- If you are doing bug bounty hunting, then you are half way there.
- NMAP and wordpress knowledge is really important.
- Best part — Google searches are allowed (💥)
- Cryptographic knowledge is important
- SQL Injection plays a major role
- Simple User Enumeration and OS Banner grabbing
- RDP Connection
Tools that will help you to pass exam
- Rainbow crack ( This helped me to get my first 3 question answers! )
- If you can pay then the best resource is ASPEN iLabs.
- Tryhackme ( Different related rooms like crackthehash, wirectf, hydra, sqli)
- ASPEN iLabs YT video ( https://www.youtube.com/watch?v=ycZFk-GT5-I&list=PLrrgFyE6PtlaCixUxJPM0Y9Peye6iCewH )
- Which username was tampered? ( You need to solving by comparing Hash values)
- Wordpress Username Enumeration!
- Retrieve Database names ( SQLi)
- How many machines are there? ( NMAP)
- Phone number of User X? ( Metasploit/Parameter Tampering)
- What is the hidden text in X.jpeg (STEGHIDE)
- Password crack for VCRYPT
- IP Address/ Version of Running windows Server.
Some of the commands used by me
- hydra -l root -P passwords.txt [-t 32] ftp [ https://securitytutorials.co.uk/brute-forcing-passwords-with-thc-hydra/]
- hydra -L usernames.txt -P pass.txt mysql
- hashcat.exe -m hash.txt rokyou.txt -O
- nmap -p443,80,53,135,8080,8888 -A -O -sV -sC -T4 -oN nmapOutput 10.10.10.10 [https://www.stationx.net/nmap-cheat-sheet/]
- wpscan — url https://10.10.10.10/ — enumerate u
- netdiscover -i eth0 [ https://www.100security.com.br/netdiscover ]
- john — format=raw-md5 password.txt [ To change password to plain text ]