How i Hacked into a bugcrowd. public program

vishnuraj
vishnuraj
Feb 25, 2018 · 2 min read

Hello to all readers,

This article is about a remote code execution that i found in one of highest paying public program on bugcrowd. Offcourse for privacy purposes, we will not disclose the name of the program, so lets call it site.com

Cyber security pioneers emphasize on the fact that if you want to hack a target whether it be a Website, a Mobile app or an IoT device, you should follow the six step methodology.

This is what most researchers and bug bounty hunters fail to follow. Every hack has to be carried out via the methodology otherwise chances of success decrease drastically. This article about me following this simple approach and Hacking into

Step No#1: Information Gathering

Firstly, I visited the Bugcrowd program

I saw their scope is wide *.site.com

Step No#2: Network Mapping

Next i used the knockpy tool to look for sub domains on this host

From that tool found a number of unused sub domains which lead me to narrow down my search one in particular that was utils.site.com

Step No#3: Vulnerability Identification

onto which i did a simple port scan which revealed using JBoss AS version 4

I found that A remote code execution vulnerability exists in the version

Step No#4: Penetration

Next i used jexboss tool to test if the exploit was valid or not

and

I downloaded the executable exploit file from exploit-db and executed the exploited :)

One thing i have learned over the years is that if an application is tested thoroughly and with complete focus, there is always something that one can find, we just have to be willing to look into it a little deeper

thanks shahmeer :)

InfoSec Write-ups

A collection of write-ups from the best hackers in the…

vishnuraj

Written by

vishnuraj

Security engineer | OSCP | ! Note: blog post‘s are doesn’t represent my employer by any meaning and was performed during my free time. |

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew

vishnuraj

Written by

vishnuraj

Security engineer | OSCP | ! Note: blog post‘s are doesn’t represent my employer by any meaning and was performed during my free time. |

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store