📝Scenario:
➡️ You found reflected XSS on a low-privilege, unauthenticated search page
What’s your next BEST move? 👇
15 hours ago
0
0
0
0
Posts by HackingHub
What if the notifications you trust were actually coming from a hacker? 🕶️
Watch the walkthrough with John Hammond to see how it works👇
https://youtu.be/wrAFZLa1TAk?si=0-FSO_Y3BDMHcbBP
1 day ago
0
0
0
0
Test yourself with this NoSQL Injection Challenge 👇
2 days ago
0
0
1
0
Only real hackers will understand this.
3 days ago
0
0
0
0
Test yourself by writing a curl command to get admin 🧐
4 days ago
0
0
1
0
Check out our Blind XSS Masterclass.
This course is not theoretical; it covers real processes, real payloads, and real thinking behind high-impact BXSS bugs.👇
5 days ago
0
0
0
0
Advertisement
Blind XSS isn't dead; it just requires more patience than you're used to 👇
5 days ago
0
0
1
0
Only a good hacker can bypass this.
Drop your answer below👇
6 days ago
0
0
1
0
An uncommon but elite recon method: Subscribe to every marketing email the target company sends
1 week ago
0
0
0
0
Have you hacked a GraphQL API before? Try this one out.
Find the flaw.
And drop yung banger payload. 👇
1 week ago
0
0
1
0
Don't waste keystrokes. The alias command is a critical tool for optimizing your workflow and executing frequent commands instantly.
1 week ago
0
0
0
0
Drop your methodology to bypass this 👇
1 week ago
0
0
1
0
Advertisement
Large organizations often sync profile data across subdomains, moving your session from the core app to sub-apps like /events.
The flaw? Different teams often own these products. This is exactly how Naham found the logic gap.
Try this hub👉https://app.hackinghub.io/hubs/nahamcrm
1 week ago
0
0
0
0
Do you have a good understanding of XML?
Try finding the flaw in this code.
Bonus: Write payload to read /home/carlos/flag.txt 👇
1 week ago
0
0
0
0
This is a one character bypass. Can you find it?
Bonus: Drop the payload 👇
2 weeks ago
0
0
1
0
Can you read the configuration? How?👇
2 weeks ago
0
0
1
0
Can you write a payload to read flag.txt?
Classic mistake: Blacklist + eval()
What’s your payload? 👇
2 weeks ago
0
0
0
0
Your FFUF command isn’t returning anything useful, is it?
The problem usually isn’t the wordlist. You’re likely getting filtered or rate-limited.
Slow it down, control your rate, use realistic headers like a browser, and filter the noise so real endpoints stand out.
Try now 👇
2 weeks ago
0
0
0
0
Advertisement
Are you good at writing regex? Here’s a challenge for you.
Objective: Extract all the MD5 hashes from this log dump.
Rules:
1. No false positives
2. Must match full hashes only
Drop your regex right now? 👇
2 weeks ago
0
0
0
0
Learning to hack can be frustrating...
Every time you try to learn something, you realise that you needed to learn something else first.
What you really need is a roadmap that guides you from start to end.
That's exactly what we've built for you.
https://www.hackinghub.io/
2 weeks ago
0
0
0
0
You don't feel like you know enough about hacking.
Guess what? That feeling never goes away.
The more you learn - the more you realise you don't know.
That's the worst thing about hacking, but also the best.
Start your hacking journey with us.
2 weeks ago
0
0
0
0
In CTFs, speed matters the most.
Most players waste time on full scans first.
Pipeline:
Fast discovery → Focused enumeration → Background verification
Find ports faster with RustScan and use Nmap to get what matters.
Question: Why should you never trust RustScan alone?
3 weeks ago
0
0
0
0
Drop your choice below👇 🔴Red or 🔵blue?
3 weeks ago
0
0
0
0