Selim Enes Karaduman

@Enesdex

Trying to become a hacker, Person who loves helping people

Vrijeme pridruživanja: lipanj 2015.

Tweetovi

Blokirali ste korisnika/cu @Enesdex

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @Enesdex

  1. Prikvačeni tweet
    31. pro 2019.

    1. Top 500 Hackerone 2. 100 Bug in total

    Poništi
  2. proslijedio/la je Tweet
    3. velj

    When testing for SSRF, change the HTTP version from 1.1 to HTTP/0.9 and remove the host header completely. This has worked to bypass several SSRF fixes in the past.

    Poništi
  3. 1. velj

    any update = where is my bounty?

    Poništi
  4. proslijedio/la je Tweet
    30. sij

    I published another blog today. This is a story about an interesting SQL Injection I found. “A Not-So-Blind RCE with SQL Injection” by Prashant Kumar

    Poništi
  5. proslijedio/la je Tweet
    30. sij

    Some hunters made over €50.000 in bug bounties with this simple trick. 🤑 Thanks for the , !

    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    28. sij

    even though the jenkins was patched there were still build sources and other stuff including password ,etc. some directories were /build/ /downloads/ /images/ /testing/

    Poništi
  7. proslijedio/la je Tweet
    28. sij

    Do you know what 2nd order IDORs are? 🙋 Wondering how does recon or how breaks the web? Read everything in this week's ! ⬇️

    Poništi
  8. 27. sij

    Ok I'll find a bug!

    Poništi
  9. proslijedio/la je Tweet
    27. sij
    Odgovor korisnicima i sljedećem broju korisnika:

    Any type of bug is 1. for me I rarely find bug 😰

    Poništi
  10. proslijedio/la je Tweet
    22. sij

    Having trouble findings endpoints? Normal tricks failing? Try making a new wordlist by running wayback against the root domain (and all subdomains). Even if it's not in scope! echo | waybackurls |cut -d '/' -f4- |sort -u |tee wordlist.txt

    Poništi
  11. proslijedio/la je Tweet
    20. sij

    -API TIP:19/31- Which features do you find tend to be more vulnerable? I'll start: - Organization's user management - Export to CSV/HTML/PDF - Custom views of dashboards - Sub user creation&management - Object sharing (photos, posts,etc)

    Poništi
  12. proslijedio/la je Tweet
    18. sij

    Looking for kubelet information exposure? Use shodan and type this keyword : product:"Kubernetes" port:"10250" And try https://x.x.x.x:10255/pods

    Poništi
  13. proslijedio/la je Tweet
    17. sij

    When you are looking for subdomain takeover Use this method Save all subdomains on txt file And use dig for found all cname ` dig -f txt.txt|grep CNAME ` you will get all cname for subdomains Open cnames and looking for error if mean takeover This method it so easy

    Poništi
  14. Poništi
  15. proslijedio/la je Tweet
    17. sij

    basarilarinin devamini dilerim, tebrikler. :) eger arac bekledigim kullanima ulasirsa yakin zamanda tarama limitini 300'den 600'e 800'e 1200'e cikartabilirim.

    Poništi
  16. proslijedio/la je Tweet
    13. sij

    I m surprised at how often companies use these credentials in internal login panels: company_name company_name admin company_name employee_name (/github username/from LinkedIn/any public source) company_name

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    10. sij

    Yo hackers! I've built a small website that has some challenges. 🔗 The main challenge for the week is `WW3` All upcoming challenges will be hosted there, so stay tuned :) Would love to know what you guys think. Have fun!

    Poništi
  18. proslijedio/la je Tweet
    9. sij

    Blog post I did about an SSRF on Yahoo a couple years ago that I forgot was still online

    Poništi
  19. proslijedio/la je Tweet
    8. sij

    This weekend I’ll be posting “Remote Code Execution in Three Acts”, about an RCE on one of the most popular microservices frameworks. Remember to subscribe at to get it when I publish!

    Poništi
  20. proslijedio/la je Tweet
    6. sij

    If you need a nice GUI for HTTP manipulation you can use pownjs combined with the tools. `npm install -g pown; pown module install @pown/apps; pown apps resend`

    Prikaži ovu nit
    Poništi
  21. proslijedio/la je Tweet
    6. sij
    Odgovor korisniku/ci

    Valim gözünü seveyim şu karede 3 okul servisi var

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·