Bugbounty Resources ππ
A list of resources for those interested in getting started in bug bounties. There are a number of new hackers joining the community on a regular basis and more than often the first thing they ask is "How do I get started and what are some good resources?". As a hacker, there a ton of techniques, terminologies, and topics you need to familiarize yourself with to understand how an application works.
how to hack instagram 2022
instahack is a bash and python based script which is officially made to test password strength of Instagram
account from termux and kali with bruteforce attack and. it based on tor This tool works on both rooted
Android device and Non-rooted Android device. Best Tool For Instagram Bruteforce hacking Tool By Waseem
Akram. Made in Bash and python.
Spring4Shell π
A new zero-day vulnerability in the Spring Core Java framework
called ‘Spring4Shell’ has been publicly disclosed,
allowing unauthenticated remote code execution on applications.
Spring is a very popular application framework that allows
software developers to quickly and easily develop Java
applications with enterprise-level features. These applications
can then be deployed on servers, such as Apache Tomcat, as
stand-alone packages with all the required dependencies. Today, an
exploit for this zero-day vulnerability was briefly leaked and
then removed but not before cybersecurity researchers could
download the code.
eJPT Cheatsheet π
This post contains commands to prepare for eLearnSecurity eJPT
exam. nmap hosts discovery nmap: nmap -sn 10.10.10.0/24 >
hosts.txt nmap -sn -T4 10.10.30.0/24 -oG - | awk '/Up$/{print $2}'
open ports scan (save to file): nmap -Pn -sV -T4 -A -oN ports.txt
-p- -iL hosts.txt --open UDP port scan: nmap -sU -sV 10.10.10.0/24
nmap vuln scan example: nmap --script vuln --script-args=unsafe=1
-iL hosts.txt nmap SYN flood example: watch -n 10 "nmap -e
wlan0 -Pn -T5 -S 192.
Steel Mountain π
In this blog you will learn to enumerate a Windows machine, gain
initial access with Metasploit, use Powershell to further
enumerate the machine and escalate your privileges to
Administrator. Nmap nmap -sC -sV -Pn 10.10.100.168 130 β¨― Starting
Nmap 7.92 ( https://nmap.org ) at 2022-01-24 23:29 EST Nmap scan
report for 10.10.100.168 Host is up (0.21s latency). Not shown:
988 closed tcp ports (reset) PORT STATE SERVICE VERSION 80/tcp
open http Microsoft IIS httpd 8.
Active Directory Pentesting Resources π
This post contains Active Directory Pentesting resources to
prepare for new OSCP (2022) exam. Youtube/Twitch Videos Active
Directory madness and the Esoteric Cult of Domain Admin! -
alh4zr3d TryHackMe - Advent of Cyber + Active Directory - tib3rius
Common Active Directory Attacks: Back to the Basics of Security
Practices - TrustedSec How to build an Active Directory Lab - The
Cyber Mentor Zero to Hero (Episode 8,9,10) - The Cyber Mentor
Introduction to Azure Pentesting βοΈ
More than 95 percent of Fortune 500 companies use Azure! Azure AD
is one of world’s largest web-based identity provider.
Having the ability to understand and hack (thus securing) Azure is
a skill that is in huge demand. This blog covers the lab work done
in Introduction to Azure Penetration Testing labs & training
provided by Nikhil Mittal and Altered Security. Course Video :
https://youtu.be/5dVSHuCEG2w Free Labs:
https://azure.enterprisesecurity.io Discovery We just know the
name of the target organization - EvilCorp.
Boom Bashed π§¨π₯
Bashed is a retired HackTheBox machine, rated easy and rightfully.
We’ll start by finding a hidden web shell to quickly gaining
root level access due to misconfigured permissions to users.
Reconnaissance nmap scan Starting the reconnaissance with an
initial Nmap scan. nmap -sC -sV -oA nmap/bashed 10.129.183.146
-sC: run default nmap scripts -sV: detect service version -oA:
output all formats and store in file nmap/bashed Nmap scan report
for 10.129.183.146 Host is up (0.
Bash and the Shellshock β‘οΈ
Introduction to ShellShock ShellShock Vulnerability
[CVE-2014-6271], also known as Bashdoor, is a family of security
bugs in the Unix Bash shell, the first of which was disclosed on
24 September 2014. Shellshock could enable an attacker to cause
Bash to execute arbitrary commands and gain unauthorized access to
many Internet-facing services, such as web servers, that use Bash
to process requests. Shellshock is a privilege escalation
vulnerability that offers a way for users of a system to execute
commands that should be unavailable to them.
FreeFloat FTP Buffer Overflow πͺ£π¦
In this writeup i’ll demonstrate how to exploit Buffer
Overflow in FreeFloat FTP Server on windows. The vulnerable
application is can be downloaded from Here. The Freefloat FTP
Server has many vulnerable parameters which can be useful to
practice and we will choose one of them here to do a full
exercise. Lab details Victim Machine: Windows XP SP1 x64 2003
Application: FreeFloat Ftp Server (Version 1.00) Attacker Machine:
Kali Linux 2021.
Exploiting PHP deserialization π
Intro to Insecure deserialization Serialization is when an object
in a programming language (say, a Java or PHP object) is converted
into a format that can be stored or transferred. Whereas
deserialization refers to the opposite: itβs when the serialized
object is read from a file or the network and converted back into
an object. Insecure deserialization vulnerabilities happen when
applications deserialize objects without proper sanitization. An
attacker can then manipulate serialized objects to change the
programβs flow.
From MSSQL to RCE π
Microsoft SQL Server is a relational database management system
developed by Microsoft. As a database server, it is a software
product with the primary function of storing and retrieving data
as requested by other software applicationsβwhich may run either
on the same computer or on another computer across a network
(including the Internet). In this blog we’ll try to get
remote code execution by exploiting MSSQL. Enumeration Nmap Scan
nmap -sC -sV -oA nmap/archetype 10.
Steganography for beginners π
Steganography is the technique of hiding secret data within an
ordinary, non-secret, file or message in order to avoid detection;
the secret data is then extracted at its destination. … The
word steganography is derived from the Greek words steganos
(meaning hidden or covered) and the Greek root graph (meaning to
write) - Wikipedia. In this post, we are going to describe
solutions to the KRACK-JIIT CTF 2019 Organized by JIIT Open Dev
Circle (jodc).
Mass Printer Hacking Case Study π¨
Introduction to battle for getting YouTube crown. A battle for who
owns the YouTube crown for top channel has been waged over the
past few months between fans of Swedish video game commentary
celebrity Felix Kjellberg βPewDiePieβ and of the Bollywood label
T-Series. As The Hacker News reports, TheHackerGiraffe hacked
printers worldwide to print pro-PewDiePie propaganda. Here are
some images showing the message that printers were forced to spit
out: