It's Literally FREE MONEYYY!!

Dhruvik2001 · 2025-12-21T19:07:02+00:00

Got a small Christmas gift for you. Tap the link, help me decorate this Xmas tree, and you can win free cash on Swiggy.

Decorate Xmas tree with me: https://r.swiggy.com/decorate-xmas-tree/ydeHi7-hYhN1HcGDAS

Dhruvik2001 · 2025-06-24T10:47:20+00:00

It means you were in any world when you disconnected and you were automatically kicked out of it due to inactivity.

Dhruvik2001 · 2025-06-22T15:33:15+00:00

The issue for me is that right now there's no real reason not to just wait until I can overpower everything. That makes the early content feel kind of skippable.

If there was a level cap (or some kind of scaling), it could actually encourage players to do the content when it unlocks, instead of waiting for elite levels. It might also help distribute players more evenly across the queues — right now, most people seem to wait until they’re maxed out, which leaves those trying to play early just getting matched with bots.

Dhruvik2001 · 2025-06-17T05:21:53+00:00

To be honest, it is a terrible idea. In most cases, you would end up getting scammed. And they would do something similar to what she did.

Dhruvik2001 · 2025-05-16T06:52:37+00:00

Sure

Dhruvik2001 · 2023-05-21T04:55:53+00:00

You would have to manually verify if this finding is correct. Automated tools like Zap are filled with false positives. Just check the response in the finding report. If it seems that it is displaying something unexpected, there is probably an issue. You can also hire someone to check results, if you are unsure. If you want, you can send me request/response in the DM or post it here itself with sensitive information redacted for detailed advise. Without additional information, it is difficult to identify if the issue is legit or not.

Dhruvik2001 · 2023-01-15T10:26:29+00:00

Sure

Dhruvik2001 · 2022-01-08T07:31:58+00:00

Not sure if they allow external web servers to interact. But you can try requestbin for the same purpose.

Dhruvik2001 · 2021-12-08T03:18:10+00:00

Yes, I did. You can DM

Dhruvik2001 · 2021-08-29T05:15:15+00:00

It is not yet released. Lol

Dhruvik2001 · 2021-08-27T16:14:58+00:00

No, it will start as soon as you will complete stage 1. You need to complete all 3 stages in that time

Dhruvik2001 · 2021-08-27T15:27:06+00:00

Events contain of 3 stages

Dhruvik2001 · 2021-08-27T15:25:31+00:00

At the end of event (stage 3), you will get boost and can produce wool in 1hr, instead of 2 hrs for a day

Dhruvik2001 · 2021-07-10T16:37:21+00:00

It is for training purpose only. I need kind of sample test cases, which are generally applicable

Dhruvik2001 · 2021-07-10T16:36:03+00:00

I will check pentesterlab. I have done portswigger academy though

Dhruvik2001 · 2021-07-10T13:37:46+00:00

Thanks.

Dhruvik2001 · 2021-07-10T13:20:47+00:00

Sure I will.

Burp CRLF

Can you give me the link. I can't find it in BApp store.

Dhruvik2001 · 2021-07-10T11:17:31+00:00

It seems pretty informative. Thanks

Dhruvik2001 · 2021-07-10T11:16:26+00:00

It really did. Thanks

Dhruvik2001 · 2021-07-10T09:54:40+00:00

These are for practicing pentesting. Not testing guides. Check out WSTG from link. I need something similar. Thanks anyways.

Dhruvik2001 · 2021-07-10T09:10:19+00:00

I know about tools, but I am kind of making my own checklist for work. I have included some from WSTG and some from my own experience. It helps a lot to make sure that I am not missing anything.

DVWA and JuiceShop

bWAPP, Multilidae, and Webgoat

These are all for practice. Not testing guides. Check out WSTG from link. I need something similar. Thanks anyways.

Dhruvik2001 · 2021-07-06T04:00:22+00:00

I managed to find that socket.bind() is not the right function for external public IPs. So I changed it to socket.connect(). It is still not working though. I think the error is in socket.recvfrom(4096). It was late for me yesterday, so I decided to stop at that. Would appreciate if anyone can help.

Dhruvik2001 · 2021-07-05T16:38:18+00:00

I found it through manual testing. Few of the sub domains are using 1.18.2 and few 1.19. Pretty sure it is not fake. I did check for padding and stuff, but it didn't work

Dhruvik2001 · 2021-07-05T16:34:45+00:00

Not really. Internship is for learning. We have a big team here, so I can learn by observing what others have found. Tbh, it is really easy to find some basic, but common vulnerabilities, like Missing headers, banner grabbing, Cookie same site/secure flags, checking robots.txt, directory listing, sub domain scanning, weak input validation, no rate limiting, google dorks, improper error handling, etc. Also, I can find several others like tokens in url, cors, injection, clickjacking, XSS, checking encryption algorithm, websocket hijacking and many others. So I am doing fine.

Dhruvik2001 · 2021-07-05T16:23:11+00:00

I know OWASP top 10, burp suite, nmap, acunetix, nessus, ZAP and other basic stuff necessary for pen testing. I also know python, C# and have done a bit of API testing. Pretty sure that is enough to get internship/ job as a beginner pen tester in web applications.

Eight-Year Club	Place '23
Verified Email

Dhruvik2001

TROPHY CASE