My new video is now available on Rabkimusc:
https://youtu.be/ASSzCKvA4p0 Go watch, like, comment, subscribe, and share as much as you can.
Show your support, guy's.
साधु जी सीता राम
https://youtu.be/ASSzCKvA4p0 Go watch, like, comment, subscribe, and share as much as you can.
Show your support, guy's.
साधु जी सीता राम
YouTube
Sadhu Ji Sita Ram | साधु जी सीता राम | Brajesh Braj | Kunal | Neel | New Song Bageshwar Dham Sarkar
#sadhujisitaram #bageshwardhamsarkar #newsong2023 #viral #ganeshotsav2023
Director: Brajesh Braj
Singer & Lyrics : Brajesh Braj
Music Mix & Mastered: Kunal soni
Creative Director : Maddy
Line Production : Veam Productions
DOP: Yash Verma
Produced…
Director: Brajesh Braj
Singer & Lyrics : Brajesh Braj
Music Mix & Mastered: Kunal soni
Creative Director : Maddy
Line Production : Veam Productions
DOP: Yash Verma
Produced…
❤15🤡9👍2🔥1
I requested to All hindus to please Listen & share this Song with your contacts
❤17🤡12👍2
Bug Bounty Tip ☘️
https://web.archive.org/cdx/search/cdx?url=target.com&matchType=domain&fl=original&collapse=urlkey
Change url Para. Value : url=target.com -> Help you to extract lots of interesting Endpoints, Imformation Disclosure, API Keys and many more about that Target from wayback archive
https://web.archive.org/cdx/search/cdx?url=target.com&matchType=domain&fl=original&collapse=urlkey
Change url Para. Value : url=target.com -> Help you to extract lots of interesting Endpoints, Imformation Disclosure, API Keys and many more about that Target from wayback archive
❤15👍2🙈2🌚1
CSP-bypass techniques ☘️
https://bhavesh-thakur.medium.com/content-security-policy-csp-bypass-techniques-e3fa475bfe5d
#bugbounty #bugbountytips
https://bhavesh-thakur.medium.com/content-security-policy-csp-bypass-techniques-e3fa475bfe5d
#bugbounty #bugbountytips
❤8👍4👏2
A strategy to land your first pentest job 🌴
https://blog.pentesterlab.com/a-strategy-to-land-your-first-pentest-job-25209a351689
https://blog.pentesterlab.com/a-strategy-to-land-your-first-pentest-job-25209a351689
❤14👍2🥱2😱1
Hurricane Electric operates its own global IPv4 and IPv6 network and is considered the largest IPv6 backbone in the world as measured by number of networks connected, its give a fresh domain records, more real data! 😃
Expose domains over Akamai or Cloudflare with HEDnsExtractor and httpx(
@pdiscoveryio
):
Github:https://github.com/teixeira0xfffff/HEDnsExtractor/
[+] python hednsextractor[.py "https://bgp[.he.net/net/23.192.0.0/11#_dns" | httpx -title -tech-detect -status-code | grep -i "rockstar"
Reference : https://twitter.com/ptyspawnbinbash/status/1683378527888896002?s=20
Expose domains over Akamai or Cloudflare with HEDnsExtractor and httpx(
@pdiscoveryio
):
Github:https://github.com/teixeira0xfffff/HEDnsExtractor/
[+] python hednsextractor[.py "https://bgp[.he.net/net/23.192.0.0/11#_dns" | httpx -title -tech-detect -status-code | grep -i "rockstar"
Reference : https://twitter.com/ptyspawnbinbash/status/1683378527888896002?s=20
❤7👍6
Roadmap.png
23.2 MB
❤12👏3👀1
200+books on info sec and cybersecurity. Feel free to download any and read. LINK: https://drive.google.com/drive/u/0/folders/12Mvq6kE2HJDwN2CZhEGWizyWt87YunkU
🔥15👍6❤4
Recon is the key and below is a good tip created for you :
1 - Collect your target IPs range
2- Go to Censys search engine
3 - Run : ip=Target_range/XX
4 - Looking for a specific status code run this: ip=Target_range/XX and services.http.response.status_code=200
1 - Collect your target IPs range
2- Go to Censys search engine
3 - Run : ip=Target_range/XX
4 - Looking for a specific status code run this: ip=Target_range/XX and services.http.response.status_code=200
❤8🔥2🤔1
Flowchart of Directory Traversal 🐞
Read More here:
Reference -> https://www.akto.io/blog/mastering-directory-traversal-a-comprehensive-guide-from-basics-to-prevention
Read More here:
Reference -> https://www.akto.io/blog/mastering-directory-traversal-a-comprehensive-guide-from-basics-to-prevention
👍6
2FA Bypass techniques: 🍀🔥
1. Response Manipulation
In response if "success":false
Change it to "success":true
2. Status Code Manipulation
If Status Code is 4xx
Try to change it to 200 OK and see if it bypass restrictions
3. 2FA Code Leakage in Response
Check the response of the 2FA Code Triggering Request to see if the code is leaked.
4.JS File Analysis
Rare but some JS Files may contain info about the 2FA Code, worth giving a shot
5.2FA Code Reusability
Same code can be reused
6.Lack of Brute-Force Protection
Possible to brute-force any length 2FA Code
7.Missing 2FA Code Integrity Validation
Code for any user account can be used to bypass the 2FA
8.CSRF on 2FA Disabling
No CSRF Protection on disabling 2FA, also there is no auth confirmation
9. Password Reset Disable 2FA
2FA gets disabled on password change/email change
10.Backup Code Abuse
Bypassing 2FA by abusing the Backup code feature
Use the above mentioned techniques to bypass Backup Code to remove/reset 2FA reset restrictions
11.Clickjacking on 2FA Disabling Page
Iframing the 2FA Disabling page and social engineering victim to disable the 2FA
12.Iframing the 2FA Disabling page and social engineering victim to disable the 2FA
If the session is already hijacked and there is a session timeout vulnerbility
13.Bypass 2FA with null or 000000
Enter the code 000000 or null to bypass 2FA protection.
Steps:-
1. Enter “null” in 2FA code
2. Enter 000000 in 2FA code
3. Send empty code - Someone found this in grammarly
4. Open new tab in same browser and check if other API endpoints are accessible without entering 2FA
14. Google Authenticator Bypass
Steps:-
1) Set-up Google Authenticator for 2FA
2) Now, 2FA is enabled
3) Go on password reset page and change your password
4) If you are website redirect you to your dashboard then 2FA (Google Authenticator) is bypassed
15. Bypassing OTP in registration forms by repeating the form submission multiple times using repeater
Steps :-
1) Create an account with a non-existing phone number
2) Intercept the Request in BurpSuite
3) Send the request to the repeater and forward
4) Go to Repeater tab and change the non-existent phone number to your phone number
5) If you got an OTP to your phone, try using that OTP to register that non-existent number
1. Response Manipulation
In response if "success":false
Change it to "success":true
2. Status Code Manipulation
If Status Code is 4xx
Try to change it to 200 OK and see if it bypass restrictions
3. 2FA Code Leakage in Response
Check the response of the 2FA Code Triggering Request to see if the code is leaked.
4.JS File Analysis
Rare but some JS Files may contain info about the 2FA Code, worth giving a shot
5.2FA Code Reusability
Same code can be reused
6.Lack of Brute-Force Protection
Possible to brute-force any length 2FA Code
7.Missing 2FA Code Integrity Validation
Code for any user account can be used to bypass the 2FA
8.CSRF on 2FA Disabling
No CSRF Protection on disabling 2FA, also there is no auth confirmation
9. Password Reset Disable 2FA
2FA gets disabled on password change/email change
10.Backup Code Abuse
Bypassing 2FA by abusing the Backup code feature
Use the above mentioned techniques to bypass Backup Code to remove/reset 2FA reset restrictions
11.Clickjacking on 2FA Disabling Page
Iframing the 2FA Disabling page and social engineering victim to disable the 2FA
12.Iframing the 2FA Disabling page and social engineering victim to disable the 2FA
If the session is already hijacked and there is a session timeout vulnerbility
13.Bypass 2FA with null or 000000
Enter the code 000000 or null to bypass 2FA protection.
Steps:-
1. Enter “null” in 2FA code
2. Enter 000000 in 2FA code
3. Send empty code - Someone found this in grammarly
4. Open new tab in same browser and check if other API endpoints are accessible without entering 2FA
14. Google Authenticator Bypass
Steps:-
1) Set-up Google Authenticator for 2FA
2) Now, 2FA is enabled
3) Go on password reset page and change your password
4) If you are website redirect you to your dashboard then 2FA (Google Authenticator) is bypassed
15. Bypassing OTP in registration forms by repeating the form submission multiple times using repeater
Steps :-
1) Create an account with a non-existing phone number
2) Intercept the Request in BurpSuite
3) Send the request to the repeater and forward
4) Go to Repeater tab and change the non-existent phone number to your phone number
5) If you got an OTP to your phone, try using that OTP to register that non-existent number
❤10🔥7👍6
Inspect HTTP request headers, cookies, data, response Headers, cookies and add/modify request headers before sending requests ☘️🍃🍁🌳
https://chrome.google.com/webstore/detail/http-tracker/fklakbbaaknbgcedidhblbnhclijnhbi
https://chrome.google.com/webstore/detail/http-tracker/fklakbbaaknbgcedidhblbnhclijnhbi
🥴3❤1👨💻1
Shodan keys : 🌴🍁
1. WB6B7tRAskjlmpVUrYfnU1CVGCIpUs1t
2. EMeKr6ZlBg5Kaim4FQqTnHddhh3Zwjis
3. 61TvA2dNwxNxmWziZxKzR5aO9tFD00Nj
4. CevVNIYrV6gUzMoxiMhcaO3JIJOmpCY1
5. Hgqwf9dHMIE157PNCeqVJc6TVvlyGKiP
6. xTbXXOSBr0R65OcClImSwzadExoXU4tc
7. TnzrcytxidVqp6Z38iH3xnmu77tjt6qm
8. PSKINdQe1GyxGgecYz2191H2JoS9qvgD
1. WB6B7tRAskjlmpVUrYfnU1CVGCIpUs1t
2. EMeKr6ZlBg5Kaim4FQqTnHddhh3Zwjis
3. 61TvA2dNwxNxmWziZxKzR5aO9tFD00Nj
4. CevVNIYrV6gUzMoxiMhcaO3JIJOmpCY1
5. Hgqwf9dHMIE157PNCeqVJc6TVvlyGKiP
6. xTbXXOSBr0R65OcClImSwzadExoXU4tc
7. TnzrcytxidVqp6Z38iH3xnmu77tjt6qm
8. PSKINdQe1GyxGgecYz2191H2JoS9qvgD
❤19🔥7👍1😢1
Privilege Escalation Resources 🍁🌺🔥
Check This Out :-
https://bugbountyguide.org/2022/12/21/privilege-escalation/
Check This Out :-
https://bugbountyguide.org/2022/12/21/privilege-escalation/
❤4