My findings on Hack U.S Program

2 min readAug 30, 2022


hello everyone myself charan (also know as falcon_319) in bug bounty community and i am occasional bug bounty hunter and agriculture student.

Today i am going to share about my findings and experience on Hack U.S program.

before starting into reading i would like to mention how i started hacking on DOD i came to know about Hack U.S program from twitter so initial as everyone i was so exited to hack on Hack U.S. but i have very limited time due to university and health issues anyhow i fired up my laptop and navigated into scope page where it was huge scope and here fun begins

so let’s begin.

1)Publicly accessible GIT directory https://redacted/.git/[ redacted] [status-duplicate]

As everyone know DoD program was huge i clearly don’t have idea from where to start from the scope.

but anyway i decided to get all subdomains ips from shodan and fuzz for endpoints and sensitive files.

shodan command

ssl:"" 200

while fuzzing for ips i have found /.git/ directory i immediately reported this findings any way sadly this turned into duplicate submission

2)unauthenticated access to Redacted leads to attacker can create frameworks or delete them [status accepted as high].

while fuzzing my shodan ips i have came across one endpoint


where it presents without any authentication where i was able to create or delete frameworks luckily it accepted as high and they paid 500 USD

there is also one endpoint https://redacted/#/configuration where i was able to change configuration details

3)sensitive information disclosure on open public repo which leads to access to [redacted] [triaged as medium]

while navigating to scope section i was also able think about looking for github leaks where i didn’t have that much luck with github recon i still decided to to look for it i came across many subdomains where it all protected with login portal so initial dork i was used.

“” password

after 30 minutes i came across one github repo where it stores password as clear text and URL to access it i immediately decided to try that creds luckily it works and i reported sadly it traiged as medium severity.

overall i get paid for one bug only which was unauthenticated access to frameworks

Thanks for reading :)