FROM OSINT PROJECT TO MAKING MILLIONS HACKING DATABASES FOR BUG BOUNTY

Nitesh Pandey
3 min readMay 31, 2020

--

Hi, last year i learn about this technique well these techniques were present for a long time but very few people focus on this so i started to learn and taking interest in it.

The region for this is my love for the dataset It was originally an OSINT project on which i was working when it comes to my mind that yah i can report this and it changed my mind and that OSINT project was converted into a BugBounty project.

Before i start telling you about the vulnerability let me tell you about myself I am Nitesh Pandey from BHARAT. I am a former BUG BOUNTY hunter and currently, i am working in an organization and do penetration testing. Apart from this, i love to do research on leaked data and create awareness formally I also have helped local police in solving criminal cases.

What is the vulnerability?

The vulnerability is about finding the unprotected data of websites basically to find Four types of data.

  • Elastic Databases
  • MongoDatabase
  • kibana Database
  • Couch Database

Now we know what this vulnerability is basically but how to know which database belongs to which organization and what is the correct way for finding it.

There are many ways to perform this task you can automate this task as well if you have some bash knowledge. I will be covering one technique which i used to find this vulnerability.

I will be covering it in steps rather than the paragraph so you know exactly what to do and how to do.

STEP 1: The first step is to find the dataset itself its not easy as it seems an easy task. I am not going deep inside in the IP and all hope you all know about it. As a bug bounty hunter, you perform various things in the recon process and you have a list of organization names and IP ranges basically we need these two things to figure out the database.

  • Organization Name
  • Ip Address

So let start searching for databases as we have the IP address what can we do to find the exposed database is simply using the dork which reveals the publically available database using shodan. Lets first see the image containing the output then we will talk about the dork in detail.

In the above image, you can see that we have used the searching technique to find an open database by using the following command.

  • net: IP_ADDR port:9200 user country:”IN”

So, Basically, what we are doing is we already know the IP address of the organization so we put the IP address first then we provided a port number on which the service runs post that we provided a keyword user you can earn without that as well and the end for filtering the output to India i used Country: “IN”

You can find the updated link and more dorks at https://github.com/mrnitesh/shodan/blob/master/shodandork.txt

A complete video on this which explain everything in fact the advance techniques is posted on my youtube channel you can check out this

So you all can play it with and see what you found this is the basic write up of what i basically perform to find the open database. In future, i will be writing a more advanced form of this techniques which you can use to find the database.

The post is for educational purposes only do not misuse the techniques.

--

--