charan @0xcharan Twitter profile

Pinned Tweet

charan

2 months

Thrilled to announce that I've achieved a milestone of 1000 reputation points on @Hacker0x01 Grateful for the journey and excited for what's next. #HackerOne #bugbounty

5

0

44

Last Seen Profiles

@FbdnStories

@EssexMilf95

@PRMEENA7781

@HrmAyomide

@AlfieRowe18

@Cdburnett7

@Football_Senzo

@shiomizuxxxxxxx

@planethempreal

@kurotaka_sc77

@AldeSkool

@LegalSadiq

@catmourie

@anna_dawe

@deVorstin

@ciss_ajk

@JayRouseDC

@maligodp

@jandakembangstw

@fransuinaga

@steveking_

@DavidWongMD

@zeros3ss

@leonardorock__

@stwmaniax

@inkubuus

@LauandPatricia

@lu_a_00kk

@QueenAvHate

@yibo0506

@MitchVargovich

@OlavoOpressor

@tatatano129

@bunnyyycat

@jandakembangstw

@CinemaXCricket

charan

@0xcharan

2 years

In June, I submitted 8 vulnerabilities to 5 programs on @Hacker0x01 .Earned more than 5000 dollars able to pay my college fees 🥺 thanks @Hacker0x01 #TogetherWeHitHarder #bugbounty

15

19

324

charan

@0xcharan

30 days

Smashed it with @0xdln and @0xmarvelmaniac ! 🚀 $24K for 8 SQLi bugs at @Hacker0x01 . #TogetherWeHitHarder 💪

Ashutosh

@0xmarvelmaniac

30 days

Yay, @0xcharan @0xdln and I earned a total of $24,000 on @Hacker0x01 for submitting 8 SQL injection issues to a private program! Few SQLis were found by burp scan😅and we had to create a custom burp extension to find the rest on the program. WriteUp soon! #TogetherWeHitHarder

21

16

345

12

3

158

charan

@0xcharan

2 years

Thanks @Bugcrowd tshirt is so cool

1

109

charan

@0xcharan

1 month

Yay, Me and @0xmarvelmaniac earned $7000 in just one week by collaborating on a private program at @HackerOne #TogetherWeHitHarder

HackerOne profile - marvelmaniac

-

hackerone.com

10

2

94

charan

@0xcharan

1 month

In April, I submitted 74 vulnerabilities to 37 programs on @Hacker0x01 . #TogetherWeHitHarder

11

2

63

charan

@0xcharan

3 years

@ADITYASHENDE17 Use this python script loop in bash for scanning multiple domains

0

14

49

charan

@0xcharan

2 years

Received sony swag Thanks @ADITYASHENDE17

2

0

29

charan

@0xcharan

7 months

@Jayesh25_ @GodfatherOrwa shared an interesting presentation on these

The-Power-Of-Recon (1).pptx

THE POWER OF RECON OrwaGodfahter

docs.google.com

1

4

24

charan

@0xcharan

10 months

@intigriti taxi driver

2

1

23

charan

@0xcharan

6 months

In November, I submitted 32 vulnerabilities to 21 programs on @Hacker0x01 . #TogetherWeHitHarder

1

0

21

charan

@0xcharan

3 years

There are lot of people but I mostly inspired from this persons thanks to @sunilyedla2 @4z1zu @ADITYASHENDE17 @0xMstar @_jensec @remonsec @sillydadddy @GodfatherOrwa @GochaOqradze @_justYnot for sharing your knowledge to community I found myself on @Hacker0x01 leaderboard

5

0

19

charan

@0xcharan

11 months

Had some awesome bug bounty chitchat with @0xdln ! 🐛💻

3

18

charan

@0xcharan

1 year

@disnhau @ADITYASHENDE17 @Ahmad_Halabi_ :"" ssl:"" these dorks i use regularly apart from that you can use net:103.36.5.64/27 for cidr

0

2

10

charan

@0xcharan

5 months

@intigriti intigriti support portal

0

12

charan

@0xcharan

29 days

@sk1dd13 better, CTF Player in bug bounties

1

0

12

charan

@0xcharan

2 years

@h4x0r_dz How many vuln you got with this ?

3

0

11

charan

@0xcharan

2 years

@sillydadddy Use dirsearch to it's fullest example use suffix and prefix in dirsearch like adding *,@,; to bypass 403 or 401 errors and it can be used for path traversal too 😉

0

1

9

charan

@0xcharan

7 months

@0x_rood as long as companies are paying, anyone can report anything :)

0

9

charan

@0xcharan

8 months

In September, I submitted 15 vulnerabilities to 12 programs on @Hacker0x01 . #TogetherWeHitHarder

0

1

9

charan

@0xcharan

2 years

@sherlocksecure @PentesterLab Always check for race condition vulnerability on web hooks many test for ssrf on web hooks but not race condition got my first bounty on bugcrowd for this

2

0

7

charan

@0xcharan

2 years

@Virdoex_hunter @e11i0t_4lders0n @theXSSrat @remonsec @ADITYASHENDE17 @sechunt3r @impratikdabhi @ehsayaan @zseano @harshbothra_ @tuhin1729_ Check for version of swagger UI if it is low we can get xss And extract that endpoints fuzz on subs we have

0

8

charan

@0xcharan

3 years

@Assu_Gamerz @ADITYASHENDE17 @GodfatherOrwa @sunilyedla2 @Virdoex_hunter @hunter0x7 @_jensec @GochaOqradze @harshbothra_ @theXSSrat @impratikdabhi @D0rkerDevil @e11i0t_4lders0n @4z1zu Sure bro

0

1

7

charan

@0xcharan

2 years

@IttipatJitrada @Bugcrowd @_zwink Refer this blog

Using Vulnerability Analytics Feature Like a Boss

For the %90 of my working time, I am hunting bugs on the Synack for 2 reasons:

ozguralp.medium.com

1

7

charan

@0xcharan

1 year

@thebinarybot @NahamSec youtube channel BBRE News by @gregxsunday @PortSwiggerRes and @PentesterLand @PentesterLab

1

0

7

charan

@0xcharan

2 years

@PrettyRecon Custom templates for scanning for cves like that

2

0

7

charan

@0xcharan

3 years

Yay, I was awarded a $150 bounty on @Hacker0x01 ! #TogetherWeHitHarder

0

7

charan

@0xcharan

7 months

@IamRenganathan i deleted Linkedin because of these if i see something like that i will lose myself 😤

2

0

7

charan

@0xcharan

2 years

@infosec_au @assetnote Yesterday got bounty with your wordlist only 😊

0

6

charan

@0xcharan

2 months

@Bugcrowd request smuggling

0

6

charan

@0xcharan

1 year

@ADITYASHENDE17 @Ahmad_Halabi_ Shodan gave cool bugs for me from time to time worth it

1

6

charan

@0xcharan

2 years

@ehsayaan @SynackRedTeam @Hacker0x01 Just curious what is ACPV ?

0

6

charan

@0xcharan

9 months

@ITSecurityguard after the 8th month back to again 1st month 🥲

0

5

charan

@0xcharan

2 years

@zapstiko @remonsec @Random_Robbie @theXSSrat @GodfatherOrwa Check this out

0

1

6

charan

@0xcharan

2 years

@akincibor1 He should be award with bonus and you should get actually bounty

0

6

charan

@0xcharan

4 months

In January, I submitted 8 vulnerabilities to 8 programs on @Hacker0x01 . #TogetherWeHitHarder

0

6

charan

@0xcharan

3 years

@intigriti 🌀 HYPNOSIS ATTEMPT 🌀 😵‍💫 😵‍💫 😵‍💫 😵‍💫 you will 😵‍💫 Give me a bounty 😵‍💫 😵‍💫 😵‍💫 😵‍💫 😵💫

1

0

5

charan

@0xcharan

1 month

@Mdhsan19 i know about it, it is public info bth :)

3

0

5

charan

@0xcharan

3 years

@sunilyedla2 Telugu hackers 💪💪

1

0

5

charan

@0xcharan

3 years

@AkshayKerkar13 @coder_rc Use xssvalidator for better results

0

5

charan

@0xcharan

3 years

@ADITYASHENDE17 @D0rkerDevil @theXSSrat I hope mine will be little helpful 🙂🙂

Stripo Inc disclosed on HackerOne: SSRF external interaction

hi team, i found ssrf external interaction on your website which is https://my.stripo.email/cabinet/#/login?guid=&tn=&locale=en on chatbox description:- the attacker might cause the server to...

hackerone.com

0

1

5

charan

@0xcharan

10 months

@intigriti @0xdln @maniacmarvel_ @bug_vs_me @_0xPb

0

5

charan

@0xcharan

1 year

@HackenProof Just don't do it for bounties have fun and enjoy the process and remember this will take time ;)

0

1

5

charan

@0xcharan

1 month

@NahamSec Manual hacking is more fun for sure

0

5

charan

@0xcharan

2 years

In May, I submitted 6 vulnerabilities to 4 programs on @Hacker0x01 . #TogetherWeHitHarder

0

5

charan

@0xcharan

1 year

@manash036 try hackscale

1

0

5

charan

@0xcharan

2 years

@GodfatherOrwa How you manage time and how many hours you spend hunting and learn new things

0

4

charan

@0xcharan

3 years

@cyph3r_asr @huntrdev Black hat 🤣😂

2

0

5

charan

@0xcharan

11 months

@HackenProof burp suite pro

0

5

charan

@0xcharan

2 years

@MoizSid09 @Hacker0x01 In india it is so costly bro as i am studying professional degree🥲😥

0

5

charan

@0xcharan

28 days

@krishnsec Bug bounty is scam 🙃

0

4

charan

@0xcharan

1 year

@harshbothra_ @Hacker0x01 , quick payouts, faster responses and great support

0

4

charan

@0xcharan

2 years

@rez0__ @Jhaddix Which language do you suggest for recon scripts ?

1

0

4

charan

@0xcharan

7 months

@bxmbn they should provide a different environment similar to sensitive assets in case our testing may cause harm it is a program fault for sure

0

4

charan

@0xcharan

1 year

@payloadartist all of my reports are 30 words long only 😅

0

4

charan

@0xcharan

1 year

@krishnsec please share all your poc's sir 😬

0

4

charan

@0xcharan

7 months

@Jayesh25_ hi, do you have anything to share for rce issues ?

1

0

4

charan

@0xcharan

2 years

@ADITYASHENDE17 Whenever i try to hunt for ssrf i will find some other issues instead of ssrf i don't why 😅

0

4

charan

@0xcharan

1 month

@bugoverfl0w @Hacker0x01 Thanks bro, daily i spent 3 hours only except sat and sun and only half of that submission were manual rest are automated only

1

0

4

charan

@0xcharan

1 year

@Bugcrowd and you N/A them 😤

0

4

charan

@0xcharan

4 years

@noob3xploiter I think you're an Indian

1

0

3

charan

@0xcharan

2 years

@Bugcrowd Learning Bounty

0

4

charan

@0xcharan

1 year

@gowtham_ponnana data breach face chese dhaka elage untaru

1

0

4

charan

@0xcharan

1 year

@NahamSec notamalware.exe

0

4

charan

@0xcharan

2 years

@R29k_ @NeolexSecurity You can't find bugs in stress first get out of the stress and then start again with hunter instinct

0

4

charan

@0xcharan

9 months

@Masonhck3571 Are you planning to enter into UFC ?

0

charan

@0xcharan

3 years

@IamRenganathan Shodan and github always leads to interesting results

1

0

4

charan

@0xcharan

9 months

@HusseiN98D forgot about the shared environment imagine you got admin panel access and you noticed many blind xss payloads 🥲

2

0

4

charan

@0xcharan

7 months

@bug_vs_me These ones do the job better, echo 17.0.0.0/16 | mapcidr -silent | dnsx -ptr -resp-only -o output.txt

0

2

4

charan

@0xcharan

2 months

@0x_rood arjun has a lot of bugs, use x8 it is perfect

0

4

charan

@0xcharan

8 months

@GodfatherOrwa @bsidesahmedabad really informative 🔥🔥

0

3

charan

@0xcharan

1 year

@NahamSec Giveaway 1000 pentesterlab subs

0

4

charan

@0xcharan

3 years

@Bugcrowd Blind ssrf -because sometimes it is very hard and challenging it is hard to know the IP address really belong to target asset or it is out of scope And bussiness logic bugs-it required deep understanding of how target works And other blind based bugs too. 😨

1

0

3

charan

@0xcharan

2 years

@Br0k3n_1337 @Hacker0x01 Hi bro which bug ? I too hunted on mongodb i am somewhere in that leaderboard 😅

1

0

4

charan

@0xcharan

2 years

@GodfatherOrwa @Masonhck3571 AT&T good for practice not for bounties 😅

0

3

charan

@0xcharan

3 months

@RootxRavi @recon_sage good tool and UI looks pretty cool :)

1

0

4

charan

@0xcharan

30 days

@0xdln @0xmarvelmaniac let's not forget we have 10 more issues to be paid out 🎉🎉

1

0

4

charan

@0xcharan

1 year

@bug_vs_me great for students

0

4

charan

@0xcharan

2 years

@Bugcrowd @RogueSMG @Farah_Hawaa @gregxsunday @_zwink @NahamSec @stokfredrik

0

4

charan

@0xcharan

2 years

@AkashHamal0x01 Funny 😂😂 send to bugcrowd meme challenge it will be nice meme

0

4

charan

@0xcharan

9 months

@brutelogic looking for a sql cheatsheet

1

0

3

charan

@0xcharan

3 years

In October, I submitted 3 vulnerabilities to 2 programs on @Hacker0x01 . #TogetherWeHitHarder

0

3

charan

@0xcharan

8 months

@zseano check dm

0

charan

@0xcharan

3 years

@sillydadddy @sunilyedla2 1) what are the most common bugs that you encounter 2)tips for csrf and most common csrf bypass that you use 3)tips for ssrf and idor Thanks in advance

2

0

3

charan

@0xcharan

2 years

@NahamSec @shodanhq Ssl:"" http.title:admin

0

3

charan

@0xcharan

8 months

@codingo_ @github @PentesterLab

GitHub - fyoorer/ShadowClone: Unleash the power of cloud

Unleash the power of cloud. Contribute to fyoorer/ShadowClone development by creating an account on GitHub.

github.com

1

0

3

charan

@0xcharan

9 months

@DanielMiessler there is a wrapper for masscan that can be used like naabu

GitHub - nullt3r/jfscan: JF⚡can - Super fast port scanning & service discovery using Masscan and...

JF⚡can - Super fast port scanning & service discovery using Masscan and Nmap. Scan large networks with Masscan and use Nmap's scripting abilities to discover information about servi...

github.com

0

3

charan

@0xcharan

7 months

@Jayesh25_ your all tweets are a goldmine for anyone

1

0

2

charan

@0xcharan