This Cheatsheet provides various tips for using Netcat for both Linux and Unix 🔥🌿🌿🌱☘️🌼🍀
All Syntex is designed for the original netcat
Here is Netcat 🌿Cheatsheet 🔥
All Syntex is designed for the original netcat
Here is Netcat 🌿Cheatsheet 🔥
❤🔥4🔥1👏1😱1🤩1
Some Interested SSRF Bug Reports v1🌵
• Counter Strike :
http://buer.haus/2016/04/18/esea-server-side-request-forgery-and-querying-aws-meta-data/
• Pivot To Internal Network :
https://seanmelia.files.wordpress.com/2016/07/ssrf-to-pivot-internal-networks.pdf
• SSRF To LFI :
https://seanmelia.wordpress.com/2015/12/23/various-server-side-request-forgery-issues/
• OK Google,
Give Me All Your Internal DNS Information :
https://rcesecurity.com/2017/03/ok-google-give-me-all-your-internal-dns-information/
• Open Redirect into SSRF (Airbnb):
https://buer.haus/2017/03/09/airbnb-chaining-third-party-open-redirect-into-server-side-request-forgery-ssrf-via-liveperson-chat/
• SSRF Tip - Open Graph Protocol is a good case for Blind SSRF / Extract of Meta Data. My POC: SSRF in Twitter via a Tweet :) - $5,040 { IMG Below 👇 }
• SSRF To RCE:
http://kernelpicnic.net/2017/05/29/Pivoting-from-blind-SSRF-to-RCE-with-Hashicorp-Consul.html
🧵🔚
• Counter Strike :
http://buer.haus/2016/04/18/esea-server-side-request-forgery-and-querying-aws-meta-data/
• Pivot To Internal Network :
https://seanmelia.files.wordpress.com/2016/07/ssrf-to-pivot-internal-networks.pdf
• SSRF To LFI :
https://seanmelia.wordpress.com/2015/12/23/various-server-side-request-forgery-issues/
• OK Google,
Give Me All Your Internal DNS Information :
https://rcesecurity.com/2017/03/ok-google-give-me-all-your-internal-dns-information/
• Open Redirect into SSRF (Airbnb):
https://buer.haus/2017/03/09/airbnb-chaining-third-party-open-redirect-into-server-side-request-forgery-ssrf-via-liveperson-chat/
• SSRF Tip - Open Graph Protocol is a good case for Blind SSRF / Extract of Meta Data. My POC: SSRF in Twitter via a Tweet :) - $5,040 { IMG Below 👇 }
• SSRF To RCE:
http://kernelpicnic.net/2017/05/29/Pivoting-from-blind-SSRF-to-RCE-with-Hashicorp-Consul.html
🧵🔚
👏3🤩2😱1
🔰 Google Dorks: An Advanced Hacking Tool by @Dheerajydv19
🔗 dheerajydv19.hacklido.com/d/76
- - - # Tags - - -
#EthicalHacking #websecurity #ctf #infosec #bugbountytips #bugbounty
🔗 dheerajydv19.hacklido.com/d/76
- - - # Tags - - -
#EthicalHacking #websecurity #ctf #infosec #bugbountytips #bugbounty
❤4🔥1🤩1
As promised, posting the next lazy write-up, this is how I went from Git to RCE.
Bounty: $3500
#bug #bughunter #bugbounty #bounty
If you enjoy these and want to see more, I will be posting others soon again.
Bounty: $3500
#bug #bughunter #bugbounty #bounty
If you enjoy these and want to see more, I will be posting others soon again.
❤16👏8😱1
☃️Red Teaming CheatSheets☃️
➡️ Payloads
➡️ Buffer Overflow
➡️ Privilege Escalation
and much more...
#pentesting #activedirectory #bugbounty #hacking #infosec #cybersecurity
Link : https://github.com/0xJs/RedTeaming_CheatSheet
Curated By :
@thebinarybots & @0xJs
➡️ Payloads
➡️ Buffer Overflow
➡️ Privilege Escalation
and much more...
#pentesting #activedirectory #bugbounty #hacking #infosec #cybersecurity
Link : https://github.com/0xJs/RedTeaming_CheatSheet
Curated By :
@thebinarybots & @0xJs
👏7🔥1
Do you guys allow me to upload a POST on :
" Tryhackme subscription purchase " at very cheaper than actual price of Tryhackme subscription.
In the poll I have seen lots of are beginners and intermediate in this group. They really need to practice on this platform
I'll tag the Tryhackme Subscription seller [ Verified by me ].
" Tryhackme subscription purchase " at very cheaper than actual price of Tryhackme subscription.
In the poll I have seen lots of are beginners and intermediate in this group. They really need to practice on this platform
I'll tag the Tryhackme Subscription seller [ Verified by me ].
❤10👍4😁1
Content Discovery.svg
1.9 MB
🔥☝🏻Content Discovery Tools
If not opening:
Download any SVG file opener or convertor from SVG file to png
#bugbounty #infosec #cybersecurity #hacking
If not opening:
Download any SVG file opener or convertor from SVG file to png
#bugbounty #infosec #cybersecurity #hacking
👍3😍1
XSS in @Harvard
Payload: lookhere’);}</script><img src=x onerror=alert(“XSS”)>
1)the keyword “lookhere” was used to detect all the place the input was reflected
2)The rest is responsible for balancing the payload
#infosec #bugbountytips #xss
Payload: lookhere’);}</script><img src=x onerror=alert(“XSS”)>
1)the keyword “lookhere” was used to detect all the place the input was reflected
2)The rest is responsible for balancing the payload
#infosec #bugbountytips #xss
👍13🔥6❤4
Search for all leaked keys/secrets using one regex! 😮
regex: gist.github.com/h4x0r-dz/be69c…
#BugBounty #bugbountytip
regex: gist.github.com/h4x0r-dz/be69c…
#BugBounty #bugbountytip
😱8👍4❤1
As I said
Those who wanted to purchase Tryhackme voucher at very cheap price 👇
💥 Can contact This seller @Infosec_lover
🏷️ Seller [ Verified By Me ] :
Price : Rs 146/- or 1.82$ for 1 month voucher.
You can also purchase 2 month or more according to the your need
It's for today only
Those who wanted to purchase Tryhackme voucher at very cheap price 👇
💥 Can contact This seller @Infosec_lover
🏷️ Seller [ Verified By Me ] :
Price : Rs 146/- or 1.82$ for 1 month voucher.
You can also purchase 2 month or more according to the your need
It's for today only
👍7❤3👏1
find more IDOR 🧙♀️
Don’t just replace ID
/account/1234 --> Forbidden
Bypass by appending %20, %09, %0b, %0c, %1c, %1d, %1e, %1f, /
#BugBounty #bugbountytip #bugbountytips
Don’t just replace ID
/account/1234 --> Forbidden
Bypass by appending %20, %09, %0b, %0c, %1c, %1d, %1e, %1f, /
#BugBounty #bugbountytip #bugbountytips
👍25⚡2😱2🤩1😈1
nuclei in normal Undesirable due to too many duplicate in reports 😮
80% use this method in nuclei
collect all subdomains
filter to live
run nuclei
==> lot of duplicates
here the tip how can use its and get valid bugs
#BugBounty #bugbountytip #bugbountytips
===>
80% use this method in nuclei
collect all subdomains
filter to live
run nuclei
==> lot of duplicates
here the tip how can use its and get valid bugs
#BugBounty #bugbountytip #bugbountytips
===>
🔥10❤2👍1👌1🤡1