Shodan Dorks

Medium

#shodan #dork
——————
0Day.Today
@LearnExploit
@Tech_Army

BurpSuite

Awsome TLS

#burpsuite
——————
0Day.Today
@LearnExploit
@Tech_Army

Exploiting XXE for SSRF

Medium

#XXE #SSRF #Exploit
——————
0Day.Today
@LearnExploit
@Tech_Army

Kernel r/w Exploit for iOS 15 and macOS 12

CVE-2022-32845 : aned signature check bypass for model.hwx.

CVE-2022-32948 : DeCxt::FileIndexToWeight() OOB Read due to lack of array index validation.

CVE-2022-42805 : ZinComputeProgramUpdateMutables() potential arbitrary read due to Integer overflow issue.

CVE-2022-32899 : DeCxt::RasterizeScaleBiasData() Buffer underflow due to integer overflow issue.

Tested On :

iPhone12 Pro (iPhone13,3) with iOS 15.5.
iPad Pro (iPad8,10) with iPadOS 15.5.
iPhone11 Pro (iPhone12,3) with iOS 15.4.1.
MacBookAir10,1 M1 with macOS 12.4.

#IOS #Exploit
——————
0Day.Today
@LearnExploit
@Tech_Army

SSRF Techniques

#SSRF
——————
0Day.Today
@LearnExploit
@Tech_Army

SSRF Search & Destroy

#SSRF
——————
0Day.Today
@LearnExploit
@Tech_Army

Burp Suite Version 2022.11.1

آموزش استفاده در فایل Readme گفته شده .
* نکته : برای اجرا شدن نیاز به Java runtime ورژن 9 به بالا و Java JDK نیاز خواهید داشت . *

Pass : 311138

#burpsuite
——————
0Day.Today
@LearnExploit
@Tech_Army

Bypasses for LFI, Auth bypass

#bypass #LFI
——————
0Day.Today
@LearnExploit
@Tech_Army

شرکت ابرآروان در لیست تحریم‌های اتحادیه اروپا قرار گرفت.

https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:L:2022:293I:FULL&from=EN

——————
0Day.Today
@LearnExploit
@Tech_Army

Search Engine for Pentesters

#Search #Engine
——————
IR0Day.Today Bax
@LearnExploit
@Tech_Army

2FA bypass

#bugbountytips #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army

CVE-2022-41040 and CVE-2022-41082 (A.K.A ProxyNotShell)

Github

#POC #Exploit
——————
0Day.Today
@LearnExploit
@Tech_Army

Bug Bounty Hint

GBK Encoding / MultiByte Attack

嘊 = %E5%98%8A = \u560a ⇒ %0A
嘍 = %E5%98%8D = \u560d ⇒ %0D
嘾 = %E5%98%BE = \u563e ⇒ %3E (>)
嘼 = %E5%98%BC = \u563c ⇒ %3C (<)
嘢 = %E5%98%A2 = \u5622 ⇒ %22 (')
嘧 = %E5%98%A7 = \u5627 ⇒ %27 (")

For XSS, CRLF, WAF bypass

#bugbountytips #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army

In This Ceek

بررسی CVE های پر سر و صدای این هفته (21 تا 27 آبان 1401)

https://vrgl.ir/Whjx9

#ITC #CVE
——————
0Day.Today
@LearnExploit
@Tech_Army

https://github.com/Th1sis4T7/UEFI-Checker

——————
0Day.Today
@LearnExploit
@Tech_Army

CVE-2022-30075 PoC exploit (Authenticated RCE in Tp-Link Routers)

usage:

tplink.py [-h] -t target -p password [-b] [-r backup_directory] [-c cmd]

Github

#POC #tplink #exploit
——————
0Day.Today
@LearnExploit
@Tech_Army

⭕️ وبسایت خبرگذاری فارس توسط گروه هکری بلک ریوارد از دسترس خارج شد.

——————
0Day.Today
@LearnExploit
@Tech_Army

Burp Suite Version 2022.12

آموزش استفاده در فایل Readme گفته شده .
* نکته : برای اجرا شدن نیاز به Java runtime ورژن 9 به بالا و Java JDK نیاز خواهید داشت . *

Pass : 311138

#burpsuite
——————
0Day.Today
@LearnExploit

In This Ceek

بررسی CVEهای پر سر و صدای این هفته (28 آبان تا 4 آذر 1401)

https://vrgl.ir/ZApQ5

#ITC #CVE
——————
0Day.Today
@LearnExploit
@Tech_Army

shells

A script for generating common revshells fast and easy.
Especially nice when in need of PowerShell and Python revshells, which can be a PITA getting correctly formated.

Github

#tools
——————
0Day.Today
@LearnExploit
@Tech_Army