JIGGY

@J1ggy_

Vrijeme pridruživanja: srpanj 2018.
1 fotografija ili videozapis Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @J1ggy_

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @J1ggy_

  1. proslijedio/la je Tweet
    4. velj

    When testing for SSRF using a black list, take internal IP addresses and when encoding them, dont encode entire IP. Encode 1 octet of the IP address, or 2 or 3. For Instance: AWS Metadata - 0251.254.169.254 (this got the $160,000 payout in Oct 2018)

    11 replies 284 proslijeđena tweeta 964 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    29. sij
    Odgovor korisnicima i sljedećem broju korisnika:

    Try this: cat domains.txt | while read domain; do if host -t A "$domain" | awk '{print }' | grep -E '^(192\.168\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|10\.)' &>/dev/null; then echo ; fi; done Disclaimer: wrote it just now and haven't tested it much :-P

    21 proslijeđeni tweet 104 korisnika označavaju da im se sviđa
    Poništi
  3. proslijedio/la je Tweet
    24. sij

    A collection of UNIX hacking tips & tricks :

    235 proslijeđenih tweetova 604 korisnika označavaju da im se sviđa
    Poništi
  4. proslijedio/la je Tweet
    20. sij

    If you're new to bug bounty like me, it's good to start with a VDP to build your reputation and earn private invites. Below is a python script I've made which saves DoD controlled sites to a file to continue for further recon.

    19 proslijeđenih tweetova 69 korisnika označava da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    4. sij

    -API TIP: 4/31- Testing a Ruby on Rails App & noticed an HTTP parameter containing a URL? Developers sometimes use "Kernel#open" function to access URLs == Game Over. Just send a pipe as the first character and then a shell command (Commnad Injection by design)

    33 proslijeđena tweeta 79 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    13. sij

    Some shodan filters to check whether your org managed to apply Citrix workaround correctly. The http.waf one seems to miss assets. net:x.x.x.x24 title:netscaler & net:x.x.x.x/24 title:citrix Use your own ranges. If it looks like this you probably want to shout at someone.

    6 replies 73 proslijeđena tweeta 226 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    13. sij

    Update CVE-2019-19781 You can exploit the vulnerability without the file and only use the file ! You can inject your payload inside the name of the XML file and fire the command execution ! 🔥💪

    12 replies 403 proslijeđena tweeta 814 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    12. sij

    I just encountered this situation and it ended up helping me find a 301 to a weird amazon s3 bucket i've never seen before. Pretty interesting. curl -ik https://1.2.3.4 --header "HOST: www[.]example[.]com" would be the curl command

    7 proslijeđenih tweetova 33 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    12. sij

    If example[.]com points to IP 1.2.3.4 and redirect to www[.]example[.]com but www[.]example[.]com doesn't point to anything (No A, AAAA, CNAME), try submitting your HTTP request to http://1.2.3.4/ with a "HOST: www[.]example[.]com" header.

    94 proslijeđena tweeta 345 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    11. sij

    Let's do the 20k giveaway! Up for grabs: (1) Burp Suite Pro license (5) Udemy PEH course seats Rules: -1 entry per person -Must have retweeted and be a follower on Twitter at the time of the giveaway -Donation of first born child optional

    1.219 proslijeđenih tweetova 759 korisnika označava da im se sviđa
    Poništi
  11. proslijedio/la je Tweet
    7. sij

    So my guest blog post for about my recon techniques is finally out. Check it out here-

    6 replies 132 proslijeđena tweeta 286 korisnika označava da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    5. sij

    الحمد لله My 2020 Start with SSRF on Here is an Amazing thing i wish to share to Noobs like me.

    159 proslijeđenih tweetova 330 korisnika označava da im se sviđa
    Poništi
  13. proslijedio/la je Tweet
    3. sij

    My JWT talk at HITB Abu Dhabi is published! Practical Approaches For Testing And Breaking JWT Authentication

    82 proslijeđena tweeta 197 korisnika označava da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    1. sij

    Happy new year. For anyone still up and hacking, here is a new lab to play with. Web Cache Poisoning, to go with the post from

    103 proslijeđena tweeta 225 korisnika označava da im se sviđa
    Poništi
  15. proslijedio/la je Tweet
    9. pro 2019.

    SPRING BOOT ACTUATOR ENDPOINTS ….sometimes may reveal sensitive info /autoconfig /beans /configprops /dump /env /health /info /metrics /mappings /shutdown /trace details on each endpoint

    14 proslijeđenih tweetova 23 korisnika označavaju da im se sviđa
    Poništi
  16. proslijedio/la je Tweet
    25. pro 2019.

    Here it is the first part of my blog post about request smuggling: Crossing The Borders : The illegal trade of HTTP requests

    93 proslijeđena tweeta 262 korisnika označavaju da im se sviđa
    Poništi
  17. proslijedio/la je Tweet
    25. pro 2019.

    I've noted an increment of mobile application in bugbounty programs ... so I'm going to start also with mobile app (for now android) hacking, and then I'm going to post the resources I'll use to learn it ... Obviously, any tip/hint/resource sent by you is well accepted :)

    9 replies 20 proslijeđenih tweetova 109 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    20. pro 2019.

    What tool does everyone use to extract an ipa file from their iOS device?

    15 replies 15 proslijeđenih tweetova 51 korisnik označava da mu se sviđa
    Poništi
  19. proslijedio/la je Tweet
    13. pro 2019.

    Open redirect params I come across.. RedirectUrl Return ReturnUrl ClientSideUrl failureUrl ru redir relayState fallbackurl clickurl return_to url goto dest_url urlReturn referer appUrlScheme some leads to xss..

    7 replies 98 proslijeđenih tweetova 217 korisnika označava da im se sviđa
    Poništi
  20. proslijedio/la je Tweet
    6. pro 2019.

    ffuf impresses me a little more every single day. Test a wordlist through several hosts: ffuf -u https://HFUZZ/WFUZZ -w hosts.txt:HFUZZ -w wordlist.txt:WFUZZ -mode clusterbomb

    12 replies 124 proslijeđena tweeta 411 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi

@J1ggy_ još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·