I'm making a full of my methodology video ,
The actual method that i use to find privilege escalation vulnerabilities easily ๐
i have reported multiple privilege issues in hackerone using this method.
I will post the videos in *Monday* keep on eye ๐โ๐จ
#bugbounty
#infosec
Quick tips :
How i found 10+ information disclosure in hackerone public program
1/n
1st: collect all ip's from shodan
shodan search :"*" 200 --fields ip_str | httpx | tee ips.txt
2nd: fuzz all ips using dirsearch
Information disclosure is โค๏ธ
tip: If you found any sensetive url, or config. js, which is giving 404. use waybackurls
=> echo "sensetive link" | waybackurls - get-versions,
And it will give you old version of that file.
Thanks
@TomNomNom
#infosec
#bugbountytips
@Hacker0x01
Sorry for the delayed๐
Now you can access all the videos by filling this google form :
You will get a proper guide for finding privilege escalation and hopefully able to report privilege this month $$$๐ฐ๐
#bugbounty
#cybersecurity
#bugbountytips
I'm making a full of my methodology video ,
The actual method that i use to find privilege escalation vulnerabilities easily ๐
i have reported multiple privilege issues in hackerone using this method.
I will post the videos in *Monday* keep on eye ๐โ๐จ
#bugbounty
#infosec
I Was Awarded a $3750 Bounty for Multiple Vulnerabilities.
2 => Sql Injection ๐
3 =>Reflected Xss
2 => Information Disclosure
#bugbounty
#infosec
#cybersecurity
"My presonal method to find privilege escalation" video is public now๐
Link:
Also like or subscribe ๐if u like it i will add more videos in my YouTube ๐
#bugbountytips
#cybersecurity
#hacking
#infosec
Hello
@cex_io
team i reported a security issue on your website in 03-07-2022 and your security team rewarded me 200$ in 06-10-2022 but from one year i ask for payment and your team is saying no updates everytime look into it.
@cex_io
After Getting continuously Dups
Never give up...๐ฅ๐ป
tip ; put Xsshunter payload in burpusuite match and replace section..!
1. User agent
2. Referer Header
#bugbountytips
#bugbounty
I Have also created a what's up group for those who are enrolled the methodology and teaching
"How do i find targets"
Some "information disclosure tips"
#bugbounty
#cybersecurity
#hacking
Sorry for the delayed๐
Now you can access all the videos by filling this google form :
You will get a proper guide for finding privilege escalation and hopefully able to report privilege this month $$$๐ฐ๐
#bugbounty
#cybersecurity
#bugbountytips
Making a wordlist for your target..
1. 'Cewl'
> cewl - m 4 - w /wordlist1. txt - d target. com
2.urls > cat urls.txt | cut -d โ/โ -f4,5,6,7,8,9 | tee wordlist2. txt
3.github endpoints
()
github-endpoints target. com - raw - o /wordlist3. txt
#bugbountytips
I just hit 30k followers ๐
To celebrate giving away 30
@PentesterLab
subscriptions.
To enter, quote tweet this with a message of gratitude to someone that has helped you become a better hacker/human.
Thanks to
@PentesterLab
/
@snyff
who provided 50% of the subs.
โค๏ธ๐งก๐๐๐
Sorry for the delayed๐
Now you can access all the videos by filling this google form :
You will get a proper guide for finding privilege escalation and hopefully able to report privilege this month $$$๐ฐ๐
#bugbounty
#cybersecurity
#bugbountytips
@ashu_barot
@pdnuclei
Have hear about the udemy? If yes then go to the udemy and watch how people taking more money to teach how to find subdomains using subfinder and how to fillter subdomains using httpx tool and then come and comment