How I got into Nokia HOF in 5 Mins

Abdelrhman Allam (sl4x0)
2 min readFeb 22, 2023

--

https://www.nokia.com/notices/responsible-disclosure/

بسم الله الرحمن الرحيم

[In the name of God, the most gracious, the most merciful]

In this write-up, I will share my journey of how I got into the Nokia Hall of Fame through GitHub dorkings. I hope that my experience will inspire others to pursue their passion for security research and report vulnerabilities responsibly.

Abstract

What is GitHub Dorking?

GitHub Dorking is a technique that involves using advanced search operators in GitHub to find sensitive information or vulnerabilities in public repositories.

Methodology

First of all, I don’t use any Automated Tools in this type of recon “Github Recon”
That’s why you can find a lot of treasures that some people just left it behind depending only on Automated Tools.

Ok, Let’s Pull the Stuff…

The first step is to Find Any of the Organization's Github Accounts

website.tld github

The Second Step is to go deeper inside the ORG Account with Droks

Actually, it’s frustrating to check all of these code snippets one by one...
One thing you can do is to check the most popular dorks that find treasures through these snippets.

This list helped me get some cool dorks: https://github.com/techgaun/github-dorks/blob/master/github-dorks.txt

From Developer Fails to Hunter Tales

After spending some minutes, fortunately, I found this file holding the Database username and password Publicly!

Reporting

I wrote a report to their Responsible Disclosure E-Mail and After 3 Hrs they Just Replied with this

Don’t hesitate to reach out: https://twitter.com/sl4x0

--

--