Feb 22
How I got into Nokia HOF in 5 Mins
بسم الله الرحمن الرحيم
[In the name of God, the most gracious, the most merciful]
In this write-up, I will share my journey of how I got into the Nokia Hall of Fame through GitHub dorkings. I hope that my experience will inspire others to pursue their passion for security research and report vulnerabilities responsibly.
Abstract
What is GitHub Dorking?
GitHub Dorking is a technique that involves using advanced search operators in GitHub to find sensitive information or vulnerabilities in public repositories.
Methodology
First of all, I don’t use any Automated Tools in this type of recon “Github Recon”
That’s why you can find a lot of treasures that some people just left it behind depending only on Automated Tools.
Ok, Let’s Pull the Stuff…
The first step is to Find Any of the Organization's Github Accounts
website.tld github
The Second Step is to go deeper inside the ORG Account with Droks
Actually, it’s frustrating to check all of these code snippets one by one...
One thing you can do is to check the most popular dorks that find treasures through these snippets.
This list helped me get some cool dorks: https://github.com/techgaun/github-dorks/blob/master/github-dorks.txt
From Developer Fails to Hunter Tales
After spending some minutes, fortunately, I found this file holding the Database username and password Publicly!
Reporting
I wrote a report to their Responsible Disclosure E-Mail and After 3 Hrs they Just Replied with this
Don’t hesitate to reach out: https://twitter.com/sl4x0
