How to think out of the box with @s0md3v
Posted in Articles on April 11, 2019
Posted in Articles on April 4, 2019
Hey hackers! This is another AMA on the topic of: How to think out of the box?
If you haven’t checked out the other ones, they’re at https://pentester.land/categories/articles/.
And the podcast episode that started this whole series is The Bug Hunter Podcast 4: Bypassing email filters & Thinking out of the box.
While preparing it, I wanted to include advice from different bug hunters. So I asked several hackers these 3 specific questions:
@gwendallecoguic was one of the awesome hackers who responded. Here is his advice:
Some weeks ago, someone on Twitter asked what tools we use the most for hunting.
My reply was (initial answer was french but here is the english translation):
Imagination. In #bugbounty technical knowledge is not so important, you just need to do what other peoples don’t, because they didn’t think about it or because they were lazy, success guarantee.
Being honest, it’s hard for me to think out of the box because I am a developper since a very long time now so I always think like a developper, it’s in my blood. A hunter who doesn’t have any technical background will be able to think different. For me it’s hard. What I try to do is to read (technical) security resources as much as possible and I usually get new ideas from there.
For that reason, my advice will not be exactly about thinking out the box but it’s more a general point I was able to notice several times while hunting. It’s the second point of my answer about lazyness.
Whenever you feel that a task is boring, be sure that other hunters feel the same. So if you can pass over that feeling, then you will find what other missed because they gave up. I remember a program where I was successful. Using directory brute force I firstly found a .git directory. Many hunters would immediately report an information disclosure. But after grabbing and studying the code, I found a RCE. Another example is from javascript files. It can be very tedious to extract endpoints, find parameters, good value etc… but again if you persist it will pay for sure. I will finish with my best success, it’s also a nice example of obstinacy, to not give up when things become hard: http://10degres.net/aws-takeover-ssrf-javascript/
That’s it :)
What I wanted to add is, often you will hear something like “root is a state of mind”. For me it’s really relevant. Hunting is like every sport, 50% about skills, 50% about spirit and 10% of luck :)
If you enjoyed reading this, please consider sharing it, leaving a comment, suggestions, questions…