en
Feedback
Bug Bounty - GitBook

Bug Bounty - GitBook

Open in Telegram
7 510
Subscribers
+424 hours
+507 days
+19230 days
Posts Archive
👨‍💻 Linux for Hackers. File Transfers. • Downloading Files from Attacker’s HTTP Server; - Setting up the HTTP Server on the Attacker Machine; - Downloading Files from Attacker’s HTTP Server: Curl, Wget, and Bash; • Uploading Files to Attacker’s HTTP Server; - Setting up the HTTP Server to Allow Uploads on the Attacker Machine; - Uploading Files to Attacker’s HTTP Server: Curl and Wget; - Uploading Files to Attacker’s HTTP Server: Browser (GUI); • Downloading Files from Attacker’s FTP Server; - Setting up the FTP Server on the Attacker Machine; - Downloading Files from Attacker’s FTP Server; • Uploading Files to Attacker’s FTP Server; • Transferring Files from Attacker Using SSH; - Transferring Files onto Victim: scp; - Transferring Files onto Victim: sftp; • Transferring Files onto Attacker Using SSH; - Transferring Files onto Attacker: scp; - Transferring Files onto Attacker: sftp; • Transferring Files from Attacker Using Netcat; - Transferring Files from Attacker: nc; - Transferring Files from Attacker: bash; • Transferring Files onto Attacker Using Netcat; - Transferring Files onto Attacker: nc; - Transferring Files onto Attacker: bash; • Downloading and Uploading Files Using Meterpreter; - Upgrading to a Meterpreter Shell: Web_Delivery Method; - Downloading Files onto the Victim Using Meterpreter; - Uploading Files from the Victim Using Meterpreter; • Copy and Paste – cat; - Copying a Script from Attacker and Pasting on Victim; - Copying a File from Victim and Pasting on Attacker. @GitBook_s

🌍 Top 10 web hacking techniques of 2023.. • Nomination - top 10 best web hacking methods in 2023. Each article deserves attention: - Ransacking your password reset tokens; - mTLS: When certificate authentication is done wrong; - Smashing the state machine: the true potential of web race conditions; - Bypass firewalls with of-CORs and typo-squatting; - RCE via LDAP truncation on hg.mozilla.org; - Cookie Bugs - Smuggling & Injection; - OAuth 2.0 Redirect URI Validation Falls Short, Literally; - Prototype Pollution in Python; - Pretalx Vulnerabilities: How to get accepted at every conference; - From Akamai to F5 to NTLM... with love; - can I speak to your manager? hacking root EPP servers to take control of zones; - Blind CSS Exfiltration: exfiltrate unknown web pages; - Server-side prototype pollution: Black-box detection without the DoS; - Tricks for Reliable Split-Second DNS Rebinding in Chrome and Safari; - HTML Over the Wire; - SMTP Smuggling - Spoofing E-Mails Worldwide; - DOM-based race condition: racing in the browser for fun; - You Are Not Where You Think You Are, Opera Browsers Address Bar Spoofing Vulnerabilities; - CVE-2022-4908: SOP bypass in Chrome using Navigation API; - SSO Gadgets: Escalate (Self-)XSS to ATO; - Three New Attacks Against JSON Web Tokens; - Introducing wrapwrap: using PHP filters to wrap a file with a prefix and suffix; - PHP filter chains: file read from error-based oracle; - SSRF Cross Protocol Redirect Bypass; - A New Vector For “Dirty” Arbitrary File Write to RCE; - How I Hacked Microsoft Teams and got $150,000 in Pwn2Own; - AWS WAF Clients Left Vulnerable to SQL Injection Due to Unorthodox MSSQL Design Choice; - BingBang: AAD misconfiguration led to Bing.com results manipulation and account takeover; - MyBB Admin Panel RCE CVE-2023-41362; - Source Code at Risk: Critical Code Vulnerability in CI/CD Platform TeamCity; - Code Vulnerabilities Put Skiff Emails at Riskr; - How to break SAML if I have paws? - JMX Exploitation Revisited; - Java Exploitation Restrictions in Modern JDK Times; - Exploiting Hardened .NET Deserialization; - Unserializable, but unreachable: Remote code execution on vBulletin; - Cookieless DuoDrop: IIS Auth Bypass & App Pool Privesc in ASP.NET Framework; - Hunting for Nginx Alias Traversals in the wild; - DNS Analyzer - Finding DNS vulnerabilities with Burp Suite; - Oh-Auth - Abusing OAuth to take over millions of accounts; - nOAuth: How Microsoft OAuth Misconfiguration Can Lead to Full Account Takeover; - One Scheme to Rule Them All: OAuth Account Takeover; - Exploiting HTTP Parsers Inconsistencies; - New ways of breaking app-integrated LLMs; - State of DNS Rebinding in 2023; - Fileless Remote Code Execution on Juniper Firewalls; - Thirteen Years On: Advancing the Understanding of IIS Short File Name (SFN) Disclosure! - Metamask Snaps: Playing in the Sand; - Uncovering a crazy privilege escalation from Chrome extensions; - Code Vulnerabilities Put Proton Mails at Risk; - Hacking into gRPC-Web; - Yelp ATO via XSS + Cookie Bridge; - HTTP Request Splitting vulnerabilities exploitation; - XSS in GMAIL Dynamic Email; - Azure B2C Crypto Misuse and Account Compromise; - Compromising F5 BIGIP with Request Smuggling; - One Supply Chain Attack to Rule Them All; - Cookie Crumbles: Breaking and Fixing Web Session Integrity; - tRPC Security Research: Hunting for Vulnerabilities in Modern APIs; - From an Innocent Client-Side Path Traversal to Account Takeover. @GitBook_s

Best of Python Pentest Cheatsheet @GitBook_s
Best of Python Pentest Cheatsheet @GitBook_s

🔎 cURL for OSINT. • cURL Tool usage (with Grep) for OSINT (Open-Source Intelligence). Link 🔗:- • https://github.com/C3n7ral051nt4g3ncy/cURL_for_OSINT @GitBook_s

👩‍💻 Bash-Oneliner. • A comprehensive selection of commands, from the obvious to some little things that make life easier. - Terminal Tricks; - Variable; - Math; - Grep; - Sed; - Awk; - Xargs; - Find; - Condition and Loop; - Time; - Download; - Random; - Xwindow; - System; - Hardware; - Networking; - Data Wrangling; - Others. ➡️ https://github.com/onceupon/Bash-Oneliner @GitBook_s

👩‍💻 Firefox. Plugins for pentester. • Before delving into the specifics of browser settings, it is important to understand its importance in this area. A browser is more than just a tool for browsing websites; it is a universal tool through which professionals interact with web applications, examine data, and identify vulnerabilities. • Keep a list of useful Firefox plugins. A description of each plugin can be found at the link below: • Wappalyzer; • Foxyproxy; • Hacktool; • Hackbar; • Tamper data; • User-agent Switcher; • Cookie editor; • Built with. ➡️ https://www.hackingarticles.in • P.S. And here there is a very voluminous mindmap, which contains many other plugins and their descriptions: https://github.com @GitBook_s

🐈‍⬛ NetCat command cheatsheet. • NetCat is a Unix utility that allows you to establish TCP and UDP connections, receive data from there and transmit it. The utility is a real Swiss army knife for pentesters and information security specialists, with which we can do the following: - Scan ports; - Forward ports; - Collect service banners; - Listen to the port (bind for reverse connection); - Download and upload files; - Output raw HTTP content; - Create a mini-chat. • In general, with the help of netcat you can replace some of the Unix utilities, so this tool can be considered a kind of combine for performing certain tasks. @GitBook_s

𝗞𝗨𝗕𝗘𝗡𝗢𝗠𝗜𝗖𝗢𝗡 Kubernetes Pentesting & Security from Offensive Perspective >Initial Access   •Using cloud credentials   •Compromised image In registry   •Kubeconfig file   •Application vulnerability   •Exposed sensitive interfaces   •SSH server running inside container >Execution   •Exec inside container   •New container   •Application exploit (RCE)   •Sidecar injection >Persistence   •Backdoor container   •Writable hostPath mount   •Kubernetes cronjob   •Malicious admission controller   •Container service account   •Static pods >Privilege Escalation   •Privileged container   •Cluster-admin binding   •hostPath mount   •Access cloud resources >Defense Evasion   •Clear container logs   •Delete events   •Pod name similarity   •Connect from proxy server >Credential access   •List K8S secrets   •Access node information   •Container service account   •Application credentials in configuration files   •Access managed identity credentials   •Malicious admission controller >Discovery   •Access Kubernetes API server   •Access Kubelet API   •Network mapping   •Exposed sensitive interfaces   •Instance Metadata API >Lateral Movement   •Access cloud resources   •Container service account   •Cluster internal networking   •Application credentials in configuration files   •Writable hostPath mount   •CoreDNS poisoning   •ARP poisoning and IP spoofing >Collection   •Images from a private registry   •Collecting data from pod >Impact   •Data destruction   •Resource hijacking   •Denial of service >Fundamentals   •Notes   •Services   •etcd   •RBAC   •Kubelet   •Namespaces   •Secrets   •Interesting Files Link 🔗:- https://kubenomicon.com @GitBook_s

bepractical channel Labs, Check them out: https://bepractical.tech/ @GitBook_s

FREE Labs To Test Your PenTesting/CTF Skills 1. TryHackMe - http://tryhackme.com 2. Vulnhub - http://vulnhub.com 3. RootMe - http://root-me.org 4. OverTheWire - http://overthewire.org 5. PicoCTF - http://picoctf.com 6. Pentestlab - http://pentesterslab.com 7. Google CTF - http://capturetheflag.withgoogle.com 8. CMD Challenge - http://cmdchallenge.com 9. HackTheBox - http://hackthebox.com 10. Hacker Security - http://capturetheflag.com.br 11. CTF Komodo Security - http://ctf.komodosec.com 12. Academy Hackaflag BR - http://hackaflag.com.br 13. Attack-Defense - http://attackdefense.com 14. Hacker101 - http://ctf.hacker101.com @GitBook_s

📦 Red Team Attack Lab. • Link to a repository, which is a virtual environment with various operating systems and vulnerabilities for Red Team practice. You can find it here: https://github.com/Marshall-Hallenbeck/red_team_attack_lab • A complete list of OS can be found here. The material will be very useful for Red Team, Blue Team, pentesters and information security specialists. @GitBook_s

Want to improve your xss skills? Check out this awesome lab: http://prompt.ml/0 @GitBook_s

𝗛𝗢𝗪 𝗧𝗢 𝗛𝗨𝗡𝗧 >Account Takeover Methodology >Application Level DoS Methods >AUTHENTICATION BYPASS •2FA Bypasses •OTP Bypass >BROKEN-LINK HIJACKING >BROKEN AUTH AND SESSION MANAGEMENT •Session Based Bugs >CMS •Wordpress •Moodle >CORS >CSRF >Finding CVEs >CHECKLIST >WEB PAGE SOURCE CODE REVIEW >EXIF GEO DATA NOT STRIPPED >EXIF Geo Data Not Stripped >FILE UPLOAD BYPASS >FIND ORIGIN IP >GRAPHQL >HTTP DESYNC ATTACK >HOST-HEADER ATTACK >HTML-INJECTION >IDOR >JWT ATTACK >MFA Bypass >MISCONFIGURATIONS >OAuth >OPEN REDIRECTION >PARAMETER POLLUTION >PASSWORD RESET FUNCTIONALITY >RATE LIMIT >RECON >SQLI >SSRF >SSTI >SIGN UP FUNCTIONALITY >SENSITIVE INFO LEAKS >STATUS CODE BYPASS >SUBDOMAIN TAKEOVER >TABNABBING >WAF BYPASSES >WEAK PASSWORD POLICY >XSS >XXE Link 🔗:- https://kathan19.gitbook.io/howtohunt @GitBook_s

𝗕𝗟𝗢𝗢𝗗𝗬𝗦𝗛𝗘𝗟𝗟 >Android Pentesting •Bypass SSL Pinning for flutter apps using reFlutter Framework •Easy way to bypass SSL Pinning using apk-mitm tool >HTB •Nunchucks •BountyHunter •Lame •Bashed •Netmon •Seal •Intelligence •Bastard >TryHackMe •Attacktive Directory >Offensive Lab •FunboxEasyEnum •BBSCute >Capture The Flag (CTF) •Binary Exploitation •Steganography •Cryptography •Forensics - HTB >Active Directory •HTB-Mantis (Hard) >Window Privilege Escalation >Linux Privilege Escalation >Buffer Overflow >Cloud Pentesting •Pentesting Azure Active Directory >Web Exploitation •Attacking JSON Web Token Link 🔗:- https://l33t-en0ugh.gitbook.io/infosec @GitBook_s

ZedSec WriteUps >PROJECTS Security Library >SECURITY OPERATIONS Cyber Kill Chain Interview Questions >TOOLS NMAP >WRITE-UPS Blue Team Labs Online HackTheBox LetsDefend TryHackMe Kusto Detective Agency Link 🔗:- https://zedsec.gitbook.io/writeups/ @GitBook_s