Bug Bounty Hunting or Web Application Pentesting for 2021

A simple introduction,

I am a civil engineer who have no background in web application or similar field, all I had is passion. It's a bit hard for me to get started due to the lack of basics and lack of organized contents. I found many resources and courses out there, but I didn't got it all in one course or resource. Everything is there and there, it's a very time consuming process to found them all out. It took me a lot time to find my first ever bug. So this course will help you find your first bug faster

In this video we will download and install VMWare workstation player to install another os inside our current os

We will download and install Kali linux inside our Vmware

Metasploitable is virtual machine based on Linux that contains several intentional vulnerabilities for you to exploit. Metasploitable is essentially a penetration testing lab in a box, available as a VMware virtual machine

An understanding of linux by a simple walkthrough of linux

A detailed understanding of basic terminal commands we will use throughout our journey

In this we will discuss about the basics and how the web works

OWASP Top 10 is the list of the 10 most common application vulnerabilities. It also shows their risks, impacts, and countermeasures. Updated every three to four years, the latest OWASP vulnerabilities list was released in 2018. Let’s dive into it!

Go is a statically typed, compiled programming language designed at Google.

Just like python so many tools we are using are written in go so in order to install and work them we need golang go installed in our kali machine.

We will install some tools used in our hunting

Nuclei is a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use.

Nuclei is used to send requests across targets based on a template leading to zero false positives and providing effective scanning for known paths. Main use cases for nuclei are during initial reconnaissance phase to quickly check for low hanging fruits or CVEs across targets that are known and easily detectable. It uses retryablehttp-go library designed to handle various errors and retries in case of blocking by WAFs, this is also one of our core modules from custom-querie

• Introduction to Burpsuite

  How it works and why we are using it

• Setting up

  We have to configure burp with our browser in order to proxy it. so this video will show you how to set them up easily

In this lecture we will learn about using burpsuite, explained all functionalities of burp

A simple explanation about how bug bounties are working

Bugcrowd is a well known bug bounty platform and this video will explain about everything

Other than public bug bounty platforms like hackerone and bugcrowd many companies have their own bug bounty or responsible disclosure programs and here we will how to find them how can we report on them

Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell

After we learned about it's working and more, we have to practice more than we have done here so for that I will show you some labs that you can practice to learn more

We will exploit the functionality to upload a reverse shell to the server and will see how to get a connection back to our system

Sometimes websites restrict users from uploading files other than required one's such as in case of profile pictures they may restrict users from uploading files other than image type like jpg,png etc. So in this lecture  we will learn the methods of bypassing them

Will go through some hackerone disclosed reports and so that we can learn many more methods of exploiting the upload functionality

An attacker can use Local File Inclusion (LFI) to trick the web application into exposing or running files on the web server. So sometimes we can read sensitive files inside the web server which is mostly considered as a critical vulnerability

Other than just accessing or reading sensitive files we might be able to read some files such as logs which we can change the values and add arbitory codes to them and as a result we will be able to get the complete access of the computer that hosts the website. So this lecture will teach you how to do that.

As in the previous lecture we have seen converting LFI into an RCE and this is also same with another file or we can say another method

Using remote file inclusion (RFI), an attacker can cause the web application to include a remote file. This is possible for web applications that dynamically include external files or scripts. Potential web security consequences of a successful RFI attack range from sensitive information disclosure and Cross-site Scripting (XSS) to remote code execution and, as a final result, full system compromise

Developers often leaks sensitive data in the Github Repositories mostly by mistake, they may include api keys, admin credentials, PII info, and many more. After this lecture you will be able to find them out easily

There might be sensitive files or other credentials exposed to public or may be in script files, let's discuss about them

Cross-site scripting is a type of security vulnerability typically found in web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. If you are unfamiliar with them this will give you an introduction to XSS

Reflected cross-site scripting (or XSS) arises when an application receives data in an HTTP request and includes that data within the immediate response

Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.

We all know the best way to learn in depth is to practice more and now we are going to practice more and more

SQL injection usually occurs when you ask a user for input, like their username/userid, and instead of a name/id, the user gives you an SQL statement that you will unknowingly run on your database.

After this lecture you will be able to find the injection points and run basis SQL queries

In this lecture we will learn how to find more details of database and other server info

This lecture will show you how to find the names of databases and tables on the server after finding an injection point.

After enumerating database and tables we need to try to read inputs inside tables to find info such as usernames and passwords of all the users

Now we have learned about SQL injection and LFI also. Other than just reading inside database we might be able to read files inside the server. This lecture will show to do that.

Everything we have done in this section is by manual, and this can be easily automated with tools installed on our kali machine.

And this lecture will deal with how to automate SQL injection

Blind SQL injection is a type of SQL Injection attack that asks the database true or false questions and determines the answer based on the applications response. This makes exploiting the SQL Injection vulnerability more difficult, but not impossible so let's see how it's done

This is an Account Takeover Vulnerability I found earlier which is now solved and this is an explained video of finding them out and exploiting them

This video includes introduction to Web cache poisoning and finding them and exploiting them