📍Captcha Bypass

Join:🟢@hacker_habesha🇪🇹

🩸Exploit Eternal Blue (MS17–010) for Window 7 and higher (custom payload)

📝This article shows you how to exploit the MS17–010 vulnerability on Windows 7 or higher.

🔗https://en.hacks.gr/2023/12/22/exploit-eternal-blue-ms17-010-for-window-7-and-higher-custom-payload/

Join🟢@hacker_habesha🇪🇹

🟢This year we made a ranking with the most popular tools between January and December 2023.😋



The tools of this year encompass a diverse range of cybersecurity disciplines, including AI-Enhanced Penetration Testing, Advanced Vulnerability Management, Stealth Communication Techniques, Open-Source General Purpose Vulnerability Scanning, and more.🤗


Without going into further details, we have prepared a useful list of the most popular tools in Kitploit 2023:😋

🟢 (https://www.kitploit.com/2022/12/top-20-most-popular-hacking-tools-in.html)

Join:🟢@hacker_habesha🇪🇹

🧰CrackMapexec | SMB & AD Enumeration Simplified!

📝Have you ever found yourself staring at a Windows network, wondering how to find vulnerabilities and security holes? Don’t worry, CrackMapExec is here to save the day! It’s like having a Swiss Army knife for your penetration testing needs.

🔗https://en.hacks.gr/2023/12/15/crackmapexec-smb-ad-enumeration-simplified/

Join:🟢@hacker_habesha🇪🇹

💣 Buffer Overflow

📝From memory structure and ROP to Linux and Windows 11 real examples.

🔹Part 1 https://en.hacks.gr/2023/10/28/buffer-overflow-part-i/

🔹Part 2 https://en.hacks.gr/2023/10/29/buffer-overflow-part-ii/

🔹Part 3 https://en.hacks.gr/2023/11/08/buffer-overflow-part-iii/

🔹Part 4 https://en.hacks.gr/2023/11/09/buffer-overflow-part-iv/


Join: 🟢@hacker_habesha🇪🇹

🕸️CloakQuest3r - Uncover The True IP Address Of Websites Safeguarded By Cloudflare

📝CloakQuest3r is a powerful Python tool meticulously crafted to uncover the true IP address of websites safeguarded by Cloudflare, a widely adopted web security and performance enhancement service.

📌Features

🔹Real IP Detection: CloakQuest3r excels in the art of discovering the real IP address of web servers employing Cloudflare's services. This crucial information is paramount for conducting comprehensive penetration tests and ensuring the security of web assets.

🔹Subdomain Scanning: Subdomain scanning is harnessed as a fundamental component in the process of finding the real IP address. It aids in the identification of the actual server responsible for hosting the website and its associated subdomains.

🔹Threaded Scanning: To enhance efficiency and expedite the real IP detection process, CloakQuest3r utilizes threading. This feature enables scanning of a substantial list of subdomains without significantly extending the execution time.

🔹Detailed Reporting: The tool provides comprehensive output, including the total number of subdomains scanned, the total number of subdomains found, and the time taken for the scan. Any real IP addresses unveiled during the process are also presented, facilitating in-depth analysis and penetration testing.

🔗https://github.com/spyboy-productions/CloakQuest3r



Join:🟢@hacker_habesha🇪🇹

💉SQL injection to RCE

📝SQL injection is a type of web application vulnerability that allows an attacker to execute arbitrary SQL commands on a vulnerable web application’s backend database. If the web application is not properly secured, an attacker can leverage a successful SQL injection attack to achieve Remote Code Execution (RCE) on the target server.

📋In this blog, we will explore how SQL injection vulnerabilities can be exploited to achieve RCE on a vulnerable server, along with examples of payloads that can be used to exploit these vulnerabilities.

🔗https://en.hacks.gr/2023/12/27/sql-injection-to-rce/

Join:🟢@hacker_habesha🇪🇹

🧵 Complete Cybersecurity Professional Roadmap 🧵


1. Introduction to Ethical Hacking
   - Definition
   - Purpose
   - Types of Hackers
   - Legal and Ethical Considerations

2. Networking Basics
   - TCP/IP
   - OSI Model
   - Subnetting
   - DNS
   - DHCP

3. Operating Systems
   - Linux
   - Windows
   - macOS
   - Command Line Basics

4. Cybersecurity Fundamentals
   - Encryption
   - Firewalls
   - Antivirus
   - IDS/IPS

5. Programming Languages
   - Python
   - Javascript
   - Bash Scripting
   - SQL
   - C/ C++/ Java/ Ruby

6. Scanning and Enumeration
   - Port Scanning
   - Service Enumeration
   - Vulnerability Scanning

7. Exploitation
   - Common Vulnerabilities and Exploits
   - Metasploit Framework
   - Buffer Overflows

8. Web Application Security
   - OWASP Top Ten
   - SQL Injection
   - Cross-Site Scripting (XSS)

9. Wireless Network Hacking
   - Wi-Fi Security
   - WEP, WPA, WPA2
   - Wireless Attacks

10. Social Engineering
    - Phishing
    - Spear Phishing
    - Social Engineering Toolkit (SET)

11. Sniffing and Spoofing
    - Man-in-the-Middle Attacks
    - ARP Spoofing
    - DNS Spoofing

12. Malware Analysis
    - Types of Malware
    - Sandbox Analysis
    - Signature-Based and Behavior-Based Detection

13. Incident Response and Handling
    - Incident Response Process
    - Digital Forensics
    - Chain of Custody

14. Penetration Testing
    - Types of Penetration Testing
    - Methodology
    - Reporting

15. Cryptography
    - Symmetric and Asymmetric Encryption
    - Hashing Algorithms
    - Digital Signatures

16. Mobile Hacking
    - Android and iOS Security
    - Mobile Application Security

17. Cloud Security
    - AWS, Azure, Google Cloud
    - Security Best Practices

18. IoT Security
    - Internet of Things Risks
    - Securing IoT Devices

19. Legal and Compliance
    - Computer Fraud and Abuse Act (CFAA)
    - GDPR, HIPAA, PCI DSS

20. Cybersecurity Tools
    - Nmap, Wireshark, Burp Suite
    - Snort, Nessus, Aircrack-ng

21. Career Path and Certifications
    - Certified Ethical Hacker (CEH)
    - Offensive Security Certified Professional (OSCP)
    - CISSP, CompTIA Security+

Join:🟢@hacker_habesha🇪🇹

FREE 45-Day Cybersecurity Internship

🛡 Program Highlights:
👉 Duration: 45 days of immersive learning and hands-on experience.
👉Focus: Dive deep into cybersecurity fundamentals and real-world applications.
👉Interactive Sessions: Engage in live sessions, workshops, and practical exercises.
👉Expert Guidance: Learn from industry professionals passionate about sharing their knowledge.
👉Certification: Receive a certificate upon successful completion.


This internship is an incredible opportunity to explore the dynamic field of cybersecurity, and it's completely FREE! Secure your spot now and kickstart your cybersecurity journey with SenseLearner.

🔗 Limited spots available! Apply now at https://forms.gle/KagLYtyiVjF8NZ5K8


#Cybersecurity #InternshipOpportunity #Senselearner #CyberSecurityInternship #InfoSec #LearnSecurity

⚡️Exploiting XSS using Polyglot JPEGs+Javascript to bypass CSP

📝This vulnerability allows an attacker to use a JPEG polyglot with JavaScript to hide the malicious JavaScript payload in the image successfully without corrupting the image to bypass the site’s CSP. For this exploit you will need two parameters, one to call the malicious image and the other one to upload it.

🔗https://en.hacks.gr/2023/12/27/exploiting-xss-using-polyglot-jpegsjavascript-to-bypass-csp/

🟢@hacker_habesha🇪🇹

🏹Exploiting FTP

📝FTP (File Transfer Protocol) is a service or so-called protocol for transferring files between computers via the Transmission Control Protocol / Internet Protocol (TCP / IP). It is considered as an Application Layer Protocol.

🔗https://en.hacks.gr/2023/12/27/exploiting-ftp/

Join:🟢@hacker_habesha🇪🇹

☣️ Free Labs to Train Your Pentest / CTF Skills ☣️

🔸 Academy Hackaflag -BR https://academy.hackaflag.com.br

🔸 Try Hack Me https://tryhackme.com

🔸 Attack-Defense https://attackdefense.com

🔸 alert to win https://alf.nu/alert1

🔸 CTF Komodo Security https://ctf.komodosec.com

🔸 CMD Challenge https://cmdchallenge.com

🔸 Explotation Education https://exploit.education

🔸 Google CTF https://capturetheflag.withgoogle.com

🔸 HackTheBox https://www.hackthebox.eu

🔸 Hackthis https://www.hackthis.co.uk

🔸 Hacksplaining https://www.hacksplaining.com/exercises

🔸 Hacker101 https://ctf.hacker101.com

🔸 Hacker Security https://capturetheflag.com.br

🔸 Hacking-Lab https://www.hacking-lab.com/index.html

🔸 HSTRIKE https://hstrike.com

🔸 ImmersiveLabs https://immersivelabs.com

🔸 Labs Wizard Security https://labs.wizard-security.net

🔸 NewbieContest https://www.newbiecontest.org

🔸 OverTheWire http://overthewire.org

🔸 Practical Pentest Labs https://practicalpentestlabs.com

🔸 Pentestlab https://pentesterlab.com

🔸 Penetration Testing Practice Labs http://www.amanhardikar.com/mindmaps/Practice.html

🔸 PentestIT LAB https://lab.pentestit.ru

🔸 PicoCTF https://picoctf.com

🔸 PWNABLE https://pwnable.kr/play.php

🔸 Root-Me https://www.root-me.org

🔸 Root in Jail http://ctf.rootinjail.com

🔸 Shellter https://shellterlabs.com/pt

🔸 SANS Challenger https://www.holidayhackchallenge.com

🔸 SmashTheStack http://smashthestack.org/wargames.html

🔸 Try Hack Me https://tryhackme.com

🔸 The Cryptopals Crypto Challenges https://cryptopals.com

🔸 Vulnhub https://www.vulnhub.com

🔸 W3Challs https://w3challs.com

🔸 WeChall http://www.wechall.net

🔸 Zenk-Security https://www.zenk-security.com/epreuves.php


Join🟢@hacker_habesha🇪🇹

🔒 Support our hackers AND cybersecurity professionals channel by sharing it with a friend.😊 Unleash their digital prowess!

ከተመቻቹ react ያድርጉ 😉

And don't forget to react if you like the contents 🤗
💻🔐 #HackerCommunity

https://t.me/hacker_habesha?boost

🟢@hacker_habesha

Web Crawlers & Directory Brute Force ⚡

🔹Dirbrute
🔗https://github.com/Xyntax/DirBrute

🔹Dirb
🔗https://dirb.sourceforge.net/

🔹ffuf
🔗https://github.com/ffuf/ffuf

🔹Dirbuster
🔗https://sourceforge.net/projects/dirbuster/

🔹Dirsearch
🔗https://github.com/maurosoria/dirsearch

🔹Gobuster
🔗https://github.com/OJ/gobuster

🔹WebPathBrute
🔗https://github.com/7kbstorm/7kbscan-WebPathBrute

🔹wfuzz
🔗https://github.com/xmendez/wfuzz

🔹Dirmap
🔗https://github.com/H4ckForJob/dirmap

🔹YJdirscan
🔗https://github.com/foryujian/yjdirscan

Join:🟢@hacker_habesha🇪🇹

Sql Injection 💉


🔹 Sqlmap
🔗https://github.com/sqlmapproject/sqlmap

🔹 SSQLInjection
🔗https://github.com/shack2/SuperSQLInjectionV1

🔹Jsql-injection
🔗https://github.com/ron190/jsql-injection

🔹NoSQLMap
🔗https://github.com/codingo/NoSQLMap

🔹Sqlmate
🔗https://github.com/s0md3v/sqlmate

🔹SQLiScanner
🔗https://github.com/0xbug/SQLiScanner

🔹sql-injection-payload-list
🔗https://github.com/payloadbox/sql-injection-payload-list

🔹Advanced-SQL-Injection-Cheatsheet
🔗https://github.com/kleiton0x00/Advanced-SQL-Injection-Cheatsheet

Join:🟢@hacker_habesha🇪🇹

Wordlists 📄


🔹 wordlists - Real-world infosec wordlists, updated regularly.
🔗https://github.com/trickest/wordlists/

🔹psudohash - Password list generator that focuses on keywords mutated by commonly used password creation patterns.
🔗https://github.com/t3l3machus/psudohash

🔹wister - A wordlist generator tool, that allows you to supply a set of words, giving you the possibility to craft multiple variations from the given words, creating a unique and ideal wordlist to use regarding a specific target.
🔗https://github.com/cycurity/wister

🔹Rockyou - wordlists packaging for Kali Linux.
🔗https://gitlab.com/kalilinux/packages/wordlists

🔹Weakpass - For any kind of bruteforce find wordlists.
🔗https://weakpass.com/


Join:🟢@hacker_habesha🇪🇹

🌐Search Engines For PenTesters

Cross-Site Scripting (XSS)

🔹Data Theft
🔹Session Hijacking
🔹Phishing
🔹Defacement
🔹Keylogging
🔹Remote Code Execution
🔹Bypass Security Measures

🟢@hacker_habesha🇪🇹

🩸Domain Takeover with PetitPotam Exploit

📝Petitpotam is a vulnerability that allows a domain user to take over domain controllers through triggering authentications using the MS-EFSRPC protocol.

🔗https://en.hacks.gr/2023/12/27/domain-takeover-with-petitpotam-exploit/

JOIN:🟢@hacker_habesha🇪🇹

🧬Networking Essentials

🔖#infosec #cybersecurity #hacking #pentesting #security

JOIN:🟢@hacker_habesha🇪🇹

🛠Red Team Toolkit

🔴Privilege Escalation
🔴Phishing
🔴OSINT
🔴Exfiltration

🔖#infosec #cybersecurity #hacking #pentesting #security

JOIN:🟢@hacker_habesha🇪🇹