I recently found out that I love OSINT challenges. It’s fascinating how much info you can find on the web just lying around. I love that you have to “join the dots” of different info to come to the truth. For those new to the term, OSINT is, according to wikipedia:

Right after the quarantine ended I had a mini burn out for more than a month, where I didn’t even bother to try and hunt for bugs. After those one and a half months of trying to find my motivation again, I found a XSS that required a bit more thinking than the typical javascript:alert(1) cases.

Identify:

• waybackurls + hakrawler + gf

  1. cat subdomains | waybackurls | tee -a urls

  2. cat subdomains | hakrawler -depth 3 -plain | tee -a urls

  3. gf redirect urls

HTB is a great place for anyone to practice their hacking skills. It doesn’t matter if you’re a beginner or a seasoned security professional, it has all sorts of machines to challenge your skills. After spending many hours, trying to root as many boxes as possible, I observed that I tend to forget certain techniques and commands that would make my life easier.

While I’m stuck at quarantine like the rest of the world, I have more time to work on my web app hacking skills by doing some bug bounties. From those bugs that I found in this long BB session of mine, I got to report my first Unrestricted File Upload.

In another bug bounty session of mine, I came across a bounty program of a “Contract Review” company.

I was searching for bug bounty programmes by using google dorks, when I came across one by a company, let’s say, Example Inc. They had a relatively big scope and I thought I’d give that a try.

This is a write-up about a weird XSS vuln I found, that made me think I was losing my mind.

I enjoyed Lightweight, as it was kind of a different box from what I’ve come across, especially in the user part.