X3r0Day

I Hacked an Indian Government Website Found Users’ Passwords,Aadhaar Numbers,IP Address, Address,phone no,email This is a serious data privacy failure. Reported to CERT-In. Will release full technical details once its fixed. Got more in my Bag 👀 1 vuln each week series? ;))

@love_deepseek @yoursbyte @h4x0r_dz Look into how to prompt, opus 4.8 does not refuse me, and tbh jailbreaking a model wasn't even hard until fable dropped

@X3r0DaySec @yoursbyte @h4x0r_dz Fck opus 4.8 , so many refusal

It looks like GLM 5.2 is the real deal

@yoursbyte @h4x0r_dz I don't believe that it's literally equal until DeepSWE drops it's benchmark Gpt 5.5 > opus 4.8 btw

@X3r0DaySec @h4x0r_dz GLM 5.2 IS LITERALLY EQUAL TO OPUS 4.8 they are equal but I get this model for way cheaper then opus this is the difference

@yoursbyte @h4x0r_dz Seen you 2nd time, what makes you think it can be a cyber weapon? Imo opus 4.8 is way better for that job What do you think

@h4x0r_dz CYBER WEAPON

@OriginalSicksec Wow I was pretty accurate smhw Good one

@X3r0DaySec CVE-2017-5638

Friday RCE dropped #bugbounty #hackerone

you don't need the "cyber verification program", opus 4.8 does the little ethics disclaimer and then just starts enumerating webapps (: Oh and for the record this isn't some elaborate jailbreak with roleplay and persona stuff. Just simple smol agents.md to define behaviour

Pwned Checkpoint (HTB) Medium difficulty windows box, but you learn a ton. I had almost given up lmao rooting took so much damn time on my slow ahh internet istg lol

@hacck3y Funny part is, pentesting govt sites are even easier than easy-medium HTB machines lol

Important clarification regarding the Haryana Higher Education data exposure: I did NOT hack into any system. The data was publicly accessible without any login or credentials due to a simple misconfiguration (IDOR/Broken Access Control). Anyone could construct the URL and access student documents (marksheets, photos, signatures etc.). I reported this responsibly to CERT-In and finally its PATCHED now !! I did not download bulk data or misuse anything. My only goal was to get it fixed. Full technical details + proof here: blogs.hacck3y.me/posts/haryana-… #ResponsibleDisclosure #CyberSecurity

@FirstOnWire @CTI__Updates Well they used AES-256 then used base64 on top of it so they can transfer data through https requests

@CTI__Updates @X3r0DaySec Base64 😂💅

They "fixed" my last Indian Govt data dump by encrypting it (srsly lol?) Bypassed that too lmao 48,593 contacts. 37,598 users. All decrypted with a PoC. (IP, Pass, Aadhaar..) CERT-In has been notified. Not dropping full details until it's actually fixed. x.com/X3r0DaySec/sta…

@CTI__Updates AES encryption lol

@X3r0DaySec what encryption algo did they use?

@DuckyWantDucky @Hacker0x01 Let's go 🔥

Day 200/365 of the Until get 10.0 Critical report 📤 Reports Submitted:- 0 🟠 triaged - 3 🟦 program review - 0 🟤 Duplicate - 0 🟣 New - 2 ⚪️ Info - 0 💰 Paid - $3487 💻 Worked- 10 HOUR #BugBounty Yay, I was awarded a $2700 + Bonus bounty on @Hacker0x01

@ks7X01 better something than nothing. Keep trying and you'll get there 🔥🫶

i usually don't look for xss's because i could not really find any despite trying , but this time it just worked. it's still a self-xss, i'll try my best to make something out of it.

@wulu99 What is it?

@X3r0DaySec Can you please text on telegram

I Hacked an Indian Government Website Found Users’ Passwords,Aadhaar Numbers,IP Address, Address,phone no,email This is a serious data privacy failure. Reported to CERT-In. Will release full technical details once its fixed. Got more in my Bag 👀 1 vuln each week series? ;))

@IAmManware yayayayy got featured by manware 🔥🔥

ok fable is cool but what about this (by @X3r0DaySec)

Source: "Trust me bro"

This is genuinely funny. Fable 5 is supposed to be Anthropic's Mythos-level LLM, their strongest model, yet it still shuts down on basic cybersec audits. I use a custom agents.md setup for OpenCode, said literally "Hi" and it immediately threw a cybersecurity warning. 👏🔥

@Samaytwt Claude, bring my database back. Make no mistake.

Never touching cursor again 😭

@VivekIntel LLMs are better at finding origin host IP than anything

☁️ CloudFail — Discover Infrastructure Hidden Behind Cloudflare CloudFail is an open-source reconnaissance tool designed to uncover origin server information that may be exposed behind Cloudflare protection through historical records and DNS misconfigurations. Key Features: • Searches for leaked origin IP addresses behind Cloudflare • Checks historical records from CrimeFlare databases • Performs DNS reconnaissance using DNSDumpster • Enumerates over 2,500 subdomains to identify exposed assets • Supports Tor routing for privacy during research • Useful for infrastructure exposure assessments and attack surface analysis Reconnaissance Techniques: ✔ Misconfigured DNS record discovery ✔ Historical infrastructure correlation ✔ Subdomain enumeration and analysis ✔ Cloudflare origin exposure detection Note: CloudFail is intended for authorized security testing, research, and defensive assessments. Properly configured Cloudflare deployments may not expose origin infrastructure. 🔗 github.com/m0rtem/CloudFa… #CyberSecurity #OSINT #Recon #Cloudflare #Pentesting