HackingHub

Keep your eyes peeled on these endpoints. 👀 /login ➡️ authentication bugs /reset-password ➡️ATO /upload ➡️ RCE /api/v1/user/1001 ➡️ BOLA /search?q=query ➡️ Injection bugs /view?file= ➡️ SSRF /admin ➡️ internal access Which endpoint have you found the most bugs on? 👇

🚀Visit the Bug Bounty Village: HackingHub x Caido x Bugcrowd at BSidesSF (March 21–22). Workshops, high-value prizes, and a dedicated Web CTF🚩 #BSidesSF #BugBountyVillage

The latest Hubs are live. We aren’t playing here. You either own the logic or you’re out of the deal. 🕶️ Stop playing at being a hacker and prove you're one 👇 app.hackinghub.io/hubs/

The Bug Bounty Village is coming to BSidesSF. Join us this weekend (21st–22nd) for: 🛠️ Advanced Workshops with Caido 🌐 A dedicated WEB CTF 🏆 Massive Prize Pools

They moved the stack to nginx. They thought the migration was clean. But they forgot to scrub the recursive paths.

Ready for another challenge?  Get started with our Free hubs👇 app.hackinghub.io/hubs/

Does this look secure enough to you, or are you already seeing the bypass? Confirm below. 👇

@johnhammond ✅Get started: hhub.io/Linux2026

You can master the Linux fundamentals required for hacking in just 7 hours. We’ve updated the course with @JohnHammond to include the "big three" of text manipulation and editing: Sed, Awk, and Vim. 2 hours of fresh content are waiting for you.

Ready for another challenge?  Get started with our Free hubs👇 app.hackinghub.io/hubs/

Tampering attempt failed. What’s your next move? 🕶️ Drop your answers below👇

New Hub: Naham CRM 🕶️ This bug was worth $15,000, but the exploit isn't just about a payload. You have to understand the logic of how applications talk to each other, and exactly where that communication breaks. Watch the full video and get started. 👇 app.hackinghub.io/hubs/nahamcrm

IIS Filename Enum Hub 🕶️ The system recently migrated from IIS to nginx, but the developers left a trace behind. A single file remains from the old environment. Can you find it? 👇 ✅Get started: app.hackinghub.io/hubs/iis-filen…

Master Regex today 🚀 Check out our course: Regex for Hackers:  app.hackinghub.io/course/regex-f…

Confirm below. 👇

Where is the write-up?" is the wrong question. 🚩 The right question is: "How did you find the entry point?" Logic beats automation (and copy-pasting) every time. 🛠️

Ready for more challenges? Try our Free hubs👉 app.hackinghub.io/hubs/

Tell us, how busted is this one?👀

Find subdomain takeovers, before they can find you. A one-liner pipeline with subfinder, httpx and nuclei. Surface the high-impact subdomain takeover risks in seconds.

Look closely! Running Microsoft IIS on a Windows server. Can you find the vulnerability here? 👀