hello everyone myself charan (also know as falcon_319) in bug bounty community and i am occasional bug bounty hunter and agriculture student.
Today i am going to share about my findings and experience on Hack U.S program.
before starting into reading i would like to mention how i started hacking on DOD i came to know about Hack U.S program from twitter so initial as everyone i was so exited to hack on Hack U.S. but i have very limited time due to university and health issues anyhow i fired up my laptop and navigated into scope page where it was huge scope and here fun begins
so let’s begin.
1)Publicly accessible GIT directory https://redacted/.git/[ redacted] [status-duplicate]
As everyone know DoD program was huge i clearly don’t have idea from where to start from the scope.
but anyway i decided to get all subdomains ips from shodan and fuzz for endpoints and sensitive files.
shodan command
ssl:"target.com" 200while fuzzing for ips i have found /.git/ directory i immediately reported this findings any way sadly this turned into duplicate submission
2)unauthenticated access to Redacted leads to attacker can create frameworks or delete them [status accepted as high].
while fuzzing my shodan ips i have came across one endpoint
where it presents without any authentication where i was able to create or delete frameworks luckily it accepted as high and they paid 500 USD
there is also one endpoint https://redacted/#/configuration where i was able to change configuration details
3)sensitive information disclosure on open public repo which leads to access to [redacted] [triaged as medium]
while navigating to scope section i was also able think about looking for github leaks where i didn’t have that much luck with github recon i still decided to to look for it i came across many subdomains where it all protected with login portal so initial dork i was used.
“target.com” password
after 30 minutes i came across one github repo where it stores password as clear text and URL to access it i immediately decided to try that creds luckily it works and i reported sadly it traiged as medium severity.
overall i get paid for one bug only which was unauthenticated access to frameworks
Thanks for reading :)
