Microsoft IIS Server mass Hunting | Bug bounty poc

Great video! Great music! Great finds! I'm going to get shortscan because of you. I've not heard of it before, that I remember at least. Plus, some this vulnerability is interesting, and the Burp Suote plug-in is great. Hehe

ReligionAndMaterialismDebunked

That's interesting how you found those domains like that by finding people who didn't update the default IIS home page. I recognize some of the domains from work and may reach out to get them to secure their stuff. I try to warn them to not leave their servers so vulnerable but they really think no one can access something unless they put out the URL.

I like this video because its very educational and hope it spreads more awareness

SageChaozu

I got one too just 30 mins before in a sub domain because of your video it helps me to find it😊 in the beginning i did not know, those also can be counted as a bug until i see your video.... Thank you for making me motivated and information

Levi

today on quick ways to meet the feds...

xdreadnaught

Is this you finding this bug without any prep? I barely understand what's going on but it's incredible to see this in real time and see you complete a thousand dollar bug within 17 mins. The amount of time and effort you must've put in to hack at this level is incredible

bboymyers

By the way the 'scan interrupted' error that you were getting was because when you pasted the url in burp suite you didnt remove the space at the end. Try removing the space and then it wont give you an error. Great video overall

SonixAEP

Thank for your POC, It's very usefull.

Byrus_dsp

Great video! Please create a video about how you setup kali with tools using wsl

kashyapsugandh

I’m interested in knowing how you’re running bash in the windows command prompt

macebtw

I want to point out something, when you started putting the URLs in the burpsuite extension on some of them you added a space, that is the reason why many of them return invalid host name. you can clearly see that on the ones that don't have a space at the end the scan started normally, unlike the ones with the added space.

jasonhudson

where did u study bug bounty from? or even ethical hacking. i want to start learning it myself

WaterLover

nice video, good POC, i definitely find this cool, just getting more into ethical hacking and shit from game hacking, this is cool.

hw

hey friend just asking, it does give you some money by just searching for vulnerable servers and then issuing a report for the owner? Or do you think BBP is better?

yungxxilax

What did you even accomplish that you can't with simple keyword fuzzing? Seems like a pretty dumb attack to have to look for tilde exploit vulnerable hosts rather than fuzzing all

clgrsyi

Are you using a virtual machine ?? Good video bro

UrRealestCritic

Great video man.. Also, hpw are you using the httpx-toolkit command?? I want to useit but I find no way to install it and use it as you are, do you have the installation guide or any github repo where i can install it?? thanks man!

HansSec

when you pasting the links in burp, last portion of the link appears a space. thats why may be it shows scan interrupts

anonraxor

Amazing video bro keep it up i learned somenew thing todya can i get those extension names ?

kaminey

May I ask, when you opened the sites you found with Durk, after that you found the Windows Server sites with a plugin??

aran_farzami

Can you search for vulnerabilities in the termux terminal to start with the bonty bug?

Lyricsd