Four Digit Bounty($$$$) in 10 mins
Hello Researchers,
I hope you are doing awesome and learning something new everyday.
In today’s write up I will be discussing about my recent finding. So without any further delay let’s get started.
Recon and information gathering is the main and most important part of hunting as you all know. Everyone is having their own methodology of Recon process and hunting for vulnerabilities. I use multiple tools for my recon process and always try to gather as much data as I can using open-source tools as well as dorking and all.
What is Shodan?
Shodan is a search engine scanning the entirety of the internet for connected devices. Shodan is similar to more well-known search engines like Google, but instead of indexing websites, Shodan indexes each publicly available device connected to the internet.
Shodan can discover a ton of devices, from home baby monitors to the SCADA systems that are used to run a variety of industrial processes, from water treatment facilities to power plants. Academics, governments, and cybersecurity professionals use Shodan for a variety of reasons, including network security analysis and market research. Shodan can show developers how many users have installed the latest patch, and it can ping subscribers when a new device is added to their enterprise’s network.
How to find juicy and sensitive data using shodan?
Use shodan dorks for finding sensitive data and information about the target. attaching the link of dorks and writeup here.
I was hunting on Google’s program for the vulnerabilities after some time gathering some info I started gathering and finding some portals, login pages and found one interesting IP address. I opened the IP address and I was shocked after checking the data present there. That endpoint was exposing much critical data than we could think of including server configuration files, sql database url, usernames and passwords as well as credentials for multiple dashboards and mainly secrets that no one should get access of.
I was so amazed happy that I was going to get huge bounty ;)
So without any further delay I reported the thing to Google and was eagerly waiting for the Google’s response and bounty reward. I thought this would be the reward amount.
But unfortunately Google replied that it was customer’s data and they cannot accept this as vulnerability.
I became sad by the response. After few days I reported same kind of vulnerability which I found using Shodan to Microsoft and they also reverted the same but after that I reported that to client and it got accepted. Although I didn’t got the bounty as it was VDP.
Based on above thing I thought why I can’t do the same for the previous one so I started finding the client who’s that was belonging to.
I was right I found client name after going through the source code and some files after that I searched for the company if that really exist or not. It was there and I reported the vulnerability to client. Within 2 hours I got reply from them and they patched the vulnerability and rewarded me the $$$$ bounty.
Takeaway:
“When giant companies like Google, Microsoft revert us the vulnerabilities that we have found belong to clients(as they provide cloud services and companies might use their services for hosting servers) and not to them make sure you report it to the client 😛”
Never Give Up !!!
If you want any kind of help please feel free to contact me on LinkedIn
Thank you !!!