The world of bug bounty hunting is filled with thrilling moments when some simple recon techniques lead to a major vulnerability discovery. Omar Sha Rafi from Bangladesh shares with us the process of discovering and exploiting multiple vulnerabilities in a popular music streaming platform. Due to the confidentiality of the program, all sensitive details such as domain names, IP addresses, and credentials have been redacted.
Summary:
● Found an exposed IP via Shodan and identified open ports using Naabu, leading to further investigation.
● Discovered admin email leakage and internal app details through brute forcing directories.
● Downloaded and Decompiled an APK that uncovered hardcoded AWS credentials, enabling unauthorized access to S3 buckets.
- Part 1: The Starting Point – Shodan Search and Discovering the Origin IP
- Part 2: Full Port Scanning with Naabu
- Part 3: Directory Brute forcing with Ffuf
- Part 4: Leaking PII – The Users Endpoint
- Part 5: Exposing Development Information – The Apps Endpoint
- Part 6: Decompiling the APK and Finding Exposed AWS Keys
- Part 7: Using AWS CLI to Access S3 Buckets
- Part 8: Root Cause of the Vulnerability
- Part 9: Protection Measures for AWS Keys
User activity: Follow @TecnoSRC and like this post, we will randomly select 10 users to give away 10 security credits!
Top comments (0)