How i Hacked into a bugcrowd. public program

Hello to all readers,

This article is about a remote code execution that i found in one of highest paying public program on bugcrowd. Offcourse for privacy purposes, we will not disclose the name of the program, so lets call it site.com

Cyber security pioneers emphasize on the fact that if you want to hack a target whether it be a Website, a Mobile app or an IoT device, you should follow the six step methodology.

This is what most researchers and bug bounty hunters fail to follow. Every hack has to be carried out via the methodology otherwise chances of success decrease drastically. This article about me following this simple approach and Hacking into

Step No#1: Information Gathering

Firstly, I visited the Bugcrowd program

I saw their scope is wide *.site.com

Step No#2: Network Mapping

Next i used the knockpy tool to look for sub domains on this host

From that tool found a number of unused sub domains which lead me to narrow down my search one in particular that was utils.site.com

Step No#3: Vulnerability Identification

onto which i did a simple port scan which revealed using JBoss AS version 4

I found that A remote code execution vulnerability exists in the version

Step No#4: Penetration

Next i used jexboss tool to test if the exploit was valid or not

and

I downloaded the executable exploit file from exploit-db and executed the exploited :)

One thing i have learned over the years is that if an application is tested thoroughly and with complete focus, there is always something that one can find, we just have to be willing to look into it a little deeper

thanks shahmeer :)