ExploitHub – Telegram

ExploitHub

6.39K subscribers

18 photos

1 video

15 files

348 links

Download Telegram

About

Blog

Apps

Platform

6.39K subscribers

■■■■□ #Iran|ian #BlackHat hacker group @Cra3ked [telegram] released an efficient #BruteForce utility to hack web logins with #PoC

https://github.com/Fr13ND3/1tinymvz.net/

3.1K views17:29

■■■□□ #GoodReport: LFI + file upload = #RCE (#CodeExecution)

https://medium.com/@armaanpathan/chain-the-bugs-to-pwn-an-organisation-lfi-unrestricted-file-upload-remote-code-execution-93dfa78ecce

Chain The Bugs to Pwn an Organisation ( LFI + Unrestricted File Upload = Remote Code Execution )

Hi everyone, After completing my OSCP certification I thought to give a try to bug bounty, as OSCP has sharpened my exploitationSkills.

3.3K views17:31

Source

Title: BugBounty types — HTML injection via email

Description: HTML injection é um ataque muito parecido com o Cross-site Scripting (XSS), enquanto no XSS o invasor pode injetar e executar códigos em…

Continue reading on Medium »

BugBounty types — HTML injection via email

HTML injection é um ataque muito parecido com o Cross-site Scripting (XSS), enquanto no XSS o invasor pode injetar e executar códigos em…

3.4K views17:33

XSS To Good XSS With ClickJacking on Subdomain Microsoft

https://link.medium.com/4EXo7G8Sk1

#XSS
#ClickJacking
#BugBounty

XSS To Good XSS With ClickJacking on Subdomain Microsoft

Bismillah hirrahman nirrahim.

3.2K viewsedited 01:39

Open-redirect on Facebook (Bypass Linkshim)

https://noobsec.org/project/2020-02-16-open-redirect-on-facebook/

3.2K views01:42

https://medium.com/@canavaroxum/xxe-on-windows-system-then-what-76d571d66745

XXE on Windows system …then what ??

it’s been a while since the last Christmas that i would share this story with you guys but i didn't have time (too busy slacking off)

3.4K views01:43

Bypassing WAFs and cracking XOR with Hackvertor

https://portswigger.net/research/bypassing-wafs-and-cracking-xor-with-hackvertor

PortSwigger Research

Bypassing WAFs and cracking XOR with Hackvertor

You might not be aware of the Hackvertor extension I've been working on lately. It features tag based conversion that is far more powerful than the inbuilt decoder in Burp. The idea behind tag based c

3.6K views01:44

Multiple sites for Obfuscation or JavaScript code obscurity.

http://utf-8.jp/public/aaencode.html

http://utf-8.jp/public/jjencode.html

http://www.jsfuck.com

#JS
#OBF

4.7K views01:47

Burp Extension:

https://github.com/Netflix-Skunkworks/sleepy-puppy/tree/master/burp-extension

sleepy-puppy/burp-extension at master · Netflix-Skunkworks/sleepy-puppy

Sleepy Puppy XSS Payload Management Framework. Contribute to Netflix-Skunkworks/sleepy-puppy development by creating an account on GitHub.

4.0K viewsedited 01:49

XMLHttpRequest:

https://xhr.spec.whatwg.org/

3.9K views05:52

ExploitHub pinned «XMLHttpRequest: https://xhr.spec.whatwg.org/»

05:52

“Undetectable C# & C++ Reverse Shells” by Bank Security https://link.medium.com/kIIc9Ch5b4

Undetectable C# & C++ Reverse Shells

Technical overview of different way to spawn a reverse shell on a victim machine

4.0K views02:04

■■■□□ From Recon to Optimizing RCE Results - Simple Story with One of the Biggest ICT Company in the World

https://medium.com/@YoKoKho/from-recon-to-optimizing-rce-results-simple-story-with-one-of-the-biggest-ict-company-in-the-ea710bca487a

From Recon to Optimizing RCE Results - Simple Story with One of the Biggest ICT Company in the World

How I Finally could Got into an Internal Network (and could accessing all of their internal assets) by Using Various Vulnerabilities.

4.0K views02:19

Source Code + Sensitive Information Disclosure lead to InstaMoney and SendGrind Account Takeover
https://medium.com/@denypradana/source-code-sensitive-information-disclosure-lead-to-instamoney-and-sendgrind-account-takeover-fc9adf7d8501

4.3K views02:23

https://portswigger.net/research/top-10-web-hacking-techniques-of-2019

PortSwigger Research

Top 10 web hacking techniques of 2019

The results are in! After 51 nominations whittled down to 15 finalists by a community vote, an expert panel consisting of Nicolas Grégoire, Soroush Dalili, Filedescriptor, and myself have conferred, v

4.9K views02:31

Fun with Amazon S3— Leaks and bucket takeover attack
https://medium.com/@woj_ciech/fun-with-amazon-s3-leaks-and-bucket-takeover-attack-ddb17da1c431

Fun with Amazon S3— Leaks and bucket takeover attack

Amazon S3 joins to the LeakLooker family, now tool looks for exposed buckets and potential takeovers.

4.3K views03:31

[ Writeup — Bugbounty Facebook ] Disclosure the verified phone number in Checkpoint.
https://medium.com/@tiendat253/writeup-bugbounty-facebook-disclosure-the-verified-phone-number-in-checkpoint-aa652faeaf21

4.2K views03:33

HOW I BYPASSED 2 FACTOR AUTHENTICATION
https://medium.com/@manralhemant10/how-i-bypassed-2-factor-authentication-899750421331

HOW I BYPASSED 2 FACTOR AUTHENTICATION

4.3K views03:33

Sentive Data Exposure
https://medium.com/@Sheshasai/sentive-data-exposure-fad568b7875

Sentive Data Exposure

hello my fellow hunters! im here to share(Sharing is caring) a new bug i found in a program let’s call it as redacted.com

4.2K views03:33

How PayPal helped me to generate XSS
https://medium.com/@pflash0x0punk/how-paypal-helped-me-to-generate-xss-9408c0931add

How PayPal helped me to generate XSS

So one day I was doing some work with my friend and visited PayPal to get a Pay with PayPal button. I logged in to PayPal and moved to…

4.5K views03:33

https://medium.com/bugbountywriteup/reflected-dom-xss-and-clickjacking-on-https-silvergoldbull-de-bt-html-daa36bdf7bf0

Reflected DOM XSS and CLICKJACKING on https://silvergoldbull.de/bt.html

While doing spidering on silvergoldbull site I noticed a strange request to https://silvergoldbull.de/bt.html with following request:

4.8K views03:33