Breaking In with Guest: My First Bug Bounty
Hey everyone! This is my first-ever write-up on bug hunting. I hope you enjoy it!
Let’s Get Started
It all began on one of those boring days in a college lecture. Looking for something productive, I decided to jump into bug hunting. I picked a random target from the OpenBugBounty program.
As part of my methodology, I always start with subdomain enumeration as soon as I have my target. This time, my target was target.com. After listing subdomains, I thought I’d try Google Dorking to dig deeper. I started with a simple dork:
site:target.com inurl:Admin
This gave me a list of pages, some on subdomains. I checked each subdomain manually, but every admin panel I found was protected with Cloudflare.
Then I thought, “What if I broaden the search a bit?” So I modified the dork to:
site:target.com inurl:Admin OR inurl:login
This brought up many login panels, again mostly Cloudflare-protected. But one panel stood out: a RabbitMQ Admin Panel.
As a hacker, my first thought was to try common default credentials. On the first attempt, I tried guest:guest
… and BOOM 💥 — I had access to the database!
I reported this finding to the company, and they rewarded me with a bug bounty payment and a CVE under my name: CVE-ER-2024–6.
That’s frustrating and disappointing, especially after putting in the hard work to find vulnerabilities. You might consider adding a warning or note to your write-up, mentioning that not all programs uphold their promises. This could help fellow hackers be cautious and choose more reputable programs, while also sharing your experience tactfully.
If you’re hacking or bug hunting make sure to do some research about company or ask other hackers about it .
If you’re diving into bug hunting and want a place to discuss techniques, get guidance from experienced bug hunters, or even find trustworthy bug bounty programs, check out this Discord community! It’s a great space where you can connect with others, ask questions, and avoid scammy programs.
Join the Discord community here!
👏 Enjoyed this article? Show some support!
If you found this write-up helpful or insightful, a clap or a like would mean a lot! Your support keeps me motivated to share more bug hunting stories and tips.