└── README.md


/README.md:
--------------------------------------------------------------------------------
  1 | # #100DaysOfHacking
  2 | This repository contains links to all the 100 days tweets that I posted during the #100DaysOfHacking challenge.
  3 | 
  4 | | Tweet Links |
  5 | |-------------|
  6 | |[Announcement of Challenge 🤞](https://twitter.com/NjmUlSqb/status/1476271862866857986?s=20&t=RsjJeeid_TJEOqgiByqq7Q)|
  7 | |[Day 1 - Tested 2FA, Interesting JS File, Sqreen WAF](https://twitter.com/NjmUlSqb/status/1477293904756187143)|
  8 | |[Day 2 - Rate Limitation, XSS, XSRF](https://twitter.com/NjmUlSqb/status/1477682943808221197)|
  9 | |[Day 3 - Improper rate limitation on OTP (email verification) plus no expiry of OTP — Report Submitted](https://twitter.com/NjmUlSqb/status/1478054322042818560)|
 10 | |[Day 4 - Report closed as N/A, understanding app's auth and CSRF protection](https://twitter.com/NjmUlSqb/status/1478420937301184512?s=20&t=ekSri9H8VBUSBCWRsw6e-Q)|
 11 | |[Day 5 - CSRF all the way, Auth cookies behavior](https://twitter.com/NjmUlSqb/status/1478769187019534342?s=20&t=ekSri9H8VBUSBCWRsw6e-Q)|
 12 | |[Day 6 - CRLF, Fetching JS files](https://twitter.com/NjmUlSqb/status/1479163256791052292?s=20&t=ekSri9H8VBUSBCWRsw6e-Q)|
 13 | |[Day 7 - JS file exploration continued](https://twitter.com/NjmUlSqb/status/1479502045660938242?s=20&t=ekSri9H8VBUSBCWRsw6e-Q)|
 14 | |[Day 8 - MySQL DB set up for recon data, Discord Web Hook setup](https://twitter.com/NjmUlSqb/status/1479860605788037126?s=20&t=ekSri9H8VBUSBCWRsw6e-Q)|
 15 | |[Day 9 - Finding secrets in JS files, Heroku check JS script](https://twitter.com/NjmUlSqb/status/1480224817848721415?s=20&t=ekSri9H8VBUSBCWRsw6e-Q)|
 16 | |[Day 10 - Fetching post-auth JS files, studying program's documentation](https://twitter.com/NjmUlSqb/status/1480582174973825033?s=20&t=ekSri9H8VBUSBCWRsw6e-Q)|
 17 | |[Day 11 - Working on JS files](https://twitter.com/NjmUlSqb/status/1480954038644576266?s=20&t=ekSri9H8VBUSBCWRsw6e-Q)|
 18 | |[Day 12 - Static analysis of JS files, Sourcemaps](https://twitter.com/NjmUlSqb/status/1481320096987594754?s=20&t=ekSri9H8VBUSBCWRsw6e-Q)|
 19 | |[Day 13 - Bit of JS, Feeling Down 😞](https://twitter.com/NjmUlSqb/status/1481637356746596357?s=20&t=ekSri9H8VBUSBCWRsw6e-Q)|
 20 | |[Day 14 - Electron JS, KOTH THM](https://twitter.com/NjmUlSqb/status/1482041741670858753?s=20&t=ekSri9H8VBUSBCWRsw6e-Q)|
 21 | |[Day 15 - OAuth 2.0, Implicit Grant Lab, OAuth links of target](https://twitter.com/NjmUlSqb/status/1482406196996943872?s=20&t=ekSri9H8VBUSBCWRsw6e-Q)|
 22 | |[Day 16 - Flawed CSRF Protection](https://twitter.com/NjmUlSqb/status/1482751570152505347?s=20&t=ekSri9H8VBUSBCWRsw6e-Q)|
 23 | |[Day 17 - Flawed CSRF lab continued](https://twitter.com/NjmUlSqb/status/1483123437296140290?s=20&t=ekSri9H8VBUSBCWRsw6e-Q)|
 24 | |[Day 18 - H1 Ambassador Cup CTF, IDOR Writeups](https://twitter.com/NjmUlSqb/status/1483506354547400707?s=20&t=ekSri9H8VBUSBCWRsw6e-Q)|
 25 | |[Day 19 - IDOR](https://twitter.com/NjmUlSqb/status/1483835714399875073?s=20&t=ekSri9H8VBUSBCWRsw6e-Q)|
 26 | |[Day 20 - IDOR & Shodan Findings](https://twitter.com/NjmUlSqb/status/1484203142690529280?s=20&t=ekSri9H8VBUSBCWRsw6e-Q)|
 27 | |[Day 21 - Trying to change profile pic via IDOR , Decoding app's cookie , SSRF via Profile Photo Upload](https://twitter.com/NjmUlSqb/status/1484580740511719430?s=20&t=ekSri9H8VBUSBCWRsw6e-Q)|
 28 | |[Day 22 - Katie's IDOR series, Autorize, Autorepeater](https://twitter.com/NjmUlSqb/status/1484929639055343620?s=20&t=ekSri9H8VBUSBCWRsw6e-Q)|
 29 | |[Day 23 - Autorize configuration & testing on target](https://twitter.com/NjmUlSqb/status/1485288940752019460?s=20&t=ekSri9H8VBUSBCWRsw6e-Q)|
 30 | |[Day 24 - IDOR, gau](https://twitter.com/NjmUlSqb/status/1485623213149278213?s=20&t=ekSri9H8VBUSBCWRsw6e-Q)|
 31 | |[Day 25 - Proper usage of gau to fetch program's URLs](https://twitter.com/NjmUlSqb/status/1486000587913187333?s=20&t=ekSri9H8VBUSBCWRsw6e-Q)|
 32 | |[Day 26 - API Testing, So much manual cURLing 🤢](https://twitter.com/NjmUlSqb/status/1486386556772532231?s=20&t=ekSri9H8VBUSBCWRsw6e-Q)|
 33 | |[Day 27 - Giving another shot to APIs with repeater, EXIF Issue reporting deferred](https://twitter.com/NjmUlSqb/status/1486748484107739136?s=20&t=ekSri9H8VBUSBCWRsw6e-Q)|
 34 | |[](https://twitter.com/NjmUlSqb/status/1503415149494951939?s=20&t=EdOEHOSN-aGnThHMOhq9Hg)|
 35 | |[Day 28 - Burp + Postman](https://twitter.com/NjmUlSqb/status/1487118282113138696?s=20&t=ekSri9H8VBUSBCWRsw6e-Q)|
 36 | |[Day 29 - Bbht Fork Update, Shodan](https://twitter.com/NjmUlSqb/status/1487487357406400519?s=20&t=D3UXB70gMOrdebXR2gYyvQ)|
 37 | |[Day 30 - API hacking writeups, notes & postman collection](https://twitter.com/NjmUlSqb/status/1487817366822137861?s=20&t=XRI43DD7VGOiSkFYLfcmvQ)|
 38 | |[Day 31 - KiteRunner Failed, % shown some unique response, IDOR found [Report Submitted]](https://twitter.com/NjmUlSqb/status/1488185561579991040?s=20&t=R8HZ9ZCZWdzrrf7K_L9f6w)|
 39 | |[Day 32 - Recon Methodology of Ahmad Halabi](https://twitter.com/NjmUlSqb/status/1488518524402380806?s=20&t=cbuf0OISE7dJUOYTtj8GJg)|
 40 | |[Day 33 - Subdomain enumeration, HTTPx, Port Scan](https://twitter.com/NjmUlSqb/status/1488936705700896779?s=20&t=cbuf0OISE7dJUOYTtj8GJg)|
 41 | |[Day 34 - IPs from subdomains](https://twitter.com/NjmUlSqb/status/1489295127050960899?s=20&t=ySAgA8uJxd73QhWWiXtCYQ)|
 42 | |[Day 35 - Rustscan, Writeups](https://twitter.com/NjmUlSqb/status/1489648394930995205?s=20&t=N6w7yym30Hr0vmKnZKpgJQ)|
 43 | |[Day 36 - Ffuf on API endpoint](https://twitter.com/NjmUlSqb/status/1490009402421792770?s=20&t=HM7x-R3Fdiw45PPeX7_EqA)|
 44 | |[Day 37 - Nullbyte fuzzing API & builtwith](https://twitter.com/NjmUlSqb/status/1490383287977750536?s=20&t=O96BIsq2ph6Xzm1n0-muRA)|
 45 | |[Day 38 - Escapehtml4 not escaping apostrophe](https://twitter.com/NjmUlSqb/status/1490747310489444354?s=20&t=O96BIsq2ph6Xzm1n0-muRA)|
 46 | |[Day 39 - Dev tools, Reading client side source, Bad commits](https://twitter.com/NjmUlSqb/status/1491060273636986880?s=20&t=Sh0K48ej3RmYUXCbUU8zFw)|
 47 | |[Day 40 - Location.href to DOM XSS, New API Endpoint found](https://twitter.com/NjmUlSqb/status/1491454409251115009?s=20&t=uCaQDm0EuQIjxEwEuiS6vQ)|
 48 | |[Day 41 - mailto:, URL Object](https://twitter.com/NjmUlSqb/status/1491804266779930626?s=20&t=-nAKT3ug4VlGB8SeVWo9Xw)|
 49 | |[Day 42 - Finding code execution and functionality with breakpoints](https://twitter.com/NjmUlSqb/status/1492153005231198212?s=20&t=HhWemL1lvrhyp0Mo_osyFw)|
 50 | |[Day 43 - Resending XHR with Dev tools](https://twitter.com/NjmUlSqb/status/1492560737637699590?s=20&t=RQIv8RN3bf_lbukHCkH-kA)|
 51 | |[Day 44 - postMessage](https://twitter.com/NjmUlSqb/status/1492891592507731971?s=20&t=3eFqDmSWZoWg-rDGIL2Lug)|
 52 | |[Day 45 - Firing range postMessage lab](https://twitter.com/NjmUlSqb/status/1493277880939331590?s=20&t=VpqhgY2RF26BMLOoNV1dUg)|
 53 | |[Day 46 - First Report Resolved 😍](https://twitter.com/NjmUlSqb/status/1493599291763564546?s=20&t=hRV_Oh1ggYAzxESoUgTiaA)|
 54 | |[Day 47 - Making authenticated requests with getJS, Using devtools to find postMessage, retesting vulnerable endpoint](https://twitter.com/NjmUlSqb/status/1493987682531385345?s=20&t=0-3m1CHE-RrXSUOESykyCg)|
 55 | |[Day 48 - Burp’s Dom invader, postmessage-tracker extension](https://twitter.com/NjmUlSqb/status/1494349513942777857?s=20&t=dmj5e-56g213neY2-zc-6g)|
 56 | |[Day 49 - Old S3 Bucket containing interesting files, ORWA methodology of shodan](https://twitter.com/NjmUlSqb/status/1494705407511740429?t=UasoFAZCxaAY16UJEqQVTQ&s=19)|
 57 | |[Day 50 - Shodan all the way](https://twitter.com/NjmUlSqb/status/1494990026953961472?t=6F7d2OJTIrWf_6zOCHPJNQ&s=19)|
 58 | |[Day 51 - Lighthouse finds vulns in AngularJS](https://twitter.com/NjmUlSqb/status/1495434659357990918?s=20&t=XKrH9Sjak8zcit7yOmTtpg)|
 59 | |[Day 52 - Trying to exploit vulns of AngularJS@1.6.3](https://twitter.com/NjmUlSqb/status/1495799269298741253?s=20&t=gyGufTmrJ9H2Dm5kosk4ew)|
 60 | |[Day 53 - AngularJS , Auth JS File](https://twitter.com/NjmUlSqb/status/1496173290909540358?s=20&t=xKprp6ExyzPbtBRFX2mDTg)|
 61 | | [Day 54 - Reading whole login JS file, Trying to Bypass OTP using JS Debugger](https://twitter.com/NjmUlSqb/status/1496519348181422089?s=20&t=D85FSXSdXPdgkMKCuYfWZg) |
 62 | |[Day 55 - Starting HTB Box, Testing Some Auth Related Functions using Dev Tools](https://twitter.com/NjmUlSqb/status/1496866279365517323?s=20&t=jxPZwLzvG4LsQ5bLjwAqVA)|
 63 | |[Day 56 - How IDOR is fixed? , Cyber Defense Path](https://twitter.com/NjmUlSqb/status/1497250354932580353?s=20&t=nTF7S96i3mIhNmFRYdsMOg)|
 64 | |[Day 57 - API Testing with OWASP ZAP, 2nd Order IDORs, Getting Burnt Out 🥺](https://twitter.com/NjmUlSqb/status/1497621794626355202?s=20&t=I9X-24j2VmASGVywTZEMlw)|
 65 | |[Day 58 - TryHackMe ONLY , Breaking security of Linux/Windows given physical access to machine](https://twitter.com/NjmUlSqb/status/1497991132478783490?s=20&t=leEUpyAywaPaRuW-k0Fqpw)|
 66 | |[Day 59 - Postman Environment & Dynamic Variables, Finding multiple postman collections, Approach to test the API](https://twitter.com/NjmUlSqb/status/1498342694334214151?s=20&t=leEUpyAywaPaRuW-k0Fqpw)|
 67 | |[Day 60 - Reading API documentation, Familiarity with Target is Important](https://twitter.com/NjmUlSqb/status/1498626686157533185?s=20&t=k6n3I9d4dCWA3yBSeZ_Cqw)|
 68 | |[Day 61 - HTB, Virtual Hosts Explained](https://twitter.com/NjmUlSqb/status/1499060855069155330?s=20&t=UvfkiYdgvJ26t_A8eZkhKw)|
 69 | |[Day 62 - HTB, WPScan, Wordpress 5.2.3, Information Disclosure](https://twitter.com/NjmUlSqb/status/1499408869533044736?s=20&t=aNC3-hFHBB82qfZoL4QYbA)|
 70 | |[Day 63 - THM: Introductory Networking Room](https://twitter.com/NjmUlSqb/status/1499644293190979588?s=20&t=vJpmMWJ4KnYmhvdw1Eg2Pw)|
 71 | |[Day 64 - THM: MITRE(started), 250 IDOR Reports, Health Issues](https://twitter.com/NjmUlSqb/status/1500007323380633600?s=20&t=X8IzqciiiMv7V3xjARb8ug)|
 72 | |[Day 65 - THM: MITRE(done), CEH Prep](https://twitter.com/NjmUlSqb/status/1500498559854157827?s=20&t=fhI-qVVV5ghAptRi4y5J2A)|
 73 | |[Day 66 - ECCouncil CEH Exam Passed, HTB: Paper box Pwned](https://twitter.com/NjmUlSqb/status/1500864463385333774?s=20&t=V-Ngs4dj6h4HFDD2zSlALg)|
 74 | |[Day 67 - Using Postman, Zap & Burp together with Upstream Proxy, Throttling Active Scan to Avoid Rate Limitation on API](https://twitter.com/NjmUlSqb/status/1501235894916890626?s=20&t=N-K77uBzoNwysyEPDNWq5w)|
 75 | |[Day 68 -  Dynamic API? , EC2 IPs on Shodan](https://twitter.com/NjmUlSqb/status/1501591828453335045?s=20&t=UwmZxFvvWsZBmQGFKMYs7Q)|
 76 | |[Day 69 - Potentially Infinite Subdomains, Access Control Testing, Session Validation Checks](https://twitter.com/NjmUlSqb/status/1501973967946539018?s=20&t=xsDIIBZsLHrWlC07OLz0gA)|
 77 | |[Day 70 - Horizontal Priv Esc on API, Active Scan on ZAP, Platform Shift](https://twitter.com/NjmUlSqb/status/1502298931727945728?s=20&t=udv4F_NbW7u-ICwqmBnhcA)|
 78 | |[Day 71 - Android Hacking Lab Environment, My experience with Genymotion, ADB, Frida, Android Studio](https://twitter.com/NjmUlSqb/status/1502696797927616515?s=20&t=GmaGBcpmFWN7zAbOjFq-Hg)|
 79 | |[Day 72 - Google API Key , Intents & Activities  and other Android Concepts, Why lesser security issues in android?](https://twitter.com/NjmUlSqb/status/1503048276152655880?s=20&t=DJ3iIrtnpmwdmGsbyE5F7w)|
 80 | |[Day 73 - Different tools for decompilation, Android WebView, xAPK files from ApkPure](https://twitter.com/NjmUlSqb/status/1503415149494951939?s=20&t=EdOEHOSN-aGnThHMOhq9Hg)|
 81 | |[Day 74 - Developing my first Android app](https://twitter.com/NjmUlSqb/status/1503792239255900161?s=20&t=L2f38CbTx95rsPTcu-nJeA)|
 82 | |[Day 75 - React-native-decompiler, API key in app.config, Mobsec Vs. Websec](https://twitter.com/NjmUlSqb/status/1504152728406212618?s=20&t=0VvpJ5_wT0ll5C_jcl1LNw)|
 83 | |[Day 76 - Vulnerable Injured Android](https://twitter.com/NjmUlSqb/status/1504465903710134291?s=20&t=Rj700GZnxAyIKSOv9wEWRw)|
 84 | |[Day 77 - Frustrating APK Decompilation, From JADx to Dex2Jar](https://twitter.com/NjmUlSqb/status/1504891354047987715?s=20&t=juPlamWGfe-fRGTSoiphew)|
 85 | |[Day 78 - Decompilation Mystery Resolved, Finding some flags, Exported Activies, Path of Actvity's Code, Lots of Amazing Android Resources](https://twitter.com/NjmUlSqb/status/1505228633899683841?s=20)|
 86 | |[Day 79 - Exploiting Exported Activities using AM & Malicious App, Setting up Drozer on Docker, Building POC App](https://twitter.com/NjmUlSqb/status/1505593262492590080?s=20&t=vao0GuzwqRB1qgB7jQkYmA)|
 87 | |[Day 80 - IP of Emulator Device, Network issues on Docker, Outdated Drozer? , Android 11 Compatibility, Android Tamer](https://twitter.com/NjmUlSqb/status/1505952698918649860?s=20&t=6h8Uvx_Kfa6N5Jr28mtDZg)|
 88 | |[Day 81 - Testing app's exported activities, SSL Pinning on app? Hacker101 Mobile Hacking Crash Course](https://twitter.com/NjmUlSqb/status/1506328164733173767?s=20&t=zJhUlhJmEm902njK3ksnqA)|
 89 | |[Day 82 - Studying what SSL Pinning is? SSL Pinning Bypass Techniques, okHTTP Library](https://twitter.com/NjmUlSqb/status/1506685401351737345?s=20&t=kSm72APURLRKiebPPu_e1w)|
 90 | |[Day 83 - Target App's SSL Pinning Bypassed using Frida! Learning Frida Usage, Method Hooking](https://twitter.com/NjmUlSqb/status/1507052396484173824?s=20&t=-1BvOj_7oUftIMAGt0jEyQ)|
 91 | |[Day 84 - Insecure Data Storage in Android, World Readable Directories](https://twitter.com/NjmUlSqb/status/1507421932186132480?s=20&t=O2RHS5p77EItjg-IqlBdRw)|
 92 | |[Day 85 - Expo.dev, API Keys and their impact, Android Attack Surface](https://twitter.com/NjmUlSqb/status/1507782228624953351?s=20&t=OE5LP9SZ_4lvPTxvvzKtZg)|
 93 | |[Day 86 - One liner to find all the world readable files/dirs, Plan for rest of the challenege discussed](https://twitter.com/NjmUlSqb/status/1508133409637519361?s=20&t=QuY3qlE7DCoSh928i8l-dw)|
 94 | |[Day 87 - Log Analysis via LogCat, Screenshot Capturing Security Issues, OWASP GitBook on Mobile Security](https://twitter.com/NjmUlSqb/status/1508460320158892045?s=20&t=4ONr26um4WwGfw3vsMOD9w)|
 95 | |[Day 88 - Reverse Engineering Electron JS, Grep! Grep! Grep!, contextIsolation & nodeIntegration](https://twitter.com/NjmUlSqb/status/1508862079117234179?s=20&t=aBXsWPhi6CO-_NOHS83Bow)|
 96 | |[Day 89 - Electronegativity, Fetching Electron Version via Console, Unrestricted Navigation Issue Found](https://twitter.com/NjmUlSqb/status/1509214742002425857?s=20&t=jQZGF8HwR5CiItibJJX1OQ)|
 97 | |[Day 90 - Running Electron JS from Source, Proxying Electron App via Burp/Zap, Unexpected Event](https://twitter.com/NjmUlSqb/status/1509600679526117383?s=20&t=DCRkxC_dzTnjaAqsQ-7aZg)|
 98 | |[Day 91 - VPS Migration & Setup, Rough Plan for Recon, Writing Clean Code, pyLint](https://twitter.com/NjmUlSqb/status/1509921852440911881?s=20&t=PeYgx2_PQ-qpZiG2KYyv-g)|
 99 | |[Day 92 - Improving code structure, __ name __ variable, reconFTW](https://twitter.com/NjmUlSqb/status/1510325320452395019?s=20&t=nfN08bYYIBswDBjpG-R5Mg)|
100 | |[Day 93 - sys.argv Vs. argparse, Multiple values of a single argument](https://twitter.com/NjmUlSqb/status/1510664579868676110?s=20&t=DscP7Cwqe_QIhCgc8y2CdQ)|
101 | |[Day 94 - Debugging GO issues in CronJobs, moduleNotFoundError in Python ](https://twitter.com/NjmUlSqb/status/1510994312917569543?s=20&t=JHE2P46iZPr7lM8H_Hqu1w)|
102 | |[Day 95 - Environment Variables in CRON, moduleNotFoundError {fixed}, weak reference object error {fixed}, Fetching subdomains already stored in DB based on program name input](https://twitter.com/NjmUlSqb/status/1511350694753751042?s=20&t=MIgtNlxqFRaFTNEbCYUALw)|
103 | |[Day 96 - subprocess.check_output(), Ditching temporary files, Storing new subdomains in DB, Sending new subdomains to discord](https://twitter.com/NjmUlSqb/status/1511684649109663753?s=20&t=4LwFFcHYcSIjahqSQ7sqeg)|
104 | |[Day 97 - Fixing the dynamic paths generated for configuration files](https://twitter.com/NjmUlSqb/status/1512130792113246217?s=20&t=tMsAgAaOxN-o-FNDU2_AFA)|
105 | |[Day 98 - Implementing probing functionality to recon automation framework, Habit of this challenge :)](https://twitter.com/NjmUlSqb/status/1512489602677940235?s=20&t=9hQan9O9Hnhn0xVFr7sm9g)|
106 | |[Day 99 - Adding port scanner to recon framework, ZAP Automation Framework, GraphQL Backend, Blog Post Draft](https://twitter.com/NjmUlSqb/status/1512834724477259778?s=20&t=TKSnhGqwvCaOpovirQPVLg)|
107 | |[Day 100 - ZAP Automation Framework Hands On, Reporting of ZAP Framework, Blog Post Released on Last Day](https://twitter.com/NjmUlSqb/status/1513138402350309376?s=20&t=fwhSNOu2gDaHd6-37dVpDg)|
108 | |[Blog Post on 100DaysOfHacking Challenge](https://njmulsqb.github.io/2022/04/10/the-100daysofhacking-challenge.html)|
109 | 


--------------------------------------------------------------------------------