Termux All Command [Telegram Group]

Another THM Writeups : https://github.com/Ignitetechnologies/TryHackMe-CTF-Writeups

THM Writeups : https://github.com/dev-angelist/Writeups-and-Walkthroughs/tree/main/thm

📢Use This Extensions, it will help you to Extract all domains From any website. 🔸Link Extractor: https://lnkd.in/gmPdCynZ 🔸Link Gopher: https://lnkd.in/gbC6ePcb .

Study Plan : https://github.com/jassics/security-study-plan

Another THM writeups : https://github.com/Slowdeb/Tryhackme

🚨CVE-2024-27348: Unauthenticated users can execute OS commands via Groovy injection in Apache HugeGraph-Server. Upgrade to version 1.3.0 to mitigate. 💥POC: https://lnkd.in/g_v4h7Cg 👉Dorks: Hunter: /product.name="Apache HugeGraph" FOFA: app="HugeGraph-Studio" SHODAN: http.title:"HugeGraph"

IDOR TIPS~ Always try to find hidden parameters for this endpoints using Arjun, Parameth, etc. Endpoints:- /settings/profile /user/profile /user/settings /account/settings /username /profile And any similar endpoints.

Python Web Penetration Testing Cookbook by Cameron Buchanan.pdf : https://digtvbg.com/files/books-for-hacking/Python%20Web%20Penetration%20Testing%20Cookbook%20by%20Cameron%20Buchanan.pdf

BREAKING!!! OpenAl confirms GPT-5 is coming. With training already underway, this model promises to take artificial intelligence to a new level. Additionally, OpenAl has formed a new Safety and Security Team, led by Sam Altman

thm writeups : https://thmflags.gitbook.io/thm-walkthroughs

Recently I have found a critical bug in world's top organization - CVE-2024-24919 :- its path traversal allows information disclosure vulnerability affecting Check Point Security Gateways. allows attackers to access sensitive information on affected devices.❣️❣️

🚨 Excited to share that I made a nuclei template for mass hunting CVE 2024-24919 in a 𝐝𝐢𝐟𝐟𝐞𝐫𝐞𝐧𝐭 𝐰𝐚𝐲 🚨 🔍 Key Features + 𝐄𝐱𝐩𝐚𝐧𝐝𝐞𝐝 𝐏𝐚𝐭𝐡𝐬: 𝐓𝐡𝐨𝐫𝐨𝐮𝐠𝐡 𝐜𝐨𝐯𝐞𝐫𝐚𝐠𝐞 𝐭𝐨 𝐞𝐧𝐬𝐮𝐫𝐞 𝐧𝐨 𝐬𝐭𝐨𝐧𝐞 𝐢𝐬 𝐥𝐞𝐟𝐭 𝐮𝐧𝐭𝐮𝐫𝐧𝐞𝐝. + 𝐀𝐜𝐜𝐮𝐫𝐚𝐭𝐞 𝐑𝐞𝐠𝐞𝐱: 𝐔𝐭𝐢𝐥𝐢𝐳𝐢𝐧𝐠 𝐩𝐫𝐞𝐜𝐢𝐬𝐞 𝐩𝐚𝐭𝐭𝐞𝐫𝐧𝐬 𝐥𝐢𝐤𝐞 𝐜𝐩_𝐩𝐨𝐬𝐭𝐠𝐫𝐞𝐬:.*:.*:.*:.*:.*:.*:.*: 𝐭𝐨 𝐬𝐢𝐠𝐧𝐢𝐟𝐢𝐜𝐚𝐧𝐭𝐥𝐲 𝐫𝐞𝐝𝐮𝐜𝐞 𝐟𝐚𝐥𝐬𝐞 𝐩𝐨𝐬𝐢𝐭𝐢𝐯𝐞𝐬. + 𝐒𝐭𝐚𝐭𝐮𝐬 𝐂𝐨𝐝𝐞 𝐅𝐥𝐞𝐱𝐢𝐛𝐢𝐥𝐢𝐭𝐲: 𝐍𝐨𝐭 𝐝𝐞𝐩𝐞𝐧𝐝𝐞𝐧𝐭 𝐬𝐨𝐥𝐞𝐥𝐲 𝐨𝐧 𝟐𝟎𝟎 𝐎𝐊 𝐫𝐞𝐬𝐩𝐨𝐧𝐬𝐞𝐬, 𝐚𝐜𝐜𝐨𝐦𝐦𝐨𝐝𝐚𝐭𝐢𝐧𝐠 𝐯𝐚𝐫𝐢𝐨𝐮𝐬 𝐬𝐞𝐫𝐯𝐞𝐫 𝐛𝐞𝐡𝐚𝐯𝐢𝐨𝐫𝐬 (𝟒𝟎𝟎, 𝟓𝟎𝟎, 𝐞𝐭𝐜.). 🎯 This template is designed to enhance precision and capture those elusive vulnerabilities effectively. Let's elevate our Bug Hunting game! 🕵️‍♂️💻 🔗Link: https://lnkd.in/gUHtwQYi

FREE Advance web Hacking course 🔥 https://lnkd.in/dWT2GSXh

HACKTHEBOX ROADMAP TO CLEAR OSCP Disclaimer: The boxes that are contained in this list should be used as a way to get started, to build your practical skills, or brush up on any weak points that you may have in your pentesting methodology. This list is not a substitute to the actual lab environment that is in the PWK/OSCP course. When you are taking the course, It is encouraged that you try to go through every system that is in the PWK/OSCP lab environment, as they will provide better insight for when you attempt to the exam itself. [LINUX MACHINES] - lame - brainfuck - shocker - bashed - nibbles - beep - cronos - nineveh - sense - solidstate - node - valentine - poison - sunday - tartarsauce - Irked - Friendzone - Swagshop - Networked - jarvis - Mirai - Popcorn - Haircut - Blocky - Frolic - Postman - Mango - Traverxec - OpenAdmin - Magic - Admirer - Blunder - Tabby - Doctor - SneakyMailer - Passage - Luanne - Time - Ready - Delivery - Ophiuchi - ScriptKiddie - Armageddon - Knife - Seal - Previse - Forge - Horizontall - Shibboleth - Writer - Precise - Pandora - Meta - Paper - Talkative - Seventeen WINDOWS MACHINES] - legacy - Blue - Devel - Optimum - Bastard - granny - Arctic - grandpa - silo - bounty - jerry - conceal - chatterbox - Forest - BankRobber - secnotes - Bastion - Buff - Servmon - Active - Remote - Fuse - Omni - Worker - Love - Intelligence - APT - Object - Support - Acute - Timelapse - StreamIO - Scrambled More challenging than OSCP, but good practice] - Jeeves [Windows] - Bart [Windows] - Tally [Windows] - Kotarak [Linux] - falafel [Linux] - Devops [Linux] - Hawk [Linux] - Netmon [Windows] - Lightweight [Linux] - La Casa De Papel [Linux] - Jail [Linux] - Safe [Linux] - Bitlab [Linux] - Sizzle [Windows] - Sniper [Windows] - Control [Windows] - October [Linux] - Mango [Linux] - Nest [Windows] - Book [Linux] - Sauna [Windows] - Cascade [Windows] - Querier [Windows] - Quick [Linux] - BlackField [Windows] - APT [Windows] - Atom [Windows] - BreadCrumbs [Windows] - Monitors [Linux] - Dynstr [Linux] - PivotAPI [Windows] - Pikaboo [Linux] - Monteverde [Windows] - Writer [Linux] - Forge [Linux] - Stacked [Linux] - Backdoor[Linux] - Search [Windows] - Undetected[Linux] (More like an IR box)

New reports accepted in Coca-Cola. A hint: If you can´t bypass the firewall (in case of XSS), doe a brute-force with all events of the javascript (with Intruder in the Burpsuite), and search a payload with the events allowed by the Firewall. Payload used: "<zzz><style>@keyframes+x+{}</style><xss+style="animation-Name:+x"+onwebkitanimationstart="print()"></xss>

🐞 Learn SSRF 🐜 [+] https://portswigger.net/web-security/ssrf [X] https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery [*] https://gowthams.gitbook.io/bughunter-handbook/list-of-vulnerabilities-bugs/ssrf [-] https://www.youtube.com/watch?v=1pyoYa79ejs ✅Tryhackme Lab:- 👉 1. https://tryhackme.com/r/room/ssrfqi 2. https://tryhackme.com/r/room/ssrfhr ✅A New Era Of SSRF - Exploiting Url Parsers:- 👉 https://www.youtube.com/watch?v=D1S-G8rJrEk ✅ Hackerone report :- 👉 1. https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPSSRF.md ✅ Medium report :-👉 1. https://medium.com/techfenix/ssrf-server-side-request-forgery-worth-4913-my-highest-bounty-ever-7d733bb368cb 2. https://raymondlind.medium.com/ssrf-lfi-in-uploads-feature-a134aa467abf 3. Read And Add More ✅ 6-7 year old ssrf poc video :- 👉 poc :- https://www.youtube.com/playlist?list=PL9VLN4DOjAsjjAZiPf_vbGp9eGufX7lKY ✅ Automate :-👉 https://medium.com/@a1bi/ssrf-get-notified-on-discord-whenever-you-have-an-ssrf-5162a6daf8a3 ✅ All SSRF In One :- 👉 1. https://github.com/jdonsec/AllThingsSSRF 2. https://gowthams.gitbook.io/bughunter-handbook/list-of-vulnerabilities-bugs/ssrf ✅ Tools :- 👉 1. https://github.com/zmap/zgrab 2. Collaborator Everywhere 3. SSRFmap ✅ SSRF EndPoint:- 👉 dest= path= window= next= site= reference= data= load= html= validate= page= return= callback= domain= feed= view= dir= request-baskets= dict= pdf= file= imageuri= url= key= .json oauth redirect= api= dashboard = config.= ✅ Bypass :- 👉 1. https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Server%20Side%20Request%20Forgery 2. Collect All bypass Techniques from twitter, medium or others sources and note down 3. https://www.bugbountyhunting.com/ #bugbounty #ssrf #bugbountytips

========>✅ Learn IDOR ✅<======== Insecure Direct Object Reference (IDOR) is a very common type of weakness in the application authorization logic. The potential damage from IDOR exploitation can be either minimal or critical. Let’s consider some cases when the presence of IDOR allowed to perform an attack with a high impact level – account takeover or project takeover. IDOR Enumeration Exploiting IDOR vulnerabilities is easy in some instances but can be very challenging in others. Once we identify a potential IDOR, we can start testing it with basic techniques to see whether it would expose any other data. As for advanced IDOR attacks, we need to better understand how the web application works, how it calculates its object references, and how its access control system works to be able to perform advanced attacks that may not be exploitable with basic techniques. => Chech JavaScript AJAX Calls For IDOR => Understand Hashing/Encoding and try to find idor => Change request method [DELETE, PUT, PATCH, POST] => Change privileges mode [user to admin, employee to admin] => As Ecommerce site :- focus on Order status, Order history, Account details, PDF download => [+] Let's Action 1. %20, %09, %0b, %0c, %1c, %1d, %1e, %1f, %00, %ff [ add after id for bypass ] [+] Tool or Extension :- 1. Autorize 2. AuthMatrix [+] Hackerone : 1. https://corneacristian.medium.com/top-25-idor-bug-bounty-reports-ba8cd59ad331 [+] Medium 1. https://medium.com/@pratikkaran/idor-to-delete-hall-of-fame-page-273724bd03ed 2. https://16521092.medium.com/some-ways-to-find-more-idor-da16c93954e5 3. https://adipsharif.medium.com/unveiling-all-techniques-to-find-idors-in-web-applications-578d2b8aa28a 4. https://bxmbn.medium.com/i-received-a-bank-offer-in-my-mailbox-and-discovered-an-idor-vulnerability-5-000-bounty-bxmbn-5209cab1fba8 5. https://cysky0x1.medium.com/my-first-p2-idor-insecure-direct-object-references-22d780e59a0d 6. https://hackergandhi.medium.com/my-first-idor-hunting-story-42c71fbe06dc 7. https://imwaiting18.medium.com/2-00-am-idor-leads-to-some-adrenaline-rush-996f710bd55a 8. https://medium.com/@pratyush1337/the-art-of-idor-7-idors-in-edm0d0-b86d683c8de9 9. https://bishal0x01.medium.com/idor-to-massive-government-data-leak-e8ad510d7e5 10. https://amineaboud.medium.com/idor-vulnerability-allowing-any-contact-point-to-be-removed-from-facebook-messenger-instagram-f878b0ab7e71 [+] Linkdin :- 1. https://www.linkedin.com/pulse/csrf-bypass-combined-idor-complete-account-takeover-omar-alzughaibi-my46e/?trackingId=lEV53ShyQwiNuHkQTNz%2Fzw%3D%3D 2. [+] Bunddle :- 1. https://www.bugbountyhunting.com/ 2. https://github.com/reddelexc/hackerone-reports/blob/master/tops_by_bug_type/TOPIDOR.md Specializes in IDOR Vulnerabilit :- 1. Pratyush Anjan Sarangi => https://medium.com/@pratyush1337/about 2. Imran Huda => https://x.com/imranHudaA #bugbountytips #IDOR #authentication #LogicError

🤩 Some Pentesting Tools list 🤩 hydra https://lnkd.in/dPpWw5Vm changeme https://lnkd.in/dWpXapKf MobSF https://lnkd.in/diZ_utwb Apktool https://lnkd.in/dWr9Ethm dex2jar https://lnkd.in/dRFaVZdq sqlmap http://sqlmap.org/ oxml_xxe https://lnkd.in/dGVhvEyj XXE Injector https://lnkd.in/dpXrAPiP The JSON Web Token Toolkit https://lnkd.in/dyNsUZ8Z ground-control https://lnkd.in/d-x9TyPf ssrfDetector https://lnkd.in/dHhjWSM5 LFISuit https://lnkd.in/dnphxmju GitTools https://lnkd.in/dRH779h5

𝗟𝗙𝗜 𝗔𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗼𝗻 𝗗𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻 + 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝗮𝘁𝗶𝗼𝗻 #STEP-1 waymore -i TARGET.COM -mode U --no-subs #STEP-2 cat ~/.config/waymore/results/target.com/waymore.txt | uro | sed 's/=.*/=/' | gf lfi | nuclei -tags lfi