How I was able to bypass WAF and find the origin IP and a few sensitive files

Hello hunters,

This is Jan Muhammad from team Darkanon.

Today I’ll be demonstrating to you guyz how I was able to bypass WAF and find the origin IP in a jiffy, using shodan.

So let's begin.

I was hunting on a VDP program, let’s call it target.com. During my reconnaissance, it came to my notice that the target is protected by Cloudflare WAF. In order to find the origin IP, I opened my terminal and hit command:

nslookup target.com

But the resolved IPs were generated by Cloudflare with the intention to protect the origin server. Hitting those IP’s in URL were showing “Direct IP Access not allowed”

Refer to the below link for the full article:

https://www.darkanonsys.com/blogs/9FfcqrwSPGdQil2EMgcr

Bounty Awarded: $three_digits

Hit me up on Twitter: https://twitter.com/hasanakajan