Bug bounty chat

12 Aug 2023 05:33

Fantastic writeup for for us bro. But please and please, could you post a dummy video detailing the moves you made cause sometimes, these things demand logic and brainwork. If possible. It will help some of us

Bug bounty chat

11 Aug 2023 10:19

https://github.com/Aniruddhpathak404/LFI-SCAN

Bug bounty chat

11 Aug 2023 07:20

hi guys please suggest which mermory is better for pentesting


16gb 3200 mt/s or 16gb 3200 mhz?

Bug bounty chat

11 Aug 2023 07:00

Key Algorithm: RSA
Key Parameters: 05 00
Key Size: 4096

Bug bounty chat

11 Aug 2023 06:56

so have you tried to decrypt it

Bug bounty chat

11 Aug 2023 06:54

also the signature keys

Bug bounty chat

11 Aug 2023 06:50

lie password of admin panel or user ?

Bug bounty chat

11 Aug 2023 06:26

hey guys im a noob here

Bug bounty chat

11 Aug 2023 04:18

Can anyone explain me this bug Insecure OS/Firmware > Hardcoded Password > Non-Privileged User

Bug bounty chat

11 Aug 2023 04:17

But zap is a noisy tool

Bug bounty chat

11 Aug 2023 04:15

Especially IDOR and SDE

Bug bounty chat

11 Aug 2023 04:15

Nice idea bro i will test it

Bug bounty chat

11 Aug 2023 04:13

True that’s why I mentioned replicating the issue. Owasp is known to show % of false positive in its report, but obviously, always preferable to run a replication as part of your QA

Bug bounty chat

11 Aug 2023 04:09

You can report it if it's directly or indirectly linking to in scope domain or server

Bug bounty chat

10 Aug 2023 20:06

I say don’t do it. If it’s out of scope they are going to ask how you even found it and sometimes they get sensitive about it.

Bug bounty chat

11 Aug 2023 14:42

Мой хороший знакомый создал свой канал по пентесту. Он туда уже выкладывает только проверенную информацию и методы похеков, которыми пользуется самостоятельно на проектах по пентесту и CTF.

Также у него есть очень интересный бот в чате, который покажет вам не только информацию, но также вы можете запросить у него эксплойты, payload'ы для XSS, SSTI, CMD Inj и так далее. Так что скорее присоединяйтесь и пользуйтесь!

@pt_soft

Bug bounty chat

11 Aug 2023 07:57

js miner? most of them are public api

Bug bounty chat

11 Aug 2023 07:04

im asking how to do that

Bug bounty chat

11 Aug 2023 06:58

i guess you said you know encrypt algo

Bug bounty chat

11 Aug 2023 06:55

I found a Zendesk api key and applicationID can anyone sugguest me what should i do further escalation to a bounty

Bug bounty chat

11 Aug 2023 06:53

the public root keys and the encryption algo

Bug bounty chat

11 Aug 2023 06:27

i found the keys of a target i'm walking through with google dorking how can i escalate this a get a bounty.....

Bug bounty chat

11 Aug 2023 04:18

I use burp ofcourse but i also use Fiddler

Bug bounty chat

11 Aug 2023 04:17

It feels like it's out of date

Bug bounty chat

11 Aug 2023 04:16

Yep. Considering that’s what you’re doing first. Not sure if that was done. Just basing it off of the fact of running zap

Bug bounty chat

11 Aug 2023 04:15

See if you can pivot or use it to affect domains in scope

Bug bounty chat

11 Aug 2023 04:15

Ya if you done with your Manual testing you can run automated tool

Bug bounty chat

11 Aug 2023 04:12

Automated testing and tools are not preferable because they show false positive and are not capable of finding business logic bug or any critical bug in most of the case

Bug bounty chat

10 Aug 2023 20:10

And like other said. It will be unpaid. There’s a reason they probably don’t pay it. The reason, who knows. That’s their fault.

Bug bounty chat

10 Aug 2023 18:56

Anyone interested in OSCP , GPEN , OSWE , OSCE , Pentest+ , CEH certification ?