Asy Syafi’i (Imam Syafi’i) Imam Abu Ibrohim Ismail bin Yahya Al Mazani Imam Abu Al Qosim Imam Ahmad ibn Umar bin Surej Abu Al Abas Al Baghdadi Imam Ibrohim Al Maruzi Imam Abu Bakar Qofal Abu Abdillah Muhammad Al Juwaeni Abdul Malik ibn Yusuf bin Muhammad Al Juwaeni (imam Haromain) Abu Hamid bin Muhammad Al Ghozali Ath Thusiy (imam Ghozali) Syaikh Muhammad Naisaburi Imam Kamal Ardabili Syaikhul Islam Muhyiddin bin Zakarya bin Syarifuddin Syaikh Hibatulloh Al Baar Syaikh Abdurrohim Al Quroisyiy Syaikh Umar Al Bulqini Syaikh Solih bin Umar bin Ruslan bin Nasir bin Solih Al Bulqini Imam Jalaluddin Muhammad bin Ahmad Al Mahalliy Abu Yahya Zakarya bin Muhammad bin Ahmad bin Zakarya Al Anshori (Syaikhul Islam Zakarya Al Anshori) Syihabuddin bin Ahmad bin Hajar Al Haitamiy (Syaikh Ibn Hajar) Wajihuddin Abdurrohman bin Ziyad Az Zubaedi Abdul Aziz Al Mulaibari Syaikh Zainuddin Syaikh Abdul Aziz Zamzami Syaikh Sulaeman Al Babili Syaikh Ahmad bin Romadlon Syaikh Sulaeman bin Muhammad bin Umar Al Bujaerimi Al Mishriy Syaikh Ali Al Wana'i Syaikh Muhammad Solih Rois Syaikh Abdulloh bin Umar Syaikh Ahmad Zaini Dahlan Syaikh Muhammad Nawawi Al Bantani Syaikh Abu Bakar bin Al Arif Billah As Sayid Muhammad Syatho Syaikhina Kholil Bangkalan, Madura KH. Hasyim Asy'ari KH. Abdul Karim (Mbah Manab) pondok pesantren Hidayatul Mubtadiin Lirboyo- Kediri KH. Mahrus Ali (Pengasuh pondok pesantren Hidayatul Mubtadiin, Lirboyo - Kediri) KH. Akrom Shofwan (Pengasuh pondok pesantren Syafi'i Akrom, Jenggot, Pekalongan) Dzul Qurnain |