π¨CVE-2024-23692: Unauthenticated RCE Flaw in Rejetto HTTP File Server
πIt allows remote attackers to execute arbitrary code on affected servers without authentication, potentially leading to data breaches, ransomware attacks, and complete system compromise.
π₯PoC: https://github.com/rapid7/metasploit-framework/pull/19240
π₯Dorks:
Hunter: /product.name="HTTP File Server" and web.body="Rejetto"
FOFA: product="HFS"
SHODAN: product:"HttpFileServer httpd"
#Rejetto #HFS #bugbounty #bugbountytips #cybersecurity #pentesting
πIt allows remote attackers to execute arbitrary code on affected servers without authentication, potentially leading to data breaches, ransomware attacks, and complete system compromise.
π₯PoC: https://github.com/rapid7/metasploit-framework/pull/19240
π₯Dorks:
Hunter: /product.name="HTTP File Server" and web.body="Rejetto"
FOFA: product="HFS"
SHODAN: product:"HttpFileServer httpd"
#Rejetto #HFS #bugbounty #bugbountytips #cybersecurity #pentesting
π₯2
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯3β€βπ₯1
βοΈPentest-Windows
π°Windows11 Penetration Suite Toolkit
πA Windows penetration testing environment that works out of the box.
β οΈThis project was created for educational purposes and should not be used in environments without legal authorization.
πLink: https://lnkd.in/gtX3GbR8
π#infosec #cybersecurity #hacking #pentesting #security #infosec #cybersecurity #hacking #pentesting #security #oscp #ceh #nmap #infosec #hackingtools #networksecurity
π°Windows11 Penetration Suite Toolkit
πA Windows penetration testing environment that works out of the box.
β οΈThis project was created for educational purposes and should not be used in environments without legal authorization.
πLink: https://lnkd.in/gtX3GbR8
π#infosec #cybersecurity #hacking #pentesting #security #infosec #cybersecurity #hacking #pentesting #security #oscp #ceh #nmap #infosec #hackingtools #networksecurity
π₯1
Advanced IDORs - 9 Techniques by Intigriti:
1. Exploiting Basic IDORs
How to: Modify a predictable numeric ID in the request URL or parameters.
Example: GET /user/email?userId=1002 (change userId to another value).
2. Exploiting IDORs via Parameter Pollution
How to: Inject multiple instances of the same parameter in the request.
Example: POST /update_profile with user_id=1234&user_id=5678.
3. Exploiting IDORs via JSON Globbing
How to: Manipulate JSON fields with arrays, booleans, wildcards, or large integers.
Example: { "user_id": ["1234", "5678"] } or { "user_id": "*" }.
4. Exploiting Method-Based IDORs
How to: Change the HTTP method to bypass access controls.
Example: Change GET /user/data to POST /user/data.
5. Exploiting Content-Type-Based IDORs
How to: Alter the Content-Type header to manipulate request processing.
Example: Use Content-Type: application/json instead of Content-Type: text/plain.
6. Exploiting IDORs via Deprecated API Versions
How to: Use older API versions that may lack updated security checks.
Example: Access /v1/user/data instead of /v2/user/data.
7. Exploiting IDORs in APIs that Use Static Keywords
How to: Replace keywords like current or me with numerical user IDs.
Example: Change /user/profile/current to /user/profile/1002.
8. Exploiting IDORs that Require Unpredictable IDs
How to: Find references to UUIDs or hashes in other parts of the application.
Example: Extract UUID from profile URLs like /profile/123e4567-e89b-12d3-a456-426614174000.
9. Exploiting Second-Order IDOR Vulnerabilities
How to: Manipulate stored IDs used in subsequent processes.
Example: Submit a form that stores your ID, then trigger an export process that retrieves data using that stored ID.
----------------------------------------------------------
I've never seen real-world examples for some of them, but they are definitely worth the try.
#pentesting #appsec #bugbounty #cybersecurity
Here's the full scoop: https://buff.ly/3zfhhzL
1. Exploiting Basic IDORs
How to: Modify a predictable numeric ID in the request URL or parameters.
Example: GET /user/email?userId=1002 (change userId to another value).
2. Exploiting IDORs via Parameter Pollution
How to: Inject multiple instances of the same parameter in the request.
Example: POST /update_profile with user_id=1234&user_id=5678.
3. Exploiting IDORs via JSON Globbing
How to: Manipulate JSON fields with arrays, booleans, wildcards, or large integers.
Example: { "user_id": ["1234", "5678"] } or { "user_id": "*" }.
4. Exploiting Method-Based IDORs
How to: Change the HTTP method to bypass access controls.
Example: Change GET /user/data to POST /user/data.
5. Exploiting Content-Type-Based IDORs
How to: Alter the Content-Type header to manipulate request processing.
Example: Use Content-Type: application/json instead of Content-Type: text/plain.
6. Exploiting IDORs via Deprecated API Versions
How to: Use older API versions that may lack updated security checks.
Example: Access /v1/user/data instead of /v2/user/data.
7. Exploiting IDORs in APIs that Use Static Keywords
How to: Replace keywords like current or me with numerical user IDs.
Example: Change /user/profile/current to /user/profile/1002.
8. Exploiting IDORs that Require Unpredictable IDs
How to: Find references to UUIDs or hashes in other parts of the application.
Example: Extract UUID from profile URLs like /profile/123e4567-e89b-12d3-a456-426614174000.
9. Exploiting Second-Order IDOR Vulnerabilities
How to: Manipulate stored IDs used in subsequent processes.
Example: Submit a form that stores your ID, then trigger an export process that retrieves data using that stored ID.
----------------------------------------------------------
I've never seen real-world examples for some of them, but they are definitely worth the try.
#pentesting #appsec #bugbounty #cybersecurity
Here's the full scoop: https://buff.ly/3zfhhzL
πΉ Web Scanner & Crawler
πΉFuzzing with Intruder (Part3)
πΉFuzzing with Intruder (Part2)
πΉFuzzing with Intruder (Part1)
πΉXSS Validator
πΉConfiguring Proxy
πΉBurp Collaborator
πΉHackBar
πΉBurp Sequencer
πΉTurbo Intruder
πΉEngagement Tools
πΉPayload Processing Rule (Part2)
πΉPayload Processing Rule (Part1)
πΉBeginners Guide to Burpsuite Payloads (Part2)
πΉBeginners Guide to Burpsuite Payloads (Part1)
πΉEncoder & Decoder Tutorial
πΉActive Scan++
πΉSoftware Vulnerability Scanner
πΉBurpβs Project Management
πΉRepeater
Please open Telegram to view this post
VIEW IN TELEGRAM
π4π₯2π«‘1
πList of GitHub Dorks for bug bounties.
πFinding
target Files, Languages, API Keys,
Tokens, Usernames, Passwords, Information using
Dates, Extension π
π#infosec #cybersecurity #hacking #pentesting #security
πFinding
target Files, Languages, API Keys,
Tokens, Usernames, Passwords, Information using
Dates, Extension π
π#infosec #cybersecurity #hacking #pentesting #security
π₯7π1
π οΈGuide to Active Directory Hacking
πActive Directory (AD) is a directory service developed by Microsoft to manage and store network information, offering a central location for access control and network security.
π° Read more: https://en.iguru.gr/odigos-gia-active-directory-hacking/
π#infosec #cybersecurity #hacking #pentesting #security
πActive Directory (AD) is a directory service developed by Microsoft to manage and store network information, offering a central location for access control and network security.
π° Read more: https://en.iguru.gr/odigos-gia-active-directory-hacking/
π#infosec #cybersecurity #hacking #pentesting #security
β€12
π Good collection of cheat sheets, guides and resources on #Pentesting, reverse engineering and exploit dev π‘οΈ
- https://x0rb3l.github.io/Cyber-Bookmarks/bookmarks.html
π₯15β€5π3πΏ2
π‘ IDOR Bypass Bug Bounty Tip
Sometimes APIs behave unexpectedly when multiple IDs are passed together.
π Scenario
β’ Victimβs ID: 5200
β’ Attackerβs ID: 5233
π« GET /api/users/5200/info β Access Denied
β GET /api/users/5200,5233/info β Bypass Successful
π Always test for comma-separated, array-style, or batch ID parameters when hunting for IDOR!
#bugbountytips #bugbounty #infosec #cybersecurity #api #IDOR #pentesting #bugbountyTips
Sometimes APIs behave unexpectedly when multiple IDs are passed together.
π Scenario
β’ Victimβs ID: 5200
β’ Attackerβs ID: 5233
π« GET /api/users/5200/info β Access Denied
β GET /api/users/5200,5233/info β Bypass Successful
π Always test for comma-separated, array-style, or batch ID parameters when hunting for IDOR!
#bugbountytips #bugbounty #infosec #cybersecurity #api #IDOR #pentesting #bugbountyTips
π₯28π12β€10π2
#BrutDroid #AndroidHacking #BugBounty #Frida #BurpSuite #Pentesting #AutomationTools #BrutSecurity
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
Android SSL Pinning Bypass | Magisk, Frida & Burp Suite Configuration for Android Studio | BrutDroid
π BrutDroid v1.0.0 is here β your all-in-one Android emulator pentesting toolkit for pentesters, red teamers & bug bounty hunters!
β‘ Automate Frida server setup, root Android emulators with Magisk + rootAVD, install Burp certs system-wide, and bypass SSLβ¦
β‘ Automate Frida server setup, root Android emulators with Magisk + rootAVD, install Burp certs system-wide, and bypass SSLβ¦
π₯45β€7π7π2
π₯ Exclusive ZoomEye Offer for Brut Security Members
β ZoomEye is giving Brut Security members 5% off any membership plan β monthly or yearly β through our special link.
π How it works:
β¦ Click our link: https://www.zoomeye.ai/pricing?aff=INVITE-2SW2-FC96
β¦ Get instant 5% discount on your purchase
π‘ Perfect for bug bounty hunters, pentesters, and researchers who rely on fast, deep internet asset scanning.
#bugbounty #pentesting #osint #cybersecurity #tools
β ZoomEye is giving Brut Security members 5% off any membership plan β monthly or yearly β through our special link.
π How it works:
β¦ Click our link: https://www.zoomeye.ai/pricing?aff=INVITE-2SW2-FC96
β¦ Get instant 5% discount on your purchase
π‘ Perfect for bug bounty hunters, pentesters, and researchers who rely on fast, deep internet asset scanning.
#bugbounty #pentesting #osint #cybersecurity #tools
ZoomEye
Search Engine of Internet-Connected Devices. Create a Free Account to Get Started.
π₯3β€1
π₯ Brut Practical Web Pentesting with concepts of Bug Bounty π₯
Learn to Hack. Defend. Earn.
βοΈ Deep Dive into Advanced Vulnerabilities
βοΈ Real-World Bug Bounty Methodologies
βοΈ Hands-on Labs & Practical Scenarios
βοΈ Recon to Exploitation & Post-Exploitation
βοΈ Reporting & Professional Pentest Approach
π New Batch Starts Soon
π» Online Live Classes
π¨βπ« Trainer: Saumadip (Brut Security)
β¨ DM: @wtf_brut
π± Whatsapp: +918945971332
π§ info@brutsec.com
π brutsec.com
#bugbounty #pentesting #ethicalhacking #cybersecurity
Learn to Hack. Defend. Earn.
βοΈ Deep Dive into Advanced Vulnerabilities
βοΈ Real-World Bug Bounty Methodologies
βοΈ Hands-on Labs & Practical Scenarios
βοΈ Recon to Exploitation & Post-Exploitation
βοΈ Reporting & Professional Pentest Approach
π New Batch Starts Soon
π» Online Live Classes
π¨βπ« Trainer: Saumadip (Brut Security)
β¨ DM: @wtf_brut
π± Whatsapp: +918945971332
π§ info@brutsec.com
π brutsec.com
#bugbounty #pentesting #ethicalhacking #cybersecurity
β€10π₯3πΏ1