🕵️ MLT 🧙‍♂️

I'm rarely able to access twitter these days, so if anyone needs me for any reason then then I can be contacted via matrix, telegram, or Keybase. Matrix: worldwickedweb@matrix.org Telegram: Libuuid2 Keybase: keybase.io/0dayWizard

Been writing a script to make post-exploitation on *nix easier for beginners, here's what I've added so far. If anyone can think of more functionality to add then please let me know. I've made a primitive UI to make it easier for beginners to use (rather than cmdline args)

Does anyone know how I contact @ChainLands ? The Project Insecurity LTD member who was from NL? Need to contact him ASAP.

@_godiego__ @serverinspector Open redirect alone won't work, but a redirect in conjunction with something else I've got will work (an XSS isn't the only thing I've found)

@0dayWizard @serverinspector Open redirect shouldn’t work as CSP will still block the redirected site (unless I’m missing something) 🤔

I asked this like a year ago but didn't get a response.. everything else for my chain is still working so I'll ask again.. Does anyone currently have JSNOP callback or open redirection in *.paypalobjects.net? I'll split the bounty with you if you've got one.

@coffinxp7 Yeah I did see that the payload list covered some different contexts, but it would be cool to see a post breaking down each of those contexts and explaining the situations in which different context-specific payloads should be used. Either way, nice post.

great point! that’s actually why I included a payload list in the article. it covers multiple contexts. you can use it with burp intruder to automate testing since manually checking each one is time consuming plus without knowing the backend query structure trial and error is often necessary. sometimes even a single backslash (\) can break the query and reveal valuable clues.

This single article is enough to master SQL Injection for beginners. I've included all the methodologies I personally use to find SQLi vulnerabilities. I'll also be updating it soon with some SQLMap tamper bypass scripts and manual bypass techniques as soon as I get some free time infosecwriteups.com/mastering-sql-…

Is there anything specific about this vuln that makes it more noteworthy than the thousands of other vulns that get reported to NASA?

Why is this even news? Someone reported a vuln to the VDP of probably the least secure .gov site in existence and somehow this is newsworthy? Does anyone even know what type of attack vector it was? Is there a writeup? I fail to see what makes this "breaking news"

@Earinenes @danielmakelley The closest thing to "social media" that many of them use is IRC

@Earinenes @danielmakelley Definitely not true. I know hundreds of skilled hackers who avoid all forms of social media like the plague.

Reminder: There are talented people in cybersecurity who don't use social media.

@vxdb I get that this is the results of an investigation from 2023, but by now it's pretty much old news given that all of these markets are dead and the customers getting arrested are most likely dealers themselves. I can't see how this would disrupt any currently existing DNM's.

@vxdb I'm assuming the buyers who got caught weren't just your typical buyers, but rather dealers themselves

US & Europol seized $200M, 144kg of fentanyl-laced drugs, and 180+ guns. Targets included dark web vendors, admins, and buyers from sites like Tor2Door, Bohemia, Kingdom Market, Nemesis and Incognito. This is a major blow to the darknet market scene.

@coffinxp7 I see tons of people starting their payload with ' or %27 and just assuming it isn't vuln when that doesn't work, but I never see articles covering how payloads need to be tweaked for different context and in situations where starting with ' doesn't work, something like ") might

@coffinxp7 Nice article, however one thing I NEVER see in articles regarding SQLi is context-specific payloads, i.e. how you need to change the start of your payload based upon where in the SQL statement your inputs are being reflected into.

@serverinspector I've got an XSS in PayPal but their CSP is preventing me from triggering it, however if I can find JSONP callback or open redirection in paypalobjects.com then I'll be able to bypass the CSP and get my JS to trigger.

@serverinspector Yeah I meant .com sorry

@DexerTDP Lol I think I freaked them out cos I shared something in gov.ph so they kicked me from their private Keybase server thinking I was trying to bait them into getting v& and extradited to the Philippines I guess 🙃 I met some chill people in there though.

The days of the sakura samurai discord server were good times to lurk. #nostalgia

@xitsec So it was literally just a case of reading that file from the extracted tarball and then connecting to their MySQLd using those creds. Second time I hacked them was using a CVE that had been public for several years. Even to this date they're vuln to tons of dumb BS like that..

@xitsec The first time I hacked NASA I found a wordpress installation there with open directory listings and a "backup.tar.gz" file -- the tarball was a backup of their WP site with wp-config.php included in there. Working plaintext MySQL creds in that file + open port 3306

Oh just saw the nasa hack post 😂 lol He is saying he got Youngest ethical hacker awards wtf ? How