This is my attempt to keep a journal of my experience with bug bounty. I want to approach this entire experience coming from a sysadmin and developer background with a lot of vulnerability research on the sides.
I am going to attempt to document my experience, thoughts before and after in the hopes that this may help others.
The reasons I am doing this are:
- Get a better understanding of the bugbounty process and get first hand experience with it
- Get better ideas for making targets for our echoCTF platform
- Learn a few of the tools i never wanted to learn, on the go and on the need, ie force my self to understand what gap each of the tool is trying to fill
- Create a Gitlab and Github pipeline that would allow bugbounty hunters and pen-testers to automate some tasks
- (maybe) Get lucky and score a payout in the process 😊
My trip to the bugbounty world starts at midnight of 25/11/2022. Unfortunately i cannot work on it during the day, so my attempts will have to be more directed and with purpose if i plan on doing anything significant.
WARNING:
- I have absolutely no idea what i am doing.
- I am making fun of my self a lot
- I dont know what i am doing (did i say that already?)
- I am trying to figure this up as i go...
I may occasionally update a previous days entry to include new details. This will mostly include spell checking and inclusion of details that i believe will be useful but didnt have the foresight to include them in the first place.
- day 1 - nothing ever goes as planned and that is a good thing
- day 2 - this new plan will work for sure
- day 3 - lets use some tooling
- day 4 - lets use some more tooling
- day 5 - the best laid plans often go... to waste
- day 6 - GOTO DAY 5
- day 7 - lets focus some more on DNS
- day 8 - insert meaningful title here
Here i will keep my notes about specific tools that i use on my daily attempts. I am trying to document ONLY what i use and not create an encyclopedia.
- CDN specifics
- Useful DNS Commands
- Gitlab specifics
- HubSpot notes
- GraphQL notes
- PHP notes
- Useful
/.well-known/locations - WSDL APIs
The gitlab pipelines collection has started getting bigger and bigger and it makes no sense to keep them here. A new project repo has been created to hold the gitlab pipelines (and future Github actions).