Hello InfoSec elites, I’m going to share a story about how I escalated a low severity bug into a critical one. I was taking a look at different functionalities of one of the program and it had a Collab feature where we can make notes and share with others. There was an option to export […]
Bugbounty
Road to Recon with EchoPwn.sh
This is a recon tool which allows you to discover the subdomains used by a target web application on both client and server side. Afterwards, it runs dirsearch on the resulted text file. It can also scan for open ports using NMAP and finds hidden parameters on every live Host. Summary: Hello everyone, in this […]
iOS Testing Lab Setup Guide – Part I
This post is about IOS Lab Setup. In this you will learn how to jailbreak iPhone and start the Pentesting.
Yogosha Hackitivist Challenge 2019
I started with hackitivist1 and found that the provided link was vulnerable to blind SQLI, so I started digging more into it. As you can see in the picture below (Figure 1) that after running SQLMAP, I was able to find the database. And then after, I found the username, password, and secret key Unfortunately, […]