Back to Blog

Finding Credentials with GitHub Dorking

March 30, 2024

In the month of march, I was learning bit more about github dorking. I was going through writeups, blogs, videos to learn about it. After spending some time, there was a itch inside me forcing me to try it in the real world target. Then I searched for the responsible disclosure program with the following google dork:

site:com intext:reponsible disclosure

I just randomly choose the target & started github dorking based on the given scope. After trying bunch of the following dorks:

"target.com" password
"target" password
"target.com" path:env

I just landed on the var.tf file on the github. Navigating inside the file, I just found the domain admin username, password & the vsphere_server IP address disclosed associated with the organization tld.

Screenshot showing credentials in var.tf file

Credentials Found

Since, I realized the credentials are used inside the organization infrastructure & also without the strong evidence that the github repository belong to the organization employee it's a baby-cry thing in the bug-bounty. Also, reading their responsible disclosure it was clearly mentioned that actively auditing their infrastructure based on the credentials found on the internet is strictly prohibited.

Anyway, I decided to report it anyway. After, some days they just reply with this.

Screenshot of initial response

Initial Response

I just accepted the invitation & proceed further. Some days later, a hackerone triager replied that the repo doesn't belong to the organization and If I managed to provide the proof, they will proceed further.

Screenshot of HackerOne triager response

HackerOne Triager Response

I just left it right there after reading the reply. Next day from this reply, I received another message. The report was triaged with the medium severity. Now, long story short on the march 21st they fixed the issue removing the github repo & closed the report as Resolved.

Screenshot of resolution

Resolution

Although, it was VDP but the experience was quite good. At last, I just want to put some resources below to learn the github dorking.

Thank you everyone.