Adventures in Bug Hunting Part 1

For some time I have been trying my hand at bug bounty hunting. Something I've come to enjoy doing. It's been a learning process (and continues to be), and I love the "thrill of the hunt." Ironically, my first acknowledged bug wasn't an XSS or a SQL injection that I found, or even an IDOR. It was a compromised website that with the help of my friends at Lost Rabbit Labs, were able to determine a few things and report to the appropriate sources. 

In the process of bug hunting arguably the most important aspect of it, and hacking in general is information gathering. How can you hack something you know nothing about? I did the usual DNS/subdomain gathering, using things like nmap, and then using the handy dandy ffuf for further testing. I also was allowed to use Wisquas, a versatile tool developed by LRL. It's a lot like a vulnerability scanner, and is extremely useful! (I recommend checking them out, and WisQuas. https://lostrabbitlabs.com/). Within this tool they have a wide variety of things but for our story one of the results we were walking through was a subdomain. In the results the subdomain lists the domain name, HTTP responses, content size, etc. While evaluating this we discovered something suspicious. Part of the domain had an odd prefix. Something along the lines of qwe12243. It seemed out of the ordinary as the rest of the domain was something like "accounts.com" etc. We dug further and started finding other domains with prefixes like "slotmachines" etc. "gamblingfun" and so on. We concluded this was most likely an *actual* compromise of the domain itself by an outside group. My friend Jimi also recognized that this was a similar to a Thai or Chinese hacking group campaign, though we never confirmed it. The pages themselves were full of Thai, and odd slot machine animations. We didn't do a lot of digging into it to see if it was legitimately from any significant nation state or other, but nonetheless the find was pretty surprising. 

I ended up informing the organization asap and got in contact with their Cyber team, as I didn't think it was appropriate for a "bug" on bugcrowd. They fixed it quick and I was happy to be able to help out. 

It didn't result in a monetary reward, or anything special but for me being able to find that and report it to minimize damage was a big win. My main love of hacking is being able to break stuff, sure. But to also help people and find flaws so that they can be fixed. For me finding this was also fun because it felt like I stumbled upon something by accident in a way, but it was also significant. Goes to show you never know what you'll find on the world wide web! 

I am making this a multi-part series to share my adventures in bug hunting. It's fascinating what exists on the internet, and while I learn and grow I am sure I will find more things to write about. Until next time!

BlackCatt :)