Rubber ducky

Rubber ducky is Hardware Hacking Device It is also called BAD USB Because Rubber ducky is a USB Hacking device that autorun as soon as any Script or Computer Virus is plug on the USB Port .

Original Rubber ducky Price is approx 50$ But there are some alternative tools also available here we will tell you Rubber ducky alternatives.

Original price - Click here

Here are some alternative Rubber ducky Devices which i used personally

We also used Mini Leonardo Pro Micro - Click Here

We also used ATTINY85 Digispark - Click Here

We also used Arduino UNO R3 - Click Here

We don't use this but its also a Rubber Ducky alternative Raspberry Pi Pico - Click Here

There are other Rubber ducky alternative also Node MCU and wifi Duck but these devices is used like a diffrenet way

Node MCU - Click Here

I would've loved these products if i had to be you. Go for it if you need it.

Article link - https://freelearningtech.in/how-to-make-a-usb-rubber-ducky/

❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

THESE ARE THE MEANING OF THE FOLLOWING ABBREVIATIONS.
_______________

1.) GOOGLE - Global Organization Of Oriented Group Language Of Earth.
2.) YAHOO - Yet Another Hierarchical Officious Oracle.
3.) WINDOW - Wide Interactive Network Development for Office work Solution.
4.) COMPUTER - Common Oriented Machine Particularly United and used under Technical and Educational Research.
5.) VIRUS - Vital Information Resources Under Siege.
6.) UMTS - Universal Mobile Telecommunicati ons System.
7.) AMOLED - Active-matrix organic light-emitting diode.
8.) OLED - Organic light-emitting diode.
9.) IMEI - International Mobile Equipment Identity.
10.) ESN - Electronic Serial Number.
11.) UPS - Uninterruptible power supply.
12. HDMI - High-Definition Multimedia Interface.
13.) VPN - Virtual private network.
14.) APN - Access Point Name.
15.) SIM - Subscriber Identity Module.
16.) LED - Light emitting diode.
17.) DLNA - Digital Living Network Alliance.
18.) RAM - Random access memory.
19.) ROM - Read only memory.
20.) VGA - Video Graphics Array.
21.) QVGA - Quarter Video Graphics Array.
22.) WVGA - Wide video graphics array.
23.) WXGA - Widescreen Extended Graphics Array.
24.) USB - Universal serial Bus.
25.) WLAN - Wireless Local Area Network.
26.) PPI - Pixels Per Inch.
27.) LCD - Liquid Crystal Display.
28.) HSDPA - High speed down-link packet access.
29.) HSUPA - High-Speed Uplink Packet Access.
30.) HSPA - High Speed Packet Access.
31.) GPRS - General Packet Radio Service.
32.) EDGE - Enhanced Data Rates for Globa Evolution.
33.) NFC - Near field communication.
34.) OTG - On-the-go.
35.) S-LCD - Super Liquid Crystal Display.
36.) O.S - Operating system.
37.) SNS - Social network service.
38.) H.S - HOTSPOT.
39.) P.O.I - Point of interest.
40.) GPS - Global Positioning System.
41.) DVD - Digital Video Disk.
42.) DTP - Desk top publishing.
43.) DNSE - Digital natural sound engine.
44.) OVI - Ohio Video Intranet.
45.) CDMA - Code Division Multiple Access.
46.) WCDMA - Wide-band Code Division Multiple Access.
47.) GSM - Global System for Mobile Communications.
48.) WI-FI - Wireless Fidelity.
49.) DIVX - Digital internet video access.
50.) APK - Authenticated public key.
51.) J2ME - Java 2 micro edition.
52.) SIS - Installation
53.) DELL - Digital electronic link library.
54.) ACER - Acquisition Collaboration Experimentation Reflection.
55.) RSS - Really simple syndication.
56.) TFT - Thin film
57.) AMR- Adaptive Multi-Rate.
58.) MPEG - moving pictures experts group.
59.) IVRS - Interactive Voice Response System.
60.) HP - Hewlett
Packard.

❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

Here are some of the tools that we use when we perform Live Recon

Recon-ng - https://github.com/lanmaster53/recon-ng
httpx - https://github.com/projectdiscovery/httpx
isup.sh - https://github.com/gitnepal/isup
Arjun - https://github.com/s0md3v/Arjun
jSQL - https://github.com/ron190/jsql-injection
Smuggler - https://github.com/defparam/smuggler
Sn1per - https://github.com/1N3/Sn1per
Spiderfoot - https://github.com/smicallef/spiderfoot
Nuclei - https://github.com/projectdiscovery/nuclei
Jaeles - https://github.com/jaeles-project/jaeles
ChopChop - https://github.com/michelin/ChopChop
Inception - https://github.com/proabiral/inception
Eyewitness - https://github.com/FortyNorthSecurity/EyeWitness
Meg - https://github.com/tomnomnom/meg
Gau - Get All Urls https://github.com/lc/gau
Snallygaster - https://github.com/hannob/snallygaster
NMAP - https://github.com/nmap/nmap
Waybackurls - https://github.com/tomnomnom/waybackurls
Gotty - https://github.com/yudai/gotty
GF - https://github.com/tomnomnom/gf
GF Patterns - https://github.com/1ndianl33t/Gf-Patterns
Paramspider - https://github.com/devanshbatham/ParamSpider
XSSER - https://github.com/epsylon/xsser
UPDOG - https://github.com/sc0tfree/updog
JSScanner - https://github.com/dark-warlord14/JSScanner
Takeover - https://github.com/m4ll0k/takeover
Keyhacks - https://github.com/streaak/keyhacks
S3 Bucket AIO Pwn - https://github.com/blackhatethicalhacking/s3-buckets-aio-pwn
BHEH Sub Pwner Recon - https://github.com/blackhatethicalhacking/bheh-sub-pwner
GitLeaks - https://github.com/zricethezav/gitleaks
Domain-2IP-Converter - https://github.com/blackhatethicalhacking/Domain2IP-Converter
Dalfox - https://github.com/hahwul/dalfox


❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

i am sure You have listen about whois but here we will tell you about Reverse Whois.

For Reverse WHOIS you can use whoxy website, as we are running the target of google ,there will also be the owner of google, whose name you will get from google, find other domains by the same name.

you have to do the reverse WHOIS of your target while bug hunting, here you get the option to reverse WHOIS by company name, owner name, email address and domain keyword.

Website - https://www.whoxy.com/

First you visit this website then you see search box in this website and there is dropdown menu there you can get a option for Reverse Whois.

When you do Reverse whois you see you can get a more domains which is acquired by your target owner.

After that you can get a more subdomains using shodan. I know you have already know about Google dorking but shodan dorks is also available and helpful for finding more subdomains. If you use shodan for finding subdomains then first you create an account.

Website - https://www.shodan.io/

example - ssl:"google.com"

Here is a list of some shodan dorks.

👉👉👉👉👉

Basic Shodan Filters

city:
Find devices in a particular city.
city:"Bangalore"

country:
Find devices in a particular country.
country:"IN"

geo:
Find devices by giving geographical coordinates.
geo:"56.913055,118.250862"

hostname:
Find devices matching the hostname.
server: "gws" hostname:"google"

net:
Find devices based on an IP address or /x CIDR.
net:210.214.0.0/16

os:
Find devices based on operating system.
os:"windows 7"

port:
Find devices based on open ports.
proftpd port:21

before/after:
Find devices before or after between a given time.
apache after:22/02/2009 before:14/3/2010

Citrix:
Find Citrix Gateway.
title:"citrix gateway"

Wifi Passwords:
Helps to find the cleartext wifi passwords in Shodan.
html:"def_wirelesspassword"

Surveillance Cams:
With username:admin and password: :P
NETSurveillance uc-httpd

Fuel Pumps connected to internet:
No auth required to access CLI terminal.
"privileged command" GET

Windows RDP Password:
But may contain secondary windows auth
"\x03\x00\x00\x0b\x06\xd0\x00\x00\x124\x00"

Mongo DB servers:
It may give info about mongo db servers and dashboard
"MongoDB Server Information" port:27017 -authentication

FTP servers allowing anonymous access:
Complete Anon access
"220" "230 Login successful." port:21

Jenkins:
Jenkins Unrestricted Dashboard
x-jenkins 200

Hacked routers:
Routers which got compromised
hacked-router-help-sos

Open ATM:
May allow for ATM Access availability
NCR Port:"161"

Telnet Access:
NO password required for telnet access.
port:23 console gateway

Misconfigured Wordpress Sites:
The wp-config.php if accessed can give out the database credentials.
http.html:"* The wp-config.php creation script uses this file"

Hiring:
Find sites hiring.
"X-Recruiting:"

Android Root Bridge:
Find android root bridges with port 5555.
"Android Debug Bridge" "Device" port:5555

Etherium Miners:
Shows the miners running ETH.
"ETH - Total speed"

Tesla Powerpack charging Status:
Helps to find the charging status of tesla powerpack.
http.title:"Tesla PowerPack System" http.component:"d3" -ga3ca4f2

👉👉👉👉👉

If you want to getting more information about shodan dorks then read this article - https://thedarksource.com/shodan-cheat-sheet/


❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

LATEST TECHNOLOGY AND CYBERNEWS

BY @cybermonkeyofficials

🌐FACEBOOK CHANGES ITS COMPANY NAME TO 'META'

🌐INDIAN GOVERNMENT STARTS PROBE AGAINST FACEBOOK SEEKS INFO ABOUT ITS ALGORITHM

🌐DELHI HC NOTICE TO RBI, SBI OVER BANNING UPI PAYMENTS IN CRYPTO EXCHANGES

🌐SPACEX SPACESHIP FACED URINE LEAK ISSUE DURING ITS FIRST PRIVATE FLIGHT

🌐APPLE SUED FOR NOT PROVIDING IPHONE CHARGER IN CHINA : REPORTS

🌐JAPANESE STARTUP DEMONSTRATES ITS AI-EQUIPPED ROBOTIC ARM IN SPACE

🌐IT MINISTRY TO ISSUE FAQS ON INTERMEDIARY GUIDELINES SOON :SOURCES

🌐MICROSOFT TO WORK WITH COMMUNITY COLLEGES TO FILL 250,000 CYBER JOBS

🌐US BAN ON CHINA TELECOM IS MALICIOUS SUPPRESSION SAYS BEIJING

🌐TRUECALLER VERIFIES IRCTC'S 139 HELPLINE NUMBER

🌐AUSTRALIA PLANS TO MAKE GOOGLE OFFER ALTERNATIVE SEARCH ENGINES ON SMARTPHONES

🌐SC ALLOWS GOVT APPEAL AGAINST GIVING AIRTEL RS 923 CRORE AS GST REFUND

🌐ACER SUFFERS ANOTHER CYBER ATTACK WITHIN WEEKS , HACKERS WARNED OF MORE VULNERABLE SERVERS

🌐CIA SOUGH REVENGE AGAINST JULIAN ASSANGE OVER HACKING TOOLS LEAKS COURT HEARS
URGENT WARNING AS

🌐WORDPRESS BUG ALLOWS HACKERS TO DELETE YOUR ENTIRE SITE IN MASSIVE SECURITY FLAW


DO FOLLOW


❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

hey all of you i told you before some days for this diwali contribute for poor peoples


Read this msg - https://t.me/freelearningtech/386

Now i am going to 5 nov bcoz 4 nov is already booked in Bhai Kanhiya Manav Seva Trust Ashram


website - http://www.bkmstrust.org

I will share here approx 300 people's bread pakoda meal at 3 pm and i will share images in our group @freelearningtech21 also if you also do something like this i promise you i will teach you about Cyber security in free of cost in video's format

❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

we give you some tips related to cross site scripting tips. It happens many times when we try more cross site scripting payloads on a website, in such a website, we block the browser, in such a way, you clear the cookies of the browser.

If you search this query ("xss.ht") on google in this way, in such a way you get to know what kind of cross site scripting payloads are trying on which website, which bug hunter is trying.

Similarly, you can also find the cross site scripting bug by using unicode Cross site scripting payloads as you can see. There is a payload in a unicode format which has been converted.

Website - https://www.online-toolz.com/tools/text-unicode-entities-convertor.php

This happens very often normally payload is not run, in such a way unicode payloads can be tried, here you are given a cheatsheet of owasp which you can use to find XSS.

Website - https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html

❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

HackerOne-Reports:
Broken link profile in the website leads to identity theft.
https://hackerone.com/reports/1343733

Lacework disclosed a bug submitted by spyata: https://hackerone.com/reports/1343733

[Java] CWE-502: Unsafe deserialization with three JSON frameworks
https://hackerone.com/reports/1368720

GitHub Security Lab disclosed a bug submitted by luchua: https://hackerone.com/reports/1368720 - Bounty: $1800

[Python]: CWE-117 Log Injection
https://hackerone.com/reports/1368721

GitHub Security Lab disclosed a bug submitted by jessforfun: https://hackerone.com/reports/1368721 - Bounty: $1800

[cpp] CWE-787: query to detect unsigned integer to signed integer conversions used in pointer arithmetics
https://hackerone.com/reports/1378946

GitHub Security Lab disclosed a bug submitted by someonenobbd: https://hackerone.com/reports/1378946

[Java] CWE-552: Unsafe url forward
https://hackerone.com/reports/1378947

GitHub Security Lab disclosed a bug submitted by jessforfun: https://hackerone.com/reports/1378947 - Bounty: $1800

XSS on tiktok.com
https://hackerone.com/reports/1322104

TikTok disclosed a bug submitted by arifmkhls: https://hackerone.com/reports/1322104 - Bounty: $2000

Script breaking tag (Forces website to render blank) (Informative)
https://hackerone.com/reports/1355537

XVIDEOS disclosed a bug submitted by ch1ck3n42: https://hackerone.com/reports/1355537 - Bounty: $150

Image queue default key of 'None' and GraphQL unhandled type exception
https://hackerone.com/reports/996041

Reddit disclosed a bug submitted by moblig: https://hackerone.com/reports/996041 - Bounty: $500

Exposed PHP dependencies at .8x8.com
https://hackerone.com/reports/1132457

8x8 disclosed a bug submitted by ian: https://hackerone.com/reports/1132457

Dependency on private SSH keys in public github
https://hackerone.com/reports/974176

Agoric disclosed a bug submitted by pacmanx: https://hackerone.com/reports/974176

Reflected XSS at via = parameter
https://hackerone.com/reports/1305472

U.S. Dept Of Defense disclosed a bug submitted by zhenwarx: https://hackerone.com/reports/1305472

AWS subdomain takeover of www.
https://hackerone.com/reports/1329792

U.S. Dept Of Defense disclosed a bug submitted by al-madjus: https://hackerone.com/reports/1329792

Bypassing the Grammarly plagiarism checker by simply replacing characters in the source text
https://hackerone.com/reports/1282282

Grammarly disclosed a bug submitted by evilksandr: https://hackerone.com/reports/1282282

HTML Injection on tiktoktutorials via firstName parameter
https://hackerone.com/reports/1343492

TikTok disclosed a bug submitted by siratsami: https://hackerone.com/reports/1343492

critical server misconfiguration lead to access to any user sensitive data which include user email and password
https://hackerone.com/reports/1365738

Flickr disclosed a bug submitted by mr_robert: https://hackerone.com/reports/1365738 - Bounty: $500

https://medium.com/techiepedia/my-first-bounty-via-shodan-search-engine-d4d99cb0a9d7


❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

Happy Deepawali all of you 🎆🎆🎇🎇🎆🎆🎇

https://www.facebook.com/BhaiKaniyhaManavSevaTrustSirsa/videos/401292448209363/

Bread pakoda meal in bhai kanhaiya ashram

i waste approx 8-9k money every Deepawali in firecrackers but this time i do this thing first time and this is my best Deepawali

Happy Deepawali all of you 🎇🎇🎆🎇🎆


❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

Hack Devs X Technical Guys X FreeLearningTechƒ╗
Presenting - Sunday Special Sessionƒ╗

Session Topics :

What is Cryptography
What is Plain text
What is Cipher text
What is Symmetric encryption
What is Asymmetric encryption
What is Public Key
What is private Key ( secret key )
Types of Encryption
Steam Encryption
MD5 encryption (Message-Digest algorithm 5)
SHA Encryption (Secure Hash Algorithm)
SALT Encryption
Crypt Encryption
Play cipher Encryption 5*5 Matrix
DES Encryption (Data Encryption Standard)
RSA Encryption
Manually encryption and decryption
Examples of how to create encryption and decryption manually

Google Meet Link: will be provided in groups.. .

Time an date : 7/November 2021 Sunday - 7:30 PM IST

Speaker : @Wh¡țê_ĐêVī|☠ aka- Nikhil



Group Links :
Hack Devs 1.0 --> https://chat.whatsapp.com/HUjROkewTZUH0exkR3c0Od
Hack Devs 2.0 --> https://chat.whatsapp.com/HKYwHtW1lpoLFVJRYLY70s
Free Learning Tech --> https://t.me/freelearningtech
Technical Guys (Main) --> https://chat.whatsapp.com/BblNjSs2uzs2uPmTLezXyo
Technical Guys (On- topic) --> https://chat.whatsapp.com/BtvJz29bnoCF0Rbq5frUOX

Subdomain Bruteforce

Subdomain Bruteforce is where we find the Subdomain which is kept private, after that we find bugs in it, with the help of Subdomain Bruteforce, sometimes Subdomain is also available to access the admin panel.

Subdomain Bruteforce We use Subdomain Bruteforce when we do not get the correct result from Subdomain Scrapping or if we do not find a bug in the subdomains emitted by Subdomain Scrapping.

You can find subdomains vai shodan also we will told you already -
https://t.me/freelearningtech/396

There are so many tools availabe for subdomain bruteforce like recon-ng tool. This tool is pre installed in Kali linux first you run this tool.

command - recon-ng

Here you can check by writing help, what features do you get here, you get a marketplace here, where you get a lot of modules. you have to install this module to do Subdomain Bruteforce.

Commands
(marketplace)
(marketplace search Brute)
(marketplace install recon/domains-hosts/brute_hosts)
(modules load recon/domains-hosts/brute_hosts)
(options list)
(options set source (your target))
(run)

Commands are typed in brackets but you don't use breakets when you run these commands

The valid subdomain it can show results in green color.

You can also create your own wordlist, we have told you how to create target base password wordlist in this article.

You can also use pre defiend subdomain bruteforce list also.

Tool links

https://github.com/rbsec/dnscan

https://github.com/sharsi1/sublazerwlst

https://github.com/cujanovic/subdomain-bruteforce-list

You can also do subdomain bruteforce via burp suite also we will tell you in next post.

❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

Here we will tell you some extensions or add ons which is help you in your bug hunting journey.

Chrome extensions - https://resources.infosecinstitute.com/topic/19-extensions-to-turn-google-chrome-into-penetration-testing-tool/

Firefox add ons - https://resources.infosecinstitute.com/topic/use-firefox-browser-as-a-penetration-testing-tool-with-these-add-ons/

❤️❤️ Enjoy and Share ❤️❤️

Support Us ❤️
Channel : @freelearningtech
Group : @freelearningtech21
Website : https://freelearningtech.in/

We'll upload leaked and pirated course. If u want that then take backup as early as possible. Mind it we will delete those after 2 days. So take backup if u need those.

Thank You...