PART - #2 🔐🛡
Understanding the Foundation: Jenkins Security Overview 🔐🛠
Before delving into exploitation, let's establish a solid understanding of key Jenkins security components:
Dive into the details 🧵:📷
https://x.com/vulncure/status/1744722597194186854?s=20
Understanding the Foundation: Jenkins Security Overview 🔐🛠
Before delving into exploitation, let's establish a solid understanding of key Jenkins security components:
Dive into the details 🧵:📷
https://x.com/vulncure/status/1744722597194186854?s=20
👍4❤2🔥2❤🔥1
PART - #3 🕵️♂️🛠
Let's Crack The Jenkins Instance 🔓
Now, let's take the plunge into Remote Code Execution (RCE) using Groovy scripts. This method is stealthier than creating a new project, so buckle up:
Dive into the details 🧵:📷
https://x.com/vulncure/status/1745514588001701991?s=20
Let's Crack The Jenkins Instance 🔓
Now, let's take the plunge into Remote Code Execution (RCE) using Groovy scripts. This method is stealthier than creating a new project, so buckle up:
Dive into the details 🧵:📷
https://x.com/vulncure/status/1745514588001701991?s=20
👍3❤1
PART - #4 ⚙️🔨
💨Mastering Jenkins RCE - Crafting and Modifying Projects 💼💻
Now, let's explore the art of Remote Code Execution (RCE) by creating and modifying projects in Jenkins.
🔑 Authority to tweak? Potent, if noisy! 🌪
Ready to amplify Jenkins skills? 🧵📷
https://x.com/vulncure/status/1746033898746736840?s=20
💨Mastering Jenkins RCE - Crafting and Modifying Projects 💼💻
Now, let's explore the art of Remote Code Execution (RCE) by creating and modifying projects in Jenkins.
🔑 Authority to tweak? Potent, if noisy! 🌪
Ready to amplify Jenkins skills? 🧵📷
https://x.com/vulncure/status/1746033898746736840?s=20
👍7❤2⚡2
🔥3😱2👀2❤1
API Testing Series #1 ✍️🪸
🔍 Key Highlights:
• 🫐 API Endpoints
• 🫑 Collection & Subcollection:
• 🥗 Gateway & 🥥Microservices Demystified
• 🥝 Web API Types
• ⚡️ CRUD Operations
• ❄️ 6 Constraints of Restful API
Let's Dive into the Details 👇⤵️
https://x.com/vulncure/status/1748018742158569966?s=20
🔍 Key Highlights:
• 🫐 API Endpoints
• 🫑 Collection & Subcollection:
• 🥗 Gateway & 🥥Microservices Demystified
• 🥝 Web API Types
• ⚡️ CRUD Operations
• ❄️ 6 Constraints of Restful API
Let's Dive into the Details 👇⤵️
https://x.com/vulncure/status/1748018742158569966?s=20
👍7🔥3
Bug Report as Document
Apache Tomcat :
• 🐞 BUG: HTTP Request Smuggling
• 📄 CVE ID: 2024-21733 | CWE: 444
Detailed Documentation : https://x.com/vulncure/status/1753271047355240874?s=20
Apache Tomcat :
• 🐞 BUG: HTTP Request Smuggling
• 📄 CVE ID: 2024-21733 | CWE: 444
Detailed Documentation : https://x.com/vulncure/status/1753271047355240874?s=20
🔥8👍5
Reverse Engineering For Everyone!
https://0xinfection.github.io/reversing/
@bugbountyresources
@bugbountychats
https://0xinfection.github.io/reversing/
@bugbountyresources
@bugbountychats
🔥10⚡1👍1
🎯 What types of companies do you like to hunt on the most? 😎
-> https://x.com/vulncure/status/1760355776479338768?s=20
-> https://x.com/vulncure/status/1760355776479338768?s=20
❤1
🖥 100 Web Vulnerabilities, categorized into various types : 😀
⚡️ Injection Vulnerabilities:
1. SQL Injection (SQLi)
2. Cross-Site Scripting (XSS)
3. Cross-Site Request Forgery (CSRF)
4. Remote Code Execution (RCE)
5. Command Injection
6. XML Injection
7. LDAP Injection
8. XPath Injection
9. HTML Injection
10. Server-Side Includes (SSI) Injection
11. OS Command Injection
12. Blind SQL Injection
13. Server-Side Template Injection (SSTI)
⚡️ Broken Authentication and Session Management:
14. Session Fixation
15. Brute Force Attack
16. Session Hijacking
17. Password Cracking
18. Weak Password Storage
19. Insecure Authentication
20. Cookie Theft
21. Credential Reuse
⚡️ Sensitive Data Exposure:
22. Inadequate Encryption
23. Insecure Direct Object References (IDOR)
24. Data Leakage
25. Unencrypted Data Storage
26. Missing Security Headers
27. Insecure File Handling
⚡️ Security Misconfiguration:
28. Default Passwords
29. Directory Listing
30. Unprotected API Endpoints
31. Open Ports and Services
32. Improper Access Controls
33. Information Disclosure
34. Unpatched Software
35. Misconfigured CORS
36. HTTP Security Headers Misconfiguration
⚡️ XML-Related Vulnerabilities:
37. XML External Entity (XXE) Injection
38. XML Entity Expansion (XEE)
39. XML Bomb
⚡️ Broken Access Control:
40. Inadequate Authorization
41. Privilege Escalation
42. Insecure Direct Object References
43. Forceful Browsing
44. Missing Function-Level Access Control
⚡️ Insecure Deserialization:
45. Remote Code Execution via Deserialization
46. Data Tampering
47. Object Injection
⚡️ API Security Issues:
48. Insecure API Endpoints
49. API Key Exposure
50. Lack of Rate Limiting
51. Inadequate Input Validation
⚡️ Insecure Communication:
52. Man-in-the-Middle (MITM) Attack
53. Insufficient Transport Layer Security
54. Insecure SSL/TLS Configuration
55. Insecure Communication Protocols
⚡️ Client-Side Vulnerabilities:
56. DOM-based XSS
57. Insecure Cross-Origin Communication
58. Browser Cache Poisoning
59. Clickjacking
60. HTML5 Security Issues
⚡️ Denial of Service (DoS):
61. Distributed Denial of Service (DDoS)
62. Application Layer DoS
63. Resource Exhaustion
64. Slowloris Attack
65. XML Denial of Service
⚡️ Other Web Vulnerabilities:
66. Server-Side Request Forgery (SSRF)
67. HTTP Parameter Pollution (HPP)
68. Insecure Redirects and Forwards
69. File Inclusion Vulnerabilities
70. Security Header Bypass
71. Clickjacking
72. Inadequate Session Timeout
73. Insufficient Logging and Monitoring
74. Business Logic Vulnerabilities
75. API Abuse
⚡️ Mobile Web Vulnerabilities:
76. Insecure Data Storage on Mobile Devices
77. Insecure Data Transmission on Mobile Devices
78. Insecure Mobile API Endpoints
79. Mobile App Reverse Engineering
⚡️ IoT Web Vulnerabilities:
80. Insecure IoT Device Management
81. Weak Authentication on IoT Devices
82. IoT Device Vulnerabilities
⚡️ Web of Things (WoT) Vulnerabilities:
83. Unauthorized Access to Smart Homes
84. IoT Data Privacy Issues
⚡️ Authentication Bypass:
85. Insecure "Remember Me" Functionality
86. CAPTCHA Bypass
⚡️ Server-Side Request Forgery (SSRF):
87. Blind SSR
88. Time-Based Blind SSRF
⚡️ Content Spoofing:
89. MIME Sniffing
90. X-Content-Type-Options Bypass
91. Content Security Policy (CSP) Bypass
⚡️ Business Logic Flaws:
92. Inconsistent Validation
93. Race Conditions
94. Order Processing Vulnerabilities
95. Price Manipulation
96. Account Enumeration
97. User-Based Flaws
⚡️ Zero-Day Vulnerabilities:
98. Unknown Vulnerabilities
99. Unpatched Vulnerabilities
100. Day-Zero Exploits
⚡️ Injection Vulnerabilities:
1. SQL Injection (SQLi)
2. Cross-Site Scripting (XSS)
3. Cross-Site Request Forgery (CSRF)
4. Remote Code Execution (RCE)
5. Command Injection
6. XML Injection
7. LDAP Injection
8. XPath Injection
9. HTML Injection
10. Server-Side Includes (SSI) Injection
11. OS Command Injection
12. Blind SQL Injection
13. Server-Side Template Injection (SSTI)
⚡️ Broken Authentication and Session Management:
14. Session Fixation
15. Brute Force Attack
16. Session Hijacking
17. Password Cracking
18. Weak Password Storage
19. Insecure Authentication
20. Cookie Theft
21. Credential Reuse
⚡️ Sensitive Data Exposure:
22. Inadequate Encryption
23. Insecure Direct Object References (IDOR)
24. Data Leakage
25. Unencrypted Data Storage
26. Missing Security Headers
27. Insecure File Handling
⚡️ Security Misconfiguration:
28. Default Passwords
29. Directory Listing
30. Unprotected API Endpoints
31. Open Ports and Services
32. Improper Access Controls
33. Information Disclosure
34. Unpatched Software
35. Misconfigured CORS
36. HTTP Security Headers Misconfiguration
⚡️ XML-Related Vulnerabilities:
37. XML External Entity (XXE) Injection
38. XML Entity Expansion (XEE)
39. XML Bomb
⚡️ Broken Access Control:
40. Inadequate Authorization
41. Privilege Escalation
42. Insecure Direct Object References
43. Forceful Browsing
44. Missing Function-Level Access Control
⚡️ Insecure Deserialization:
45. Remote Code Execution via Deserialization
46. Data Tampering
47. Object Injection
⚡️ API Security Issues:
48. Insecure API Endpoints
49. API Key Exposure
50. Lack of Rate Limiting
51. Inadequate Input Validation
⚡️ Insecure Communication:
52. Man-in-the-Middle (MITM) Attack
53. Insufficient Transport Layer Security
54. Insecure SSL/TLS Configuration
55. Insecure Communication Protocols
⚡️ Client-Side Vulnerabilities:
56. DOM-based XSS
57. Insecure Cross-Origin Communication
58. Browser Cache Poisoning
59. Clickjacking
60. HTML5 Security Issues
⚡️ Denial of Service (DoS):
61. Distributed Denial of Service (DDoS)
62. Application Layer DoS
63. Resource Exhaustion
64. Slowloris Attack
65. XML Denial of Service
⚡️ Other Web Vulnerabilities:
66. Server-Side Request Forgery (SSRF)
67. HTTP Parameter Pollution (HPP)
68. Insecure Redirects and Forwards
69. File Inclusion Vulnerabilities
70. Security Header Bypass
71. Clickjacking
72. Inadequate Session Timeout
73. Insufficient Logging and Monitoring
74. Business Logic Vulnerabilities
75. API Abuse
⚡️ Mobile Web Vulnerabilities:
76. Insecure Data Storage on Mobile Devices
77. Insecure Data Transmission on Mobile Devices
78. Insecure Mobile API Endpoints
79. Mobile App Reverse Engineering
⚡️ IoT Web Vulnerabilities:
80. Insecure IoT Device Management
81. Weak Authentication on IoT Devices
82. IoT Device Vulnerabilities
⚡️ Web of Things (WoT) Vulnerabilities:
83. Unauthorized Access to Smart Homes
84. IoT Data Privacy Issues
⚡️ Authentication Bypass:
85. Insecure "Remember Me" Functionality
86. CAPTCHA Bypass
⚡️ Server-Side Request Forgery (SSRF):
87. Blind SSR
88. Time-Based Blind SSRF
⚡️ Content Spoofing:
89. MIME Sniffing
90. X-Content-Type-Options Bypass
91. Content Security Policy (CSP) Bypass
⚡️ Business Logic Flaws:
92. Inconsistent Validation
93. Race Conditions
94. Order Processing Vulnerabilities
95. Price Manipulation
96. Account Enumeration
97. User-Based Flaws
⚡️ Zero-Day Vulnerabilities:
98. Unknown Vulnerabilities
99. Unpatched Vulnerabilities
100. Day-Zero Exploits
👍28🔥14❤9👏2🤔1
Hey 🤗 fellow hackers hope you all are doing good,
We are happy 😊 to announce you a free cyber security summer ☀️ Bootcamp.
Enroll for Free: https://hacklearners.com/bootcamp
#hacklearners #cybersecurity
We are happy 😊 to announce you a free cyber security summer ☀️ Bootcamp.
Enroll for Free: https://hacklearners.com/bootcamp
#hacklearners #cybersecurity
👍9❤2
Find xss with this automation of the following work :
1. subfinder -d indeed.com -o indeed.txt //Find Subdomains
2. httpx -l subdomains.txt -o httpx.txt // Live Subdomains
3. echo "indeed.com" | gau --threads 5 >> Enpoints.txt // Find Endpoints
4. cat httpx.txt | katana -jc >> Enpoints.txt // Find More Endpoints
5. cat Enpoints.txt | uro >> Endpoints_F.txt // Remove Duplicates
6. cat Endpoints_F.txt | gf xss >> XSS.txt // Filter Endpoints for XSS
7. cat XSS.txt | Gxss -p khXSS -o XSS_Ref.txt // Find reflected Parameters
8. dalfox file XSS_Ref.txt -o Vulnerable_XSS.txt // Find XSS
Script : https://github.com/dirtycoder0124/xss
1. subfinder -d indeed.com -o indeed.txt //Find Subdomains
2. httpx -l subdomains.txt -o httpx.txt // Live Subdomains
3. echo "indeed.com" | gau --threads 5 >> Enpoints.txt // Find Endpoints
4. cat httpx.txt | katana -jc >> Enpoints.txt // Find More Endpoints
5. cat Enpoints.txt | uro >> Endpoints_F.txt // Remove Duplicates
6. cat Endpoints_F.txt | gf xss >> XSS.txt // Filter Endpoints for XSS
7. cat XSS.txt | Gxss -p khXSS -o XSS_Ref.txt // Find reflected Parameters
8. dalfox file XSS_Ref.txt -o Vulnerable_XSS.txt // Find XSS
Script : https://github.com/dirtycoder0124/xss
🔥20👍9❤7🥰3🤡3