@bau1u hey brother i started a year ago but still no find wanna collab and hunt together
English
Hamro Channel
20 posts
@Julianpetroulas @Julianpetroulas my boi waiting for your videos been already 4 months when you dropping
English
English
Hamro Channel retweetledi
Keep your eyes peeled on these endpoints. 👀
/login ➡️ authentication bugs
/reset-password ➡️ATO
/upload ➡️ RCE
/api/v1/user/1001 ➡️ BOLA
/search?q=query ➡️ Injection bugs
/view?file= ➡️ SSRF
/admin ➡️ internal access
Which endpoint have you found the most bugs on? 👇
English
@thedawgyg bro can you find persons details using ig phone no and more there is a reward to find his identity u can do it bro hes paying 100k for that cuz hes throwing fake bots in his ig ? @thedawgyg
English
since people have been asking me about my 'setup' lol. heres my stupid simple way i have all 4 of the. major models working together to find vulnerabilities, complete coding tasks, research, and anything else i want them to do (or that they want to do, since they decide to do things on their own sometimes lol)
dawgyg - WoH@thedawgyg
i have a VERY VERY stupid simple way i am doing this, and will likely get made fun of for how I am doing it... but I gave each of the 4 systems their own physical box (tho 2 are VM's, but each VM is on its own Mac host and the VMs run ubuntu arm). They all have ssh + sudo access to each others machines. I have shared network drives linking all machines together, and cronjobs + shell scripts monitoring for 'f;ags' to be set. When Claude (my manager) wants to assign a task to one of the other models, it opens up a Assignments.md file in the shared drive, and puts who its assigned to, what the job is, what it needs to produce, what agents it should use to complete the tasks and what LLM's should be reviewing its work. It then creates the 'flag' (this is just a file in the shared drive named message_for_gemini as an example). gemini's cron job will detect that flag within 60 seconds, and will then run a shell script that invokes gemini in yolo mode, its passed a very small system prompt that tells it how to parse the assignments.md file, and how to use my shared_comms.md file (this one is basically a place for them to 'chat' and ask each other questions easily and quickly). once it parses the assignment, it will launch the agents needed to perform the task, and once it has something it thinks is ready, it will create the flag for whatever LLMK is suppose to check its work. if they both agree, it sends the info to Claude with the shared_comms and message_for_claude flag creation. claude then reviews it. if claude thinks its wrong, it will either ask me (if it has evidence on why its wrong) or will ask the 4th model (most of the time grok) for its input. if grok agrees its all good, then claude accepts it and keeps the process going. if grok or claude think its wrong, they send me a text message asking me to check the laptop to provide feedback and a final decision. it seems confusing af writing it all down, but its been working really well for about 2 months now. They also all have to keep a running log of every single command/tool they run (with all params) and some other stuff, depending on the task at hand (and whether its something i want to learn, or already know how to do).
English
@mcgregormma11 @TheNotoriousMMA @grok which is this aeroplane model i dont seem to be olny 15 min but probably 100 mil
English
@leo719ll @Bugcrowd @caseyjohnellis true dude sometimes even i think they dont pay what researchers are destined for .maybe in the fis case u have the poc right
English
English
Final countdown: <2 hrs for @Bugcrowd to show integrity on my $15,500 research. 13k+ views on Reddit—the tech community & investors are watching. Integrity is actions, not silence. Paid status or press escalation. Time is ticking. @caseyjohnellis
English
@HamroC34382 Mostly just that, I did that only in private program, I never hunt in public program
English
@mhmmadazhari anthing other or u just do these and check every request and brother doing these in public programs helps or not plz do let me know.
English
@HamroC34382 Press all buttons/links on the web, while running Burp to log traffic
English
@rudradas01 but bro even this is alot ? how much time have you been in this field.
English
@HamroC34382 Haven't achieved my goals yet, only 3.25% of the journey🥲
English
@rudradas01 bro what programs do you hunt public or private ??
English
@HamroC34382 Broken access control like unauthenticated/unauthorized access, the key is find endpoints as much as you can
English
@rudradas01 that might not be true brother . if so how can you achieve this feat
English
I hope find a critical vulnerability and become one of the Google VRP bug hunters lol🤞
#bugbounty #zeroday #CyberSecurity #EthicalHacking
English