While he hits some pretty big bounties, you might be surprised how
@hunter0x7
got started in bug hunting.
Join us for this researcher spotlight and down to earth chat with Ahsan Khan!
#ItTakesACrowd
* You won't do it
* You are useless
* You are nothing
* You can't
* You are wasting Time
* You are poor
And now their yearly income is my pocket money so fuck you
~Pwning
1. Recon = Found log file: web/path/wget-log
2. Found Server IP in the logs file
3. Tested Server IP & Found .git dir: wget -m -I .git web/.git/
4. git status & found backup zip file
5. While reading files found: app/file.php disclosing SSH root Credentials
6. RCE
Selected a program;
1st attempt = 3.5k$
After few months
2nd attempt = 7.5k$
After few months (Bypassed the fixes + New feature bugs)
3rd attempt = 10k$
Come back with 🔥
you won't do it because you are weak in learning, Yes they are right that I am weak
therefore I am working 110+ hours per week to improve this weakness
Admin Pwn (Stories)
1. Found panel
2. Playing with GitHub for 2 days found a sandbox credentials
3. Used the same credentials on the panel and 🔥
4. After digging found SQLi
5. It took 3 days to pwn this panel
Pwning isn't easy ~
If duplicates hurt you
remember that there are others out there who are not even trying & you are not one of them
You are already making an effort, and that is something to be proud of.
Duplicates shouldn't hurt you cz you are digging so keep digging until you win.
@remonsec
I see on ma left side there is no one to help and the right side which is full of failure and ma front a screen which is called future so buddy make yourself that much busy in the work so you dont have much time to think about to look on the left or right ♥️ good luck
Failed in 9th
Failed in 10th
Failed in 11th
Failed in 12th
Failed in 13th
Failed in 14th
Failed in 15th
Still going (Studies)
Failure is the path to success
Update no 3: Reported 15 submissions (total).
Critical one:
Used Js Miner & for finding sen* info in JS files.
Found a JS file disclosing access token without any endpoint.
(1/3)