The world of bug bounty hunting is filled with thrilling moments when some simple recon techniques lead to a major vulnerability discovery. Omar Sha Rafi from Bangladesh shares with us the process of discovering and exploiting multiple vulnerabilities in a popular music streaming platform. Due to the confidentiality of the program, all sensitive details such as domain names, IP addresses, and credentials have been redacted.

Summary：

● Found an exposed IP via Shodan and identified open ports using Naabu, leading to further investigation.

● Discovered admin email leakage and internal app details through brute forcing directories.

● Downloaded and Decompiled an APK that uncovered hardcoded AWS credentials, enabling unauthorized access to S3 buckets.

• Part 1: The Starting Point – Shodan Search and Discovering the Origin IP
• Part 2: Full Port Scanning with Naabu
• Part 3: Directory Brute forcing with Ffuf
• Part 4: Leaking PII – The Users Endpoint
• Part 5: Exposing Development Information – The Apps Endpoint
• Part 6: Decompiling the APK and Finding Exposed AWS Keys
• Part 7: Using AWS CLI to Access S3 Buckets
• Part 8: Root Cause of the Vulnerability
• Part 9: Protection Measures for AWS Keys

User activity: Follow @TecnoSRC and like this post, we will randomly select 10 users to give away 10 security credits!