My findings on Hack U.S Program

1)Publicly accessible GIT directory https://redacted/.git/[ redacted] [status-duplicate]

As everyone know DoD program was huge i clearly don’t have idea from where to start from the scope.

ssl:"target.com" 200

2)unauthenticated access to Redacted leads to attacker can create frameworks or delete them [status accepted as high].

while fuzzing my shodan ips i have came across one endpoint

3)sensitive information disclosure on open public repo which leads to access to [redacted] [triaged as medium]

while navigating to scope section i was also able think about looking for github leaks where i didn’t have that much luck with github recon i still decided to to look for it i came across many subdomains where it all protected with login portal so initial dork i was used.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store