Dear Hacker,
Welcome. WhiteBox Penetration Testing is my preferred approach to cybersecurity research. I am therefore converting my Bug Bounty Program along the WhiteBox principles. I will tell you which attacks will not work on Pandit.Tech. I will also suggest where your best chances for a successful attacks are.
Please follow the regulations and laws of your own country. You have my permission to hack Pandit.Tech, but please read security.txt and security.html. If you want me to whitelist your IP address, please get in touch.
Script Kiddy Stuff will not work
The tools and services of the following will not work on Pandit.Tech. Please do not waste time. Your best bet is to avoid commonly misused tools.
- getastra.com
- hostedscan.com
- nmap.online
- nmap.org
- openvas.org
- pentest-tools.com
- quttera.com
- sitecheck.sucuri.net
- siteguarding.com
- ssllabs.com (Qualys SSLTEST)
Direct IP attack will not work
Do not try IPv4 and IPv6. Your IP will get banned. Your best bet is to use FQDN.
Beware of Geo blocking
IP addresses from a number of countries including RU, UA, CN, etc are automatically blocked. Your best bet is to use IP addresses in the UK, US, IN, DE, BE or FR, as I do not block them.
Beware of Agent blocking
Most misused agents e.g. java are automatically blocked. Your best trick is to use random agents or the latest browsers.
Beware of HTTP method blocking
All methods other than GET, POST and HEAD (e.g. TRACE/DELETE) are automatically blocked. Your best route is to GET / POST / HEAD.
Beware of old and hackers browsers
All old browsers such as Internet Explorer and automation browsers (e.g. Java) are automatically blocked. Your best option is to use Chrome, Firefox, Brave or Edge.
YES - DOS ATTACKS are okay
Pings are dropped so you can forget the ping flood attack. The webserver has rate limits per IP which should block basic DOS attacks. Your best chances is a DDOS attack. Before you do something reckless or automated, please note I use fail2ban as follows:
- max_retry = 1
- bantime = -1
WHITE BOX DETAILS
VERY IMPORTANT INFORMATION FOR HACKERS Here are the details of server configuration that may help you. All are the latest STABLE versions, unless indicated in (brackets).
- Operating system: Ubuntu Jammy Jellyfish
- OS Kernel: Linux Kernel
- Web server: Nginx (mainline)
- CMS: Wordpress
- Hypertext processor: Php
- Database server: MariaDB
- Mail server: Postfix
- Videoconference: Jitsi-meet
- File server: NextCloud
- VPN: Wireguard
- SSH server: OpenSSH
- Crypto library: OpenSSL
- DNS resolver: Unbound
- DoH server ext: /dns-query (but without any ?query or you get banned!)
- DoT server port: 853 over tcp
- Other ports: 25, 53, 80, 443
Good luck!
Santosh
We use a strictly necessary technical cookie (__Host-PHPSESSID) to ensure secure browsing. No consent is required under GDPR. See our Cookie Policy and Privacy Policy for details.