Freelearningtech

Happy Deepawali all of you 🎆🎆🎇🎇🎆🎆🎇

https://medium.com/techiepedia/my-first-bounty-via-shodan-search-engine-d4d99cb0a9d7 ❤️❤️ Enjoy and Share ❤️❤️ Support Us ❤️ Channel : @freelearningtech Group : @freelearningtech21 Website : https://freelearningtech.in/

HackerOne-Reports: Broken link profile in the website leads to identity theft. https://hackerone.com/reports/1343733 Lacework disclosed a bug submitted by spyata: https://hackerone.com/reports/1343733 [Java] CWE-502: Unsafe deserialization with three JSON frameworks https://hackerone.com/reports/1368720 GitHub Security Lab disclosed a bug submitted by luchua: https://hackerone.com/reports/1368720 - Bounty: $1800 [Python]: CWE-117 Log Injection https://hackerone.com/reports/1368721 GitHub Security Lab disclosed a bug submitted by jessforfun: https://hackerone.com/reports/1368721 - Bounty: $1800 [cpp] CWE-787: query to detect unsigned integer to signed integer conversions used in pointer arithmetics https://hackerone.com/reports/1378946 GitHub Security Lab disclosed a bug submitted by someonenobbd: https://hackerone.com/reports/1378946 [Java] CWE-552: Unsafe url forward https://hackerone.com/reports/1378947 GitHub Security Lab disclosed a bug submitted by jessforfun: https://hackerone.com/reports/1378947 - Bounty: $1800 XSS on tiktok.com https://hackerone.com/reports/1322104 TikTok disclosed a bug submitted by arifmkhls: https://hackerone.com/reports/1322104 - Bounty: $2000 Script breaking tag (Forces website to render blank) (Informative) https://hackerone.com/reports/1355537 XVIDEOS disclosed a bug submitted by ch1ck3n42: https://hackerone.com/reports/1355537 - Bounty: $150 Image queue default key of 'None' and GraphQL unhandled type exception https://hackerone.com/reports/996041 Reddit disclosed a bug submitted by moblig: https://hackerone.com/reports/996041 - Bounty: $500 Exposed PHP dependencies at .8x8.com https://hackerone.com/reports/1132457 8x8 disclosed a bug submitted by ian: https://hackerone.com/reports/1132457 Dependency on private SSH keys in public github https://hackerone.com/reports/974176 Agoric disclosed a bug submitted by pacmanx: https://hackerone.com/reports/974176 Reflected XSS at via = parameter https://hackerone.com/reports/1305472 U.S. Dept Of Defense disclosed a bug submitted by zhenwarx: https://hackerone.com/reports/1305472 AWS subdomain takeover of www. https://hackerone.com/reports/1329792 U.S. Dept Of Defense disclosed a bug submitted by al-madjus: https://hackerone.com/reports/1329792 Bypassing the Grammarly plagiarism checker by simply replacing characters in the source text https://hackerone.com/reports/1282282 Grammarly disclosed a bug submitted by evilksandr: https://hackerone.com/reports/1282282 HTML Injection on tiktoktutorials via firstName parameter https://hackerone.com/reports/1343492 TikTok disclosed a bug submitted by siratsami: https://hackerone.com/reports/1343492 critical server misconfiguration lead to access to any user sensitive data which include user email and password https://hackerone.com/reports/1365738 Flickr disclosed a bug submitted by mr_robert: https://hackerone.com/reports/1365738 - Bounty: $500

we give you some tips related to cross site scripting tips. It happens many times when we try more cross site scripting payloads on a website, in such a website, we block the browser, in such a way, you clear the cookies of the browser. If you search this query ("xss.ht") on google in this way, in such a way you get to know what kind of cross site scripting payloads are trying on which website, which bug hunter is trying. Similarly, you can also find the cross site scripting bug by using unicode Cross site scripting payloads as you can see. There is a payload in a unicode format which has been converted. Website - https://www.online-toolz.com/tools/text-unicode-entities-convertor.php This happens very often normally payload is not run, in such a way unicode payloads can be tried, here you are given a cheatsheet of owasp which you can use to find XSS. Website - https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html ❤️❤️ Enjoy and Share ❤️❤️ Support Us ❤️ Channel : @freelearningtech Group : @freelearningtech21 Website : https://freelearningtech.in/

hey all of you i told you before some days for this diwali contribute for poor peoples Read this msg - https://t.me/freelearningtech/386 Now i am going to 5 nov bcoz 4 nov is already booked in Bhai Kanhiya Manav Seva Trust Ashram website - http://www.bkmstrust.org I will share here approx 300 people's bread pakoda meal at 3 pm and i will share images in our group @freelearningtech21 also if you also do something like this i promise you i will teach you about Cyber security in free of cost in video's format ❤️❤️ Enjoy and Share ❤️❤️ Support Us ❤️ Channel : @freelearningtech Group : @freelearningtech21 Website : https://freelearningtech.in/

LATEST TECHNOLOGY AND CYBERNEWS BY @cybermonkeyofficials 🌐FACEBOOK CHANGES ITS COMPANY NAME TO 'META' 🌐INDIAN GOVERNMENT STARTS PROBE AGAINST FACEBOOK SEEKS INFO ABOUT ITS ALGORITHM 🌐DELHI HC NOTICE TO RBI, SBI OVER BANNING UPI PAYMENTS IN CRYPTO EXCHANGES 🌐SPACEX SPACESHIP FACED URINE LEAK ISSUE DURING ITS FIRST PRIVATE FLIGHT 🌐APPLE SUED FOR NOT PROVIDING IPHONE CHARGER IN CHINA : REPORTS 🌐JAPANESE STARTUP DEMONSTRATES ITS AI-EQUIPPED ROBOTIC ARM IN SPACE 🌐IT MINISTRY TO ISSUE FAQS ON INTERMEDIARY GUIDELINES SOON :SOURCES 🌐MICROSOFT TO WORK WITH COMMUNITY COLLEGES TO FILL 250,000 CYBER JOBS 🌐US BAN ON CHINA TELECOM IS MALICIOUS SUPPRESSION SAYS BEIJING 🌐TRUECALLER VERIFIES IRCTC'S 139 HELPLINE NUMBER 🌐AUSTRALIA PLANS TO MAKE GOOGLE OFFER ALTERNATIVE SEARCH ENGINES ON SMARTPHONES 🌐SC ALLOWS GOVT APPEAL AGAINST GIVING AIRTEL RS 923 CRORE AS GST REFUND 🌐ACER SUFFERS ANOTHER CYBER ATTACK WITHIN WEEKS , HACKERS WARNED OF MORE VULNERABLE SERVERS 🌐CIA SOUGH REVENGE AGAINST JULIAN ASSANGE OVER HACKING TOOLS LEAKS COURT HEARS URGENT WARNING AS 🌐WORDPRESS BUG ALLOWS HACKERS TO DELETE YOUR ENTIRE SITE IN MASSIVE SECURITY FLAW DO FOLLOW ❤️❤️ Enjoy and Share ❤️❤️ Support Us ❤️ Channel : @freelearningtech Group : @freelearningtech21 Website : https://freelearningtech.in/

i am sure You have listen about whois but here we will tell you about Reverse Whois. For Reverse WHOIS you can use whoxy website, as we are running the target of google ,there will also be the owner of google, whose name you will get from google, find other domains by the same name. you have to do the reverse WHOIS of your target while bug hunting, here you get the option to reverse WHOIS by company name, owner name, email address and domain keyword. Website - https://www.whoxy.com/ First you visit this website then you see search box in this website and there is dropdown menu there you can get a option for Reverse Whois. When you do Reverse whois you see you can get a more domains which is acquired by your target owner. After that you can get a more subdomains using shodan. I know you have already know about Google dorking but shodan dorks is also available and helpful for finding more subdomains. If you use shodan for finding subdomains then first you create an account. Website - https://www.shodan.io/ example - ssl:"google.com" Here is a list of some shodan dorks. 👉👉👉👉👉 Basic Shodan Filters city: Find devices in a particular city. city:"Bangalore" country: Find devices in a particular country. country:"IN" geo: Find devices by giving geographical coordinates. geo:"56.913055,118.250862" hostname: Find devices matching the hostname. server: "gws" hostname:"google" net: Find devices based on an IP address or /x CIDR. net:210.214.0.0/16 os: Find devices based on operating system. os:"windows 7" port: Find devices based on open ports. proftpd port:21 before/after: Find devices before or after between a given time. apache after:22/02/2009 before:14/3/2010 Citrix: Find Citrix Gateway. title:"citrix gateway" Wifi Passwords: Helps to find the cleartext wifi passwords in Shodan. html:"def_wirelesspassword" Surveillance Cams: With username:admin and password: :P NETSurveillance uc-httpd Fuel Pumps connected to internet: No auth required to access CLI terminal. "privileged command" GET Windows RDP Password: But may contain secondary windows auth "\x03\x00\x00\x0b\x06\xd0\x00\x00\x124\x00" Mongo DB servers: It may give info about mongo db servers and dashboard "MongoDB Server Information" port:27017 -authentication FTP servers allowing anonymous access: Complete Anon access "220" "230 Login successful." port:21 Jenkins: Jenkins Unrestricted Dashboard x-jenkins 200 Hacked routers: Routers which got compromised hacked-router-help-sos Open ATM: May allow for ATM Access availability NCR Port:"161" Telnet Access: NO password required for telnet access. port:23 console gateway Misconfigured Wordpress Sites: The wp-config.php if accessed can give out the database credentials. http.html:"* The wp-config.php creation script uses this file" Hiring: Find sites hiring. "X-Recruiting:" Android Root Bridge: Find android root bridges with port 5555. "Android Debug Bridge" "Device" port:5555 Etherium Miners: Shows the miners running ETH. "ETH - Total speed" Tesla Powerpack charging Status: Helps to find the charging status of tesla powerpack. http.title:"Tesla PowerPack System" http.component:"d3" -ga3ca4f2 👉👉👉👉👉 If you want to getting more information about shodan dorks then read this article - https://thedarksource.com/shodan-cheat-sheet/ ❤️❤️ Enjoy and Share ❤️❤️ Support Us ❤️ Channel : @freelearningtech Group : @freelearningtech21 Website : https://freelearningtech.in/

https://twitter.com/cybritexsec/status/1455135950418235397?t=Kl9Dywn5fBpJMdTlBX6MqA&s=19 BEST OF OSCP TUTORIALS... 🙂

Here are some of the tools that we use when we perform Live Recon Recon-ng - https://github.com/lanmaster53/recon-ng httpx - https://github.com/projectdiscovery/httpx isup.sh - https://github.com/gitnepal/isup Arjun - https://github.com/s0md3v/Arjun jSQL - https://github.com/ron190/jsql-injection Smuggler - https://github.com/defparam/smuggler Sn1per - https://github.com/1N3/Sn1per Spiderfoot - https://github.com/smicallef/spiderfoot Nuclei - https://github.com/projectdiscovery/nuclei Jaeles - https://github.com/jaeles-project/jaeles ChopChop - https://github.com/michelin/ChopChop Inception - https://github.com/proabiral/inception Eyewitness - https://github.com/FortyNorthSecurity/EyeWitness Meg - https://github.com/tomnomnom/meg Gau - Get All Urls https://github.com/lc/gau Snallygaster - https://github.com/hannob/snallygaster NMAP - https://github.com/nmap/nmap Waybackurls - https://github.com/tomnomnom/waybackurls Gotty - https://github.com/yudai/gotty GF - https://github.com/tomnomnom/gf GF Patterns - https://github.com/1ndianl33t/Gf-Patterns Paramspider - https://github.com/devanshbatham/ParamSpider XSSER - https://github.com/epsylon/xsser UPDOG - https://github.com/sc0tfree/updog JSScanner - https://github.com/dark-warlord14/JSScanner Takeover - https://github.com/m4ll0k/takeover Keyhacks - https://github.com/streaak/keyhacks S3 Bucket AIO Pwn - https://github.com/blackhatethicalhacking/s3-buckets-aio-pwn BHEH Sub Pwner Recon - https://github.com/blackhatethicalhacking/bheh-sub-pwner GitLeaks - https://github.com/zricethezav/gitleaks Domain-2IP-Converter - https://github.com/blackhatethicalhacking/Domain2IP-Converter Dalfox - https://github.com/hahwul/dalfox ❤️❤️ Enjoy and Share ❤️❤️ Support Us ❤️ Channel : @freelearningtech Group : @freelearningtech21 Website : https://freelearningtech.in/

THESE ARE THE MEANING OF THE FOLLOWING ABBREVIATIONS. _______________ 1.) GOOGLE - Global Organization Of Oriented Group Language Of Earth. 2.) YAHOO - Yet Another Hierarchical Officious Oracle. 3.) WINDOW - Wide Interactive Network Development for Office work Solution. 4.) COMPUTER - Common Oriented Machine Particularly United and used under Technical and Educational Research. 5.) VIRUS - Vital Information Resources Under Siege. 6.) UMTS - Universal Mobile Telecommunicati ons System. 7.) AMOLED - Active-matrix organic light-emitting diode. 8.) OLED - Organic light-emitting diode. 9.) IMEI - International Mobile Equipment Identity. 10.) ESN - Electronic Serial Number. 11.) UPS - Uninterruptible power supply. 12. HDMI - High-Definition Multimedia Interface. 13.) VPN - Virtual private network. 14.) APN - Access Point Name. 15.) SIM - Subscriber Identity Module. 16.) LED - Light emitting diode. 17.) DLNA - Digital Living Network Alliance. 18.) RAM - Random access memory. 19.) ROM - Read only memory. 20.) VGA - Video Graphics Array. 21.) QVGA - Quarter Video Graphics Array. 22.) WVGA - Wide video graphics array. 23.) WXGA - Widescreen Extended Graphics Array. 24.) USB - Universal serial Bus. 25.) WLAN - Wireless Local Area Network. 26.) PPI - Pixels Per Inch. 27.) LCD - Liquid Crystal Display. 28.) HSDPA - High speed down-link packet access. 29.) HSUPA - High-Speed Uplink Packet Access. 30.) HSPA - High Speed Packet Access. 31.) GPRS - General Packet Radio Service. 32.) EDGE - Enhanced Data Rates for Globa Evolution. 33.) NFC - Near field communication. 34.) OTG - On-the-go. 35.) S-LCD - Super Liquid Crystal Display. 36.) O.S - Operating system. 37.) SNS - Social network service. 38.) H.S - HOTSPOT. 39.) P.O.I - Point of interest. 40.) GPS - Global Positioning System. 41.) DVD - Digital Video Disk. 42.) DTP - Desk top publishing. 43.) DNSE - Digital natural sound engine. 44.) OVI - Ohio Video Intranet. 45.) CDMA - Code Division Multiple Access. 46.) WCDMA - Wide-band Code Division Multiple Access. 47.) GSM - Global System for Mobile Communications. 48.) WI-FI - Wireless Fidelity. 49.) DIVX - Digital internet video access. 50.) APK - Authenticated public key. 51.) J2ME - Java 2 micro edition. 52.) SIS - Installation 53.) DELL - Digital electronic link library. 54.) ACER - Acquisition Collaboration Experimentation Reflection. 55.) RSS - Really simple syndication. 56.) TFT - Thin film 57.) AMR- Adaptive Multi-Rate. 58.) MPEG - moving pictures experts group. 59.) IVRS - Interactive Voice Response System. 60.) HP - Hewlett Packard. ❤️❤️ Enjoy and Share ❤️❤️ Support Us ❤️ Channel : @freelearningtech Group : @freelearningtech21 Website : https://freelearningtech.in/

Rubber ducky Rubber ducky is Hardware Hacking Device It is also called BAD USB Because Rubber ducky is a USB Hacking device that autorun as soon as any Script or Computer Virus is plug on the USB Port . Original Rubber ducky Price is approx 50$ But there are some alternative tools also available here we will tell you Rubber ducky alternatives. Original price - Click here Here are some alternative Rubber ducky Devices which i used personally We also used Mini Leonardo Pro Micro - Click Here We also used ATTINY85 Digispark - Click Here We also used Arduino UNO R3 - Click Here We don't use this but its also a Rubber Ducky alternative Raspberry Pi Pico - Click Here There are other Rubber ducky alternative also Node MCU and wifi Duck but these devices is used like a diffrenet way Node MCU - Click Here I would've loved these products if i had to be you. Go for it if you need it. Article link - https://freelearningtech.in/how-to-make-a-usb-rubber-ducky/ ❤️❤️ Enjoy and Share ❤️❤️ Support Us ❤️ Channel : @freelearningtech Group : @freelearningtech21 Website : https://freelearningtech.in/

Hey I have share here some motivational youTube channels links bcoz these channels will be too much help me in my bad time may be these channels helpful for you also. Jeet fix - https://youtube.com/c/JeetFixOfficial Sanaki motivation - https://youtube.com/c/SanakiMotivation Sidhi jalebi - https://youtube.com/c/sidhijalebi Sonu sharma - https://youtube.com/c/SONUSHARMAMotivation Sandeep Maheshwari - https://youtube.com/c/SandeepSeminars Dr Vivek bindra - https://youtube.com/c/MrVivekBindra Ujjwal Patni -https://youtube.com/c/UjjwalPatni ❤️❤️ Enjoy and Share ❤️❤️ Support Us ❤️ Channel : @freelearningtech Group : @freelearningtech21 Website : https://freelearningtech.in/

👉👉👉Acquisitions Let's understand Acquisition by giving you example as if your target is google.com, if we find the acquisitions of google.com, then we get more domains that google has acquired, here if you can access the server through that domain. In this case it can be useful for you.To do all this, this website helps you https://www.crunchbase.com/ First you have to search your target on searchbox like (google) after that then you see the Acquisitions options click on that There you can get more domains that google has acquired 👉👉👉ASN Enumeration All companies or organization have their own unique ASN no which the identity of that company. In this case, subdomains can also be found using the same ASN no, but first you have to find ASN no, for this you can use the website https://bgp.he.net/ When you got asn no for your target then go to kali linux and use amass tool Command - amass intel -asn 55023 After use this command you see you get a more subdomains of your target ❤️❤️ Enjoy and Share ❤️❤️ Support Us ❤️ Channel : @freelearningtech Group : @freelearningtech21 Website : https://freelearningtech.in/