Who Am I ? 🇪🇬 🇵🇸
@19whoami19
Followers
2,139
Following
559
Media
110
Statuses
1,809
Founder & CEO @CyberVulnLLC | Penetration Tester and Bug Bounty Hunter since 2023 with +100 Valid Bugs and 30+ Halls of Fame
127.0.0.1
Joined October 2022
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
LINGORM MAJOR FANDOM
• 683273 Tweets
Errejón
• 585216 Tweets
Durk
• 108552 Tweets
Tattvadarshi Sant Rampal Ji
• 69420 Tweets
#Mステ
• 66868 Tweets
FIGHTING FOR LOVE
• 58632 Tweets
#MGI2024
• 48184 Tweets
Keith
• 42562 Tweets
#HAPPYYUTADAY
• 35139 Tweets
結城さく
• 34603 Tweets
悪役令嬢の中の人
• 28423 Tweets
Gustavo Gayer
• 25738 Tweets
#ネトフリでタイプロ
• 24924 Tweets
#ساعه_استجابه
• 24539 Tweets
#中本悠太_わたし達のHOPE
• 23245 Tweets
Bologna
• 18508 Tweets
#النصر_الخلود
• 17779 Tweets
#유타생일_에브리바디_스크림
• 17555 Tweets
HAPPY BIRTHDAY YUTA
• 16958 Tweets
#荒野7周年空前の超感謝祭
• 16334 Tweets
#史上初金車確定無料ガチャ
• 16011 Tweets
LOVE IN MY HEART PREVIEW
• 14396 Tweets
レジェンド車両
• 13498 Tweets
全員最大金枠アイテム5つ
• 13320 Tweets
FACT復活
• 11111 Tweets
Pinned Tweet
الحساب لمشاركة المعلومات المفيده لوجه الله عز و جل و صدقه جاريه لوالدتي الله يرحمها و امواتنا و اموات المسلمين جميعا ، لو استفدت في اي وقت حتي ولو بمعلومه صغيره ادعيلهم بالرحمه ♥️
6
1
59
Another RXSS via Open redirect bypass using this payload :
javascript%3avar{a%3aonerror}%3d{a%3aalert}%3bthrow%2520document.cookie
by :
@0xM5awy
❤️
5
58
291
Great Work 😄♥️
1 day 1K + More than 100 subs
Thanks💯
5
14
199
Yesterday I was surfing facebook and I got Blind Sql Injection😂
19
4
194
I know it's not a new idea but it got me some low hanging fruits :
1- Visit the website
2- check CMS 'Wappalyzer'
**sometimes blog,x,com is different than www,x,com also subdomains may be different
3- FUZZ using CMS wordlist from Seclists
and search for sensitive files & infos
5
30
195
Hi , I hope it can help ,
CVE-2024-4577 , Nuclei Template + POC
9
43
161
Hi , They closed it as info and banned me from the program
Alhamdulilah I got my first RCE ever , I hope it got triaged without any duplicates
13
0
81
47
15
145
My 2023 Recap :
- Starting Bug Bounty Hunting
- Working on
@Hacker0x01
- Hacking some Companies as TikTok , Nasa , IBM , Ring (Amazon Services) , Google (Duplicate) , +11
- Make $$$$ from Hunting
- Get First Valid Bug and Bounty
- Get more than 50 Bug
- Collab with great hunters
11
1
112
don't waste ur time
don't waste ur effort
don't waste ur rights
don't waste ur money
same program same scope
6
3
115
My first 6 months in bug bounty hunting
@Hacker0x01
I got :
5 bounties
8 thanks
44 resolved bugs
in my way to make the internet more safer
12
4
112
Some ways I know It's basic but I use it in subdomains enumeration
Tools :
1- Subfinder + api keys
2- Assetfinder
3- amass
4- shosubgo ( shodan subs )
__
Websites :
1-
2- Security trials
3- Shodan
4- Google dorks
__
Using subslists & ffuf
#bugbountytips
4
25
111
I just published XSS on TikTok
3
11
100
One of weird things I mate today is :
1- Visiting example(.)com/server-status ---> Forbidden
2 Using : curl -X GET "example(.)/server-status"---> 200
9
10
97
7 triaged reports today for Server Status information Disclosure ❤️👾
#bugbountytips
#BugBounty
#hackerone
#bugbounty
#hacking
#cybersecurity
Add this to ur word list "server-status"
Apache server status disclosure is a vulnerability that can be exploited by attackers to gain access to sensitive information or to launch attacks against the server
#bugbountytips
#BugBounty
#hackerone
#bugbounty
#hacking
#cybersecurity
5
10
35
7
10
98
Hi , My Writeup for my first bug & bounty ever , wait for the coming ones soon :
5
8
97
Unfortunately It's Duplicate , but let me discuss this amazing scenario in this Thread
1
4
89
Hi , Small trick here : When I got all subs in file for example : subs.txt , I use this to get sub-subdomains ---> subfinder -dL subs.txt -all -o sub-sub.txt
#bugbountytips
7
11
80
I just published How I was able to disclose the Users’ chats with AI chat Bot?
3
19
83
Alhamdulilah I got my first RCE ever , I hope it got triaged without any duplicates
13
0
81
if I faced something like :
*.example.* or exapmle.*
how to find subdomains in this way ?
13
8
74
Hi 😁
I'm currently seeking a Job Preferably remotely as a Penetration Tester.
With over 1+ year of experience as a Penetration Tester and Bug Bounty Hunter at
@Hacker0x01
I have successfully identified 80+ valid bugs and achieved 25+ Hall of Fame.👾
3
5
66
Hi, my Reading list on medium I hope it can help u :
1
2
62
Today I reached the 400th report submitted to
@Hacker0x01
, 140 out of them is Duplicate + 109 is informative , Just keep Going and chase ur dreams everywhere , U have to keep walking to arrive 😄
3
2
57
The main reason I am here right now , all thanks and appreciation to my idol Eng. Ebrahem Hegazy
@Zigoo0
❤️
1
1
58
Hi I reported RCE to a private program then after one day they closed it as info out scope and ban me from the program as I am not providing a value to the program , so I hope that I can get your help in this situation
@jobertabma
@michielprins
@Hacker0x01
Report ID :
#2484653
6
7
56
Hi , My 4 advices to a friend it may help someone else one day :
- First thing u have to set a goal to know how to move to claim it
- Second don't stick to learning .. Hunt to learn
- Third get away from automating tools only
- Fourth stop wasting ur life searching for XSS
5
2
51
The Worst Mediation Ever
@Hacker0x01
, You help the Companies to steal our efforts and time cause they pay you 🤮🤮
8
5
51
Hi , I read these books and recommend them to you:
- Bug Bounty Bootcamp
- zseanos-methodology by
@zseano
- Hacking APIs
- The Web Application Hacker's Handbook
4
5
49
In June, I submitted 50 vulnerabilities to 36 programs on
@Hacker0x01
.
Machine Gun only dups🤣
#TogetherWeHitHarder
4
0
48
In May, I submitted 33 vulnerabilities to 18 programs on
@Hacker0x01
.
😂😂وربنا لاعرف امتي ولا فين
#TogetherWeHitHarder
5
1
48
Hurry up bro , U will close my RCE as Duplicate , info or a creative one : N/A out scope 🤣
7
1
46
I’m happy to share that I’m starting a new position as Founder & CEO at
@CyberVulnLLC
✨
Chasing my dreams everywhere ⏳
A big step for me so I need your prayers ❤️
13
0
45
احكيلنا عن بدايتك إزاي اتعلمت وإمتى بدأت تجيب بجز -
قبل اي شئ احب اشكر اصدقاء الرحله حتي لو هما مش عارفين دا
@Zigoo0
من غير باشمهندس ابراهيم ماكنتش هعرف المجال دا او ابداء في ازاي
@0x_rood
@GodfatherOrwa
شكرا ليكم و لكل حد شارك في رحلتي حتي لو بكلمه
3
2
41
الراجل دا جيه النهارده و قالي مش هقولك انا مين و سلم عليا و مشي تقريبا اسمه
19whoami19
7
0
41
9 oct 2023 Duplicate 😓
8 JAN 2024 Resolved the 1st report 😬
9 JAN 2024 Bypassed and Report the same bug 😶🌫️
9 JAN 2024 Triaged and get Rewarded 😈
work smarter and harder 🥶
4
4
36
Hi guys , thanks for ur messages and support but I have two points , I wont disclose the program name I still respect my principles, and I won't disclose the bug , I don't look for what I lost I look for what I will gain in the future
Best regards.
4
0
38
تاني عشان مسحتها بالغلط🤣
Hi , I was able to disclose customers private chats with the AI chat bot ,
using FUZZING :
/~FUZZ
0
3
38
Everyone Give us his advice how to be a good bug bounty hunter? specially for beginners
4
1
38
Add this to ur word list "server-status"
Apache server status disclosure is a vulnerability that can be exploited by attackers to gain access to sensitive information or to launch attacks against the server
#bugbountytips
#BugBounty
#hackerone
#bugbounty
#hacking
#cybersecurity
5
10
35
How to solve RCE as a Security team in 2 mins?
Ban the bug hunter who discovered it from ur program🤣
4
2
37
I got RXSS on the login page a Private program on H1 and they closed it as Info idk should I stay work with H1 or they are stealing our bounties ?
16
1
34
Hi !
2
2
34
Hi ,
الفيديو دا مش تكنيكال قد ما هو تجربه و نصيحه ، بالتوفيق ان شاء الله ❤️
4
4
32
I am working and studying daily for 15 hours from 6 months to make my dreams come true , It's really hard but it deserves more..
4
1
32
Bro it's an information disclosure , not your phone number !
#bugbountytips
#BugBounty
#hackerone
#bugbounty
#hacking
#cybersecurity
5
1
31
Every time I open LinkedIn or Twitter I notice that it's full of achievements and bounties but I forget that the people don't tweet or post the hard part of the story , how did they suffer or how long , Keep working Keep going it's not easy 😀♥️
1
0
32
20 days without any reply to my support ticket !!
#544902
, and months with other tickets !!
@Hacker0x01
6
1
30
did u ask ur self before the difference between ,
Waybackurls
Gau
Katana
⬇️⬇️
5
0
31
In January, I submitted 14 vulnerabilities to 9 programs on
@Hacker0x01
.
#TogetherWeHitHarder
1
1
30
I hope I can get my chance on bug crowd without any Duplicates 🤣
5
0
29
I have a self challenge in this quarter:
31 August I was -17 and I was less active & I lost many repus in NAs
20 Sep I reached 80 35th 🇪🇬
Still 8 days , do u think I can reach the 15th at least?
#bugbountytips
#BugBounty
#hackerone
#bugbounty
#cybersecurity
3
0
27
To all my followers for ur knowledge to be human not a Hacker , The Israeli occupation wipes out children, mothers, and elderly people in their shelters , Where is the human rights ? or as Israeli people say Arabs are not more than animals getting killed ??
#FREE_PALESTINE
🇵🇸
5
3
29
When You face WordPress site what you start to do and look for?
14
1
27
ان شاء الله هجمع اساله كتير و احاول اجاوب عليهم علي قد ماقدر لو عندك سؤال سيبه في الكومنتات
I will go for a Q&A , if u have any questions I will answer it soon , just drop it down
10
0
27
While I was trying too take over a subdomain someone paid it faster 🤣
Welcome in bug bounty
2
0
27
In November, I submitted 20 vulnerabilities to 9 programs on
@Hacker0x01
.
Not bad
#TogetherWeHitHarder
2
0
26
N/A for CORS Misconfiguration the same as in this report
I really hate Hackerone I'm going to try Bug Crowd
7
0
24
u still miss a good part in katana
katana -passive -pss waybackarchive,commoncrawl,alienvault
0
2
26
I am very happy because I feel that my knowledge has real value and people benefit from it 😄♥️💯
2
1
24
In April, I submitted 22 vulnerabilities to 11 programs on
@Hacker0x01
.
#TogetherWeHitHarder
0
0
24
What is good methodology to get xss? — Stop searching by script alert() script
4
7
24
I was testing an admin login page for SQLi but the stupid admin take off the page 😂😂😂😂
5
0
24
One of the things that idk till now how some hunters miss it is checking website technologies and versions !!! it can get you some easy bounties by searching directly for some CVEs or vulnerable versions
0
1
24
one of my fav bugs was Hacking " BARD AI " google AI Chat Bot 👾
1
0
24
I was announced that my report has been Resolved by TikTok security team the worst team ever on
@Hacker0x01
and As a result, I was added to their 2023 Hall of Fame. ❤✨
…
I hate TikTok🤮
#bugbountytips
#BugBounty
#hackerone
#bugbounty
#cybersecurity
2
1
23
