60 Days Of 120 Days High Frequency Hacking

2 minute read

60 Days and Counting

This article will act as a small read for a “check-in” regarding 120 days of frequent hacking along with Kuldeep. I will be brief with main takeaways that were learned during the month either technical and practical as different circumstances came up. I have to congratulate congratulate Kuldeep who got 14 accepted reports this month, an example to follow.

Kuldeep’s Finds

After talking with Kuldeep and having the chance to share some of our findings, it was great to see persistence and hard work towards his hunting journey which he focuses on different issues and makes efficient use of analytics in Synack Red Team. Some good takeaways from his finding were:

  • Writing readable and reproducible reports for faster payouts.
  • PoC GTFO
Vulnerabilities, Patches, and Missions Status Resolved
Suspected Vulnerability Confirmation Accepted $20
Root Detection Bypass Accepted $0
Exposed WordPress Login Panel Accepted $100
Exposed Drupal Login Panel Accepted $100
[Mission] Properly Signed App Accepted $25
[Mission] Sensitive Data Exposed Via IPC Mechanisms Accepted $50
Multiple Time Based SQL Injections Accepted $4000
Path Traversal Accepted $850
Reflected XSS With Generic ASP.NET WAF Bypass Accepted $330
Jira Username Enumeration Accepted $179
[Mission] HTML Injection Accepted $50
Login Authentication Bypass Accepted $0
Patch Verification Accepted $50
[Mission] Session Management Schema Bypass Accepted $50
[Mission] Authentication Schema Bypass Accepted $50
[Mission] Role Definitions And Privilege Escalation Accepted $50
Broken Access Control Allowing to Execute SQL Statements Accepted $626
[Mission] ORM Injection Accepted $50
Reflected XSS Accepted $33
Reflected XSS Accepted $33
Reflected XSS Accepted $330
Information Disclosure Accepted $50
Multiple Error Based SQL Injections Rejected Quality Period
Exposed Jira Login Panel Rejected Quality Period
Broken Access Control Allowing to Execute SQL Statements Rejected Wrong Category
JWT Secret Key Disclosure Rejected Out of Scope
OGNL Injection Leading to RCE Rejected Low Impact
OGNL Injection Leading to RCE Rejected Low Impact
Information Disclosure Rejected Report Merge
Information Disclosure Rejected Low Impact
Suspected Vulnerability Confirmation Rejected Low impact
Logcat Information Disclosure Rejected Quality Period

Total Earned: $7076

Sam’s Finds

This month was not consistent as the past month due to external circumstances such as work, college, and partying, so time spending hunting was not on the schedule this time which explains the poor results. As it is my first time trying to hunt despite having external matters, this made me realize the importance of having priorities set when hunting. Therefore the following takeaways were gathered.

  • Set up a time and space exclusively to hunt.
  • Focus on your return of investment when having less time to hunt.
Vulnerabilities, Patches, and Missions Status Resolved
Full SSRF Leads to Access Internal Hosts and Bypass Authentication Accepted $1500
Remote Code Execution Through OGNL injection Rejected Not Enough Information
Partial Boolean Based SQLi Accepted $150
Exposed Drupal Login Panel Accepted $100
Overall Missions Accepted $125

Total Earned: $1775

Takeaways and Conclusion

Calculating your return of investment can be something complicated to do which I’m still learning how to manage it which comes to the conclusion to be centered on certain functionalities of a web application and find impact worth paying bugs. Besides that, not wasting time and being consistent and discipline shows results as Kuldeep has shown us.

Thanks for making it to the end!

If you want to chat or just connect, feel free to shoot a direct message on Twitter.

Updated:

Leave a comment