Это видео недоступно.
Сожалеем об этом.
Microsoft IIS Server mass Hunting | Bug bounty poc
HTML-код
- Опубликовано: 20 фев 2024
- Disclaimer: This video is for strictly educational and informational purpose only. I own all equipment used for this demonstration. Hacking without permission is illegal so always ensure you have proper authorization before using security tools in any network environment. thanks.
in this video i am going to show you how to hunt for microsoft iis vulnerability and you can report it in bug bounty program and earn good bounties..
![Mary J. Blige - Breathing (feat. Fabolous) [Official Video]](http://i.ytimg.com/vi/snMHObq-6E0/mqdefault.jpg)
today on quick ways to meet the feds...
mullvad vpn: you sure about that?
Great video! Great music! Great finds! I'm going to get shortscan because of you. I've not heard of it before, that I remember at least. Plus, some this vulnerability is interesting, and the Burp Suote plug-in is great. Hehe
thnq so much its means a lot for me 😇❤️
Plus, this* Suite*
@@lostseccYou're welcome a bunch! Thank you, too! My pleasure. Shalom.
@@lostseccI installed shortscan manually and via the go install, and neither worked when I tried to launch shortscan. Shortscan doesn't appear in blue when I try to use the tool. Would you be aware of what's going on?
you need to move that binary to usr/local/bin directory
That's interesting how you found those domains like that by finding people who didn't update the default IIS home page. I recognize some of the domains from work and may reach out to get them to secure their stuff. I try to warn them to not leave their servers so vulnerable but they really think no one can access something unless they put out the URL.
I like this video because its very educational and hope it spreads more awareness
❤️😇
Is this you finding this bug without any prep? I barely understand what's going on but it's incredible to see this in real time and see you complete a thousand dollar bug within 17 mins. The amount of time and effort you must've put in to hack at this level is incredible
Thnq so much for supporting my brother ❤️😇 i also reported many iis bugs to Dell bug bounty program..
I got one too just 30 mins before in a sub domain because of your video it helps me to find it😊 in the beginning i did not know, those also can be counted as a bug until i see your video.... Thank you for making me motivated and information
happy to see my videos help somone ,❤️😇
Can you tell more about your finding 🎉
By the way the 'scan interrupted' error that you were getting was because when you pasted the url in burp suite you didnt remove the space at the end. Try removing the space and then it wont give you an error. Great video overall
yes i noticed it bro thnq you so much 😇❤️
that triggered me.
I’m interested in knowing how you’re running bash in the windows command prompt
WSL
he can also install bash and hook it to the path without the wsl rabbitwhol @@ikken
What did you even accomplish that you can't with simple keyword fuzzing? Seems like a pretty dumb attack to have to look for tilde exploit vulnerable hosts rather than fuzzing all
its not just a fuzzing that exploit more thing then fuzzing stuffs..its use ~ character and all methods like get post patch stuffs etc
Great video! Please create a video about how you setup kali with tools using wsl
sure ❤️
where did u study bug bounty from? or even ethical hacking. i want to start learning it myself
youtube & tryhackme & portswiggerlabs is enough
@@lostseccyou're real gem 💎 dude
I want to point out something, when you started putting the URLs in the burpsuite extension on some of them you added a space, that is the reason why many of them return invalid host name. you can clearly see that on the ones that don't have a space at the end the scan started normally, unlike the ones with the added space.
ywah i know bro i noticed after making video ❤️
Thank for your POC, It's very usefull.
❤️😇
Greatly underrated man,
love the music ;)
❤️😇
Well done, what a wonderful thing ❤
thnq so much brother ❤️
OK, the good things first:
1. Good Music
2. Good walkthrough
3. Good tool
4. Good Browser Extension
5. Good Burp Extension
Now, the bad:
This bug (unless you find something significant which you can exploit, and proof that can be exploited), will not be considered for bounty. Trust me, I've tried it in many many MANY programs and got all N/A, Info at best. However, this can help to enumerate more directories and find vulnerabilities inside them where others failed to look.
this is only effective if you find some sensitive directory there otherwise its not worth to report..
Thanks for this video bro 😍
amazing content dude, keep it up!
thnq for supporting brother ❤️
what i saw in this video was scanning - im not sure where the 1000$ is in there
by scanning this you also get sensitive files from the internal server
thats just a clickbait to get views and clicks
google what is microsoft iis tilde vulnerability
Information disclosure of sensetive data. @@shamim_12
I am doing it for "Educational Purposes" good vid, avoid this sound track if you care about monetization in future.
nice video, good POC, i definitely find this cool, just getting more into ethical hacking and shit from game hacking, this is cool.
yes bug hunting is cool field you can earn much money in bounty no any limits...
Bro you are truly "GOD" love your work very very helpful ❤💯
love you brother ❤️😇
so what is this actually?
hey friend just asking, it does give you some money by just searching for vulnerable servers and then issuing a report for the owner? Or do you think BBP is better?
hunt on bugcrowd,hackerone,intigriti they will.pay you..
that extension with the sql injection stuff?
extension name: Hack tool
And the URL extractor's name?@@lostsecc
Amazing tutorial 🎉❤
😇❤️
when you pasting the links in burp, last portion of the link appears a space. thats why may be it shows scan interrupts
yes,brother ❤️
amazing tutorial
thnq so much bro 😇
@@lostseccdo you know how to decrpyt and inercept all https(TLS 1.3) data in my wifi of my other devices
@@lostseccand can you tell me ,all extensions in firefox you use
hacktool / link ghoper / find something /
use wireshark
Remove the trailing spaces after pasting the url's for a 1000% more successfull scan attempt! Interesting video though!
thnq so much 😇❤️ i noticed that after video upload bcz i tried this first time so i did'nt notice that
May I ask, when you opened the sites you found with Durk, after that you found the Windows Server sites with a plugin??
you can find window iis vulnerability there
@@lostsecc I know, but how did you find the address of the Windows sites?
If you can give me your telegram ID, I can send you a message
@lostsec
@@lostsecc thanks
name of extension that give you paths ?
link gopher
I have a problem with install shortscan can't i installed from github but can't build | i already have go please haw can i install it
What error are you getting, maybe downlod the release compiled version
Good stuff brother
Thnq brother ❤️😇
Can you search for vulnerabilities in the termux terminal to start with the bonty bug?
i dont use that
@@lostsecc Ok and what do you recommend for me to start in that bug bonty world?
If you are already aware, please ignore this:
(Your IP is shown, if you are using VPN, then don't mind :) )
yes its ip vanish vpn ip best one they dont share logs to anyone..
Amazing video bro keep it up i learned somenew thing todya can i get those extension names ?
thnq for supporting brother ❤️😇
That terminal of yours is because you have a server or is it just Windows emulator of Linux Terminal?
i think hes probably just using the linux subsystem for windows. Not a very good solution. If you wanna start pentesting, please just install parrot
cmd with the baisects hookedup using the path should do if he cant operate 2 systems at once windows still up @@peptobepto
Great video man.. Also, hpw are you using the httpx-toolkit command?? I want to useit but I find no way to install it and use it as you are, do you have the installation guide or any github repo where i can install it?? thanks man!
just type sudo apt install httpx-toolkit that it
is this we can report as aa vulnerability in bug bounty program if possible wht is the ulernability name
microsoft iis tild
how did you make that thing in the cmd like what is coffinxp
terminal but he changed background,name,icon it is indeed linux terminal
1:05 bro, what's the name of this extension..?
Do you use a custom wordlist for this the scan?
nope
this song of mr robot ?
yes
forget forget
so, what is critical information we get from server this methode ?
internal sensitive files information disclosure
Dude, i literally found like 10 min ago a IIS main page xD ill run this on it
niceee ❤️🔥
@@lostsecc quick question sir, turns out, those 2 IIS i found on a bug bounty program, were vulnerable to "iis tilde enumeration".
Should i make like 2 reports or 1 report for the 2 urls? (different domains, but same program)
make two reports first day report one second day report another high chance for more bounty..make sure you find some senstive directory or files..
How are you using Linux terminal on windows?
its wsl2 kali
Is that response headers bookmark for BHD?
what is bhd ?
amazing bro, keeps making videos
thnq brother ❤️😇
hey why i find you in every pen testing video XDD
Shortscan is not working in mine system , can you please guide me for that
dm me in telegram @lostsec
what is the extention name u used for extract subdomains
link gopher
Are you using a virtual machine ?? Good video bro
no, its wsl2 with kali linux
what plugin u use that for payload sql
what plugin
@@lostsecc in ur firefox, that u input sql
Bro, I don't know why but shortscan is not working, showing fatal error, not connecting to server. Please help bro
uninstall and install again
maybe bcz of missing packages
Everything's fine but why you are using that bloated spyware of gill bates..?
which one
what linux subsystem are you using?
kali linux wsl2
@@lostsecc thanks, also nice that you responded so quickly
My fav part was when you just exposed your IP address on the captcha
you think i am skidd ? 😂 thats my ip vanish vpn ip 😉
@@lostsecc it literally says comcast lol
@@lostsecc Since when do ip vanish own comcast ips lol but well done providing the extact time and date that dynamic ip was used I'm sure you will recive a letter in the mail soon ;)
it was not mine isp ip its from vpn bruhh i checked it.. they also provide anonymous security..
@@lostsecc lmao it's comcast... they have a direct agreement with NSA.... since they are a US company lmao
mereko yahi same bug mila isme ham shortscan ka screenshort laga sakte hai
extensions names? please
Bro. What are the mozilla plugins u have installed
i will share all.list soon
Who do you report finding this bug to? Microsoft or the government or who?
i just made it for yt
amazing. can you share your terminal background
walpaper ? or theme
that skull background
@@lostsecc
www.pinterest.com/pin/653514595912182033/
That's very great video, anw could you share your extensions when doing bug bounty ?
i will share in my telegram channel
@@lostsecc that's very quick respond, anw looking forward for this xD
Any guide to setting up windows😊
sure
Great content brother.
thnq so much brother ❤️
u Just gained a sub
my pleasure ❤️😇
Keep going , thanks for sharing ❤
❤️😇
what is the add on u used at 15:44?
Hack tools extension
I am having difficulty installing the tool. Can you help me please?
yes
bro stop using automated tools and templates, show us your craft by 0days on the shell hard coded then Mr.Robot song theme will get along, anyway nice work buddy keep up 👍
in have surprise for you soon i will post some mr robot thing in community tab
@@lostseccyeah bro keep inspiring me
what WSL u using?
wsl2
Nice! Cool bro!
thnq bro ❤️
is this similar to directory bruteforcing??
ys
ok@@lostsecc 👍
but what are the links you got in the end of the video ? i didnt get it is it like leaked users data or something ?@@lostsecc
yes its leaked sensitives files of internal server..
Seemed like you weren’t authenticated to any of the sensitive data. What is the IIS vulnerability you were exploiting? Was it just to files that are supposed to require auth but weren’t?
You consider yourself a skid? I want to know if this is real stuff like a stuff a hker can do cuz it seem like you got some knowledge but your using other people tools soo yeah i mean it still counts as skid? I sure that i am not better than you but just wandering if its still count as a skid thing?
i got many halloffames not by using these tools..i also do manual testing but for some task you need tools bcz that is part of hunting all people use tool like subdomain finder httpx waybackurls so without tool you can go in deep hunting...but dont relay only on tool..
what do you mean by manual testing can you explain it if you dont mind :)
@@lostsecc
how many time to find target like dis
just found randomly
good luck 😊
😇❤️
5:12 There is a space in URL ;)
yes bro i noticed ❤️
after getting all these links whats the point? Im not a bug bountier is it worth?
you will find some internal sensitive files and directory by this..
so these links are indeed users pages but you gain access on them ?@@lostsecc
bro go install not worrking could you help me how to install tool
maybe verison issue dm me in telegram @lostsec
can you pleae share that skull image in your terminal?! that is AMAZING
msg me in telegram @lostsec
@@lostsecc i can't find you. that username doesn't exist :/
t.me/lostsec
Can you give the name of extensions on your browser? I want to test them
hack tools & find something
thanks@@lostsecc
Mr Robot Music nice
but url says 403 Forbidden
yeah ignore that if you want you can bypass but they will not bypass easily so..better to focus on other domain
namoral sou mt seu fã mno palavra de hqk4r obg pelo conteudo
❤️
and last thing please don't use gui precisely burpsuite, try to do it on the terminal it's way cooler
ok sure
where did u learn bug hunting brother??
google & linkdin & twitter & medium & portswigger academy & tryhackme & bwapp & youtube & github
Interesting ...❤
Toji u r the best, How i can install shortscan
github.com/bitquark/shortscan
Great thanks
❤️😇
Love the music
❤️
@@lostsecc bro i want a roadmap to pearn this things can you tell me
5:00 - those domains were working, but that space after pasting ruined everything :D
yes i noticed it bro ❤️
lol the reason you get invalid host is probably due to the space after the url
yes i noticed bro ❤️
Wait this is vulnerability 😮😮 i got iis server of a domain but I thought this nothing to report but what, and one thing this is it ? I mean what next ? And can you tell me what extensions you are using !!!
just use shortscan with -F flag and after getting dir or file link open it
@@lostsecc is that it ??
@@naveenrawat1549 don't do this kind of bullshits in random websites like this lostsec guy. Just a waste of time and this video is all clickbait.
isnt it better to use shortscan ?
alrady use in this video
@@lostsecc my bad mate
@@lostsecc can you tell me whats the extension you are using ?
its link gopher and find something and hacktools.
@@lostsecc appreciate it mate
I need a pro burp
dm me in telegram
Bro
How you find subdomain in begning scan
subfinder -d domain.com -all -recursive -o subdomains.txt
Hello bro can you teaching me web application penetration testing
learn from portswigger academy free
what extensions are you using
find something & hack tool
thank you@@lostsecc
addons.mozilla.org/en-US/firefox/addon/findsomething/
bro could you share this tool i try to install with 'go install' but this is not working
direct install binary and move to /usr/local/bin
@@lostsecc I don't quite understand what you mean.should I clone the tool with "git clone" and then mv it to /usr/local/bin?
I don't understand what you mean, should install the tool with 'git clone' and then mv /usr/local/bin?@@lostsecc
is that.. comic sans..
ys
how to use this terminal, cmd on windows bro thanks in advance
goto microsoft store install window terminal and then install wsl2 with kali linux from microsoft store
We can really earn or it's depends on possibilities bro??
its depend on your hardwork and passion only
@@lostseccif you don't mind can i know how much you earn bro?😅
@@lostsecc.
extensions?? please
i wil share list