HELP ME!
I joined a bug bounty contest for a website of a city in my country . " www.tangerangselatankota.go.id" , i've tried to find vulnerabilities but i just couldn't . I've used nuclei , owaspzap , openvas and even tried manually or with dirbuster. I need help man i just suck at this stuff
4 Replies
can i get some tool recomendations atleasy?
uh
ok
thank you
you probably shouldn't start with a bug bounty
make sure you have the fundamentals, do stuff on tryhackme or hackthebox before you try to chase bounties
plus it can be much easier to find bugs in applications that don't have bounties, and if you report them, you can still ask for a bounty anyway even though you aren't guaranteed one
ehhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh
CFAA doesn't prevent all kinds of hacking, typically if it's only your system and your data it might void a warranty or something but it's not a criminal act, at least in USA
there are other laws too but CFAA and DMCA are the only ones i can think of off the top of my head
but unauthorized disclosure of sensitive information, particularly gov information, is definitely a crime and can land you in prison (see Kevin Mitnick)
Organize and go through more thoroughly, more extensive recon, stop active scanning, take notes on every dynamic endpoint of exactly what you've tested for and when, and keep a table of dates that you last completed a pass by target and vulnerability.
Ok yhank you