1 00:00:01,200 --> 00:00:01,980 Hello, everyone. 2 00:00:02,250 --> 00:00:10,980 So in this video, we are going to see how road map, so how do find when liabilities on HARKAWAY and 3 00:00:11,280 --> 00:00:16,110 how to report vulnerabilities and where and to navigate onto the portal. 4 00:00:17,160 --> 00:00:24,230 So this is the second video for seeing and reporting on liabilities on Hagaman. 5 00:00:24,450 --> 00:00:26,050 So let's just quickly start. 6 00:00:26,640 --> 00:00:31,140 So as you can see, you just have to type one dot com into the URL of your browser. 7 00:00:32,280 --> 00:00:38,340 This will get opened just quickly go and sign up and you try to make an account on this website. 8 00:00:39,330 --> 00:00:40,440 Just have to choose. 9 00:00:40,440 --> 00:00:44,450 I am a hacker feature because you are going to report vulnerabilities. 10 00:00:44,450 --> 00:00:46,160 So you are a hacker. 11 00:00:46,500 --> 00:00:48,010 So start hacking today. 12 00:00:48,030 --> 00:00:48,630 Perfect. 13 00:00:48,660 --> 00:00:50,840 You just need to give your details over here. 14 00:00:51,600 --> 00:00:54,020 So I'm going to give my details. 15 00:00:54,030 --> 00:00:55,530 Let's say I give this name 16 00:00:58,560 --> 00:01:04,890 and in my username I can give any username that I want or let's say I give the same name, email address, 17 00:01:04,890 --> 00:01:08,970 I give my email address for sign up process. 18 00:01:09,240 --> 00:01:16,260 And yes, the important thing over here is you need to keep a strong entropy for your password. 19 00:01:16,830 --> 00:01:23,760 Hacker one does not allow keeping weak passwords, so it will give you continuously give you errors. 20 00:01:25,260 --> 00:01:27,430 So you need to have strong entropy. 21 00:01:28,080 --> 00:01:30,000 So I have got some errors. 22 00:01:30,010 --> 00:01:32,380 So this username has been already taken. 23 00:01:32,400 --> 00:01:37,190 OK, so I'll just make it to one, two, three, and I'm going to set the password again. 24 00:01:39,790 --> 00:01:42,550 So, yes, it was rather password. 25 00:01:46,630 --> 00:01:50,550 And let me try to sign up again, OK? 26 00:01:50,580 --> 00:01:58,120 It does not contain enough entropy, as I said, you guys, you need to set a password which is strong 27 00:01:58,120 --> 00:02:03,640 enough then only it will allow you to keep a valid password. 28 00:02:07,750 --> 00:02:10,330 So let me try to get one more password. 29 00:02:16,240 --> 00:02:17,500 OK, so. 30 00:02:20,640 --> 00:02:21,870 This time it should work. 31 00:02:22,680 --> 00:02:24,390 Let me give a very strong password. 32 00:02:32,890 --> 00:02:34,510 Now, that's a great password. 33 00:02:34,720 --> 00:02:37,750 OK, so let's see if this works. 34 00:02:37,780 --> 00:02:39,550 And let me try and create account. 35 00:02:41,230 --> 00:02:42,640 I hope this works perfect. 36 00:02:42,670 --> 00:02:44,410 So this password worked. 37 00:02:44,920 --> 00:02:46,770 Now you can see please verify very email. 38 00:02:46,780 --> 00:02:48,400 So I just got an e-mail right now. 39 00:02:48,770 --> 00:02:53,890 I'm going to click on confirm my email address and perfect. 40 00:02:53,890 --> 00:02:56,210 My account is successfully confirmed. 41 00:02:57,160 --> 00:03:01,450 So let me just quickly login with my account that I created right now. 42 00:03:04,330 --> 00:03:07,870 In the passport field, I'm going to again type my password, 43 00:03:11,090 --> 00:03:14,050 click on Remember Me and click on CNN. 44 00:03:15,160 --> 00:03:25,210 So after I sign it into the application, the first dashboard that I'm going to see is this. 45 00:03:26,200 --> 00:03:32,530 So I'll just quickly go into the directory tab because this is what is important and you will find a 46 00:03:32,530 --> 00:03:34,480 list of programs over there. 47 00:03:35,200 --> 00:03:42,220 So after going into the directory, you can see there, these are all the programs which are being listed 48 00:03:42,220 --> 00:03:43,270 on to hacker one. 49 00:03:44,620 --> 00:03:46,660 So you can try to hunt on any program. 50 00:03:46,660 --> 00:03:48,010 There are a lot of programs. 51 00:03:48,040 --> 00:03:50,710 So let me just for a program that is over 52 00:03:54,160 --> 00:04:00,280 and you can see all that is already there since 2014, researchers are hunting on this. 53 00:04:01,450 --> 00:04:04,270 So whenever you open a program, it looks like this. 54 00:04:07,560 --> 00:04:10,360 This is everything, rules, regulations. 55 00:04:10,810 --> 00:04:18,640 Important thing for us is what is in scope, what is out of scope and how much do they give for bounties. 56 00:04:19,210 --> 00:04:20,980 So these are out of scope domains. 57 00:04:20,980 --> 00:04:26,350 You have to leave these domains and report everything else that is in scope. 58 00:04:27,730 --> 00:04:33,790 So let me just go to submit report and you can see they are not allowing me to report. 59 00:04:34,270 --> 00:04:34,750 Why? 60 00:04:35,140 --> 00:04:38,560 Because I does not have significant reputation. 61 00:04:39,010 --> 00:04:42,460 My signal is not good and I cannot hunt or report. 62 00:04:42,460 --> 00:04:44,340 I want to to but no problem. 63 00:04:44,860 --> 00:04:50,110 I'm going to increase my signal how to do that. 64 00:04:50,680 --> 00:04:55,890 So basically you can try for solving some CDs which are over here. 65 00:04:57,970 --> 00:05:01,180 Also, you can try for some open programs. 66 00:05:02,680 --> 00:05:03,680 You can start with them. 67 00:05:03,700 --> 00:05:05,140 Let me just go to my profile. 68 00:05:05,800 --> 00:05:10,020 As you can see, this is my profile, which is currently empty right now. 69 00:05:11,170 --> 00:05:13,360 Let's go to the Inbox feature. 70 00:05:13,810 --> 00:05:18,390 Inbox feature is wherever you whenever you try to report vulnerabilities that will come over here. 71 00:05:18,820 --> 00:05:26,530 So any open report pending disclosure, which is accepted report and all total number of reports, let's 72 00:05:26,530 --> 00:05:29,830 go to the hacker dashboard. 73 00:05:30,160 --> 00:05:32,170 But then again, see, this is my profile. 74 00:05:33,400 --> 00:05:36,910 You can submit a report from your you can read about hacker one. 75 00:05:36,910 --> 00:05:42,340 And yes, we can see on the left side bookmark five programs on the directory. 76 00:05:42,730 --> 00:05:46,120 Just choose five programs that you want to hunt for upward. 77 00:05:46,120 --> 00:05:51,100 Five items on activity on twenty six point on hacker one zero one. 78 00:05:51,100 --> 00:05:51,990 Capture the flag. 79 00:05:52,450 --> 00:05:58,420 This is helpful because you will get a couple of invites for your next program that you can hunt for. 80 00:05:58,480 --> 00:06:03,820 So you can just solve this hacker one zero one CDV if you want. 81 00:06:04,570 --> 00:06:09,070 This will just give you some of invites to set to start hunt for it. 82 00:06:10,870 --> 00:06:11,710 Let's go back. 83 00:06:14,380 --> 00:06:25,600 To the Akron dashboard, yeah, so your four year it is, that's it. 84 00:06:27,730 --> 00:06:29,200 Let me go to the profile settings. 85 00:06:29,200 --> 00:06:37,360 You can edit all the settings that you want over here and let's see some options from here. 86 00:06:37,360 --> 00:06:37,820 You can. 87 00:06:37,840 --> 00:06:44,590 These are the basic options that you can fill, whatever you want according to your needs and payments. 88 00:06:44,590 --> 00:06:49,040 You will you will be able to see what are the total payments that you are going to get. 89 00:06:49,750 --> 00:06:56,100 Now, it is balance zero perfect payment payout preferences. 90 00:06:56,470 --> 00:06:58,180 I'm going to show you some important things. 91 00:06:58,180 --> 00:07:04,260 Only you can observe other features by yourself and explore them. 92 00:07:04,780 --> 00:07:09,040 So in payout you can add a payout method, either PayPal or anything. 93 00:07:09,040 --> 00:07:17,890 The best people, if you get any private invite, it will be into your inbox directly. 94 00:07:18,760 --> 00:07:23,700 And the last one is the activity tab, which is important here. 95 00:07:23,860 --> 00:07:30,250 And you will be able to read all the reports which are being submitted on Hacket one and which are kept 96 00:07:30,250 --> 00:07:31,230 open to read. 97 00:07:31,660 --> 00:07:40,720 So basically we can read about those reports and yeah, you can come to know who and when security researcher 98 00:07:40,720 --> 00:07:43,300 has reported what kind of vulnerability to what program. 99 00:07:43,690 --> 00:07:52,300 As you can see see SRF on connecting people as payment provider has been reported on Apple and recently 100 00:07:52,870 --> 00:07:56,770 and the audit was five hundred dollars perfect. 101 00:08:00,430 --> 00:08:05,890 I think they receive CSIR every protection on adding PayPal and the payment provider, but the protection 102 00:08:05,890 --> 00:08:06,590 is not good. 103 00:08:06,610 --> 00:08:14,780 OK, so basically this user was able to do a SRF and this was the bond provided by Shopify. 104 00:08:15,850 --> 00:08:17,650 So I hope you guys understood that. 105 00:08:17,650 --> 00:08:25,990 How we can try to hunt for vulnerabilities on Hacker when this was a brief overview of the hacker platform 106 00:08:25,990 --> 00:08:28,390 and where and you can try to find vulnerabilities. 107 00:08:28,930 --> 00:08:34,000 This is again the dark mode, as we already see that you can utilize working at night. 108 00:08:36,250 --> 00:08:36,610 Yeah. 109 00:08:36,610 --> 00:08:37,630 So this is it. 110 00:08:37,660 --> 00:08:43,630 This is basically whatever important things that you need to keep in your mind when you are starting 111 00:08:43,630 --> 00:08:45,730 hunting on hacker one platform. 112 00:08:46,540 --> 00:08:52,630 So I hope this video helps you guys and you guys can start hunting on this platform. 113 00:08:53,410 --> 00:08:54,280 Thank you so much.