luffydragneel

@Hackers_Guild

A full-time hacker + otaku. For any freelance pentest projects, feel free to get in touch at luffydratest1@gmail.com.

Raftel
Vrijeme pridruživanja: prosinac 2017.

Tweetovi

Blokirali ste korisnika/cu @Hackers_Guild

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @Hackers_Guild

  1. Prikvačeni tweet
    14. velj 2019.

    Finally, my first post, "A TALE OF AN APPLICATION WIDE CSRF VULNERABILITY". Hope you guys will like it. :)

    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    prije 5 sati

    New blog post: Simple Remote Code Execution Vulnerability Examples for Beginners

    Poništi
  3. proslijedio/la je Tweet

    If Microsoft Teams is down for you... Remember it's Office *365* and there are 366 days in 2020.

    Poništi
  4. proslijedio/la je Tweet
    12. stu 2019.

    Time for another : While testing file upload forms on IIS7 servers, you can get RCE by uploading ".cer" files if ".asp" extension is blacklisted. This already let me to multiple RCEs in and projects. RT if you love! More coming 👁️

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    4. velj

    When testing for SSRF using a black list, take internal IP addresses and when encoding them, dont encode entire IP. Encode 1 octet of the IP address, or 2 or 3. For Instance: AWS Metadata - 0251.254.169.254 (this got the $160,000 payout in Oct 2018)

    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    2. velj

    WooT! There is always a way. New short write up! Chain the bugs till you get what you want. Some steps were not mentionned. RT, Like and Comments are appreciated. For any pentest work DM me:) 🎉🎉

    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    2. velj
    Odgovor korisniku/ci

    Love it! Thanks!

    Poništi
  8. proslijedio/la je Tweet
    31. sij

    This ‘No honking’ ad by Mumbai Police is pure gold 🙏🏻 Honk only if you are ready to wait 😊

    Prikaži ovu nit
    Poništi
  9. 2. velj
    Poništi
  10. 2. velj

    Request has a 64 chars long csrf token in the header and same in the cookie. I can use any random string of 64 chars but they should have same value in both places. Any ideas how I can possibly exploit this csrf for another user?

    Poništi
  11. proslijedio/la je Tweet
    1. velj

    NEW BLOG POST ON RECON ON SHODAN PUBLISHED BY ME DO TAKE A READ AND SHARE 🙏

    Poništi
  12. 2. velj
    Poništi
  13. 31. sij

    The Complete Guide to CORS (In) Security by . Do give it a read because it's very well written. 😋

    Poništi
  14. 31. sij

    If an application uses markdown, make sure to test it for xss. I used [Click here](javascript:alert(1)), to create a link via markdown and when the user clicks on Click here, the xss will get executed. Read this article.

    Poništi
  15. 30. sij

    I earned 2x$350 for my 2 submissions on . Both were stored XSS with a simple payload "><img src=x onerror=alert(1)>.

    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    23. sij
    Poništi
  17. proslijedio/la je Tweet
    20. sij

    First blog post: Unauthorized Google Maps API Key Usage Cases, and Why You Need to Care

    Poništi
  18. proslijedio/la je Tweet
    22. sij

    Hello hunters ! last year i published my recon map, this year i share with you my checklist ! Feel free to ask questions and make comment to improve it ! and hope you enjoy ;)

    Poništi
  19. 22. sij
    Poništi
  20. proslijedio/la je Tweet
    21. sij
    Poništi
  21. proslijedio/la je Tweet
    20. sij

    Time for a new tip! When I sign up to a website/newsletter/reset password, I look at the website which hosts the logo/image in the email I receive. This led me multiple time to insecure AWS S3 buckets and scope expansion.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·