Forem: Arun kumar G

Day 0 - Payroll Admin to Ethical Hacker

Arun kumar G — Sun, 22 Mar 2026 01:53:31 +0000

Hi everyone! I’m Arun Rudth. For the past 10+ years, I’ve been working as a Payroll Admin.

But deep inside, I’ve always wanted to do something more meaningful—something that creates impact. That’s when I discovered my interest in Digital Forensics and the role it plays in fighting cybercrime.

I’ve decided to begin my journey into cybersecurity to learn, grow, and eventually contribute to reducing cybercrimes.

This blog is my personal space where I’ll share everything I learn, the challenges I face, and the progress I make. I hope this journey motivates not just me, but also anyone out there thinking about starting something new.

Day 2 - Learning Bug Bounty

Arun kumar G — Wed, 21 Jan 2026 14:34:31 +0000

Discovering End points and Sensitive Data: Lab: Information disclosure on debug page

All the websites will not have "robots.txt" to find the flaws, rather we should need to find out the paths by ourself. There are lot of tools available in the internet to find the endpoints of a website. Here we are going to learn about the tools called "Ferox Buster"

Ferox Buster link: https://github.com/epi052/feroxbuster

From the above link we can install this tool for our VM Kali linux, Windows, Linux or Mac OS

Once installed we should enter the below command to access Ferox buster

Syntax: ./feroxbuster --url [Target url] -w [wordlist url]

If above syntax throw error then remove ./

Target url: https://0a6600e4033d4feb80b3ea9700090020.web-security-academy.net/

wordlist url: https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/common.txt

Paste it in same root directory to avoid error otherwise you need to mention the exact path to access common.txt

Once you entered the above command. You will see the open points with various status codes of the target websites.

200 --> Success -- Positive response

cgi/bin --> Try access you will see Phpinfo

Php information of the target website which is massive find. From this we can find the vulnerability of that version of PHPServer.

Day 1 - Learning Bug Bounty

Arun kumar G — Wed, 21 Jan 2026 13:55:22 +0000

Discovering Database Login Credentials in Portswigger site:

Lab: Source code disclosure via backup files

Every website will have robots.txt in it to help search engine to allow/ disallow the path.
Append the /robots.txt in the url to understand the flaws if any
In this example we could see as below User- agent: * Disallow: /backup

Meaning for all the users, /backup folder should not be allowed to view.

Next we should append /backup in the url and try to see if there is any leads.
In this case we could see there is "ProductTemplate.java.bak" file.

While we access it, we could see this is a Java programmed file which is actual source code.
If we see the code, there is a connectionbuilder that shows the Postgresql details that include database username and password.

We could see the password that listed in this code.
It is an information disclosure bug that will make us to access the database.
First way of approach is to try to search the leads thru "robots.txt" url.

Port swigger site link: https://portswigger.net/web-security/information-disclosure/exploiting/lab-infoleak-via-backup-files

Day 0 - Payroll Admin to Cybersecurity Analyst

Arun kumar G — Sun, 05 Oct 2025 06:55:50 +0000

Hello Everyone!

I'm Arun Kumar G, and after 10 years of experience as a payroll administrator, I'm embarking on an exciting new journey into the world of cybersecurity. It's a bold shift, but one driven by genuine passion and curiosity.
To stay motivated—and hopefully inspire others walking a similar path—I’ll be sharing my daily learnings through Dev posts. I know transitioning careers isn’t easy, but my interest in cybersecurity burns bright, and I’m committed to keeping that fire alive.
Your support means the world to me. Wish me luck as I dive into this new chapter. Let’s grow together!