⚡️grepsubsfromwebpages
✅Extract subdomains automatically while visiting webpages. Just add target domain name and this extension will start extracting subs from the webpages you visit.
📌https://github.com/hackersthan/grepsubsfromwebpages
✅Extract subdomains automatically while visiting webpages. Just add target domain name and this extension will start extracting subs from the webpages you visit.
📌https://github.com/hackersthan/grepsubsfromwebpages
Поиск по фото (2).txt
956 B
Ловите огромный пак мануалов по поиску информации
Lenovo XSS via Unrestricted File Upload PoC
POC is here: —> https://t.iss.one/brutsecurity_poc/42
#BugBounty #XSS
POC is here: —> https://t.iss.one/brutsecurity_poc/42
#BugBounty #XSS
Forwarded from APT
A cross-platforms tool to find and decrypt Group Policy Preferences passwords from the SYSVOL share using low-privileged domain accounts.
🚀 Features:
— Only requires a low privileges domain user account.
— Automatically gets the list of all domain controllers from the LDAP.
— Finds all the Group Policy Preferences Passwords present in SYSVOL share on each domain controller.
— Decrypts the passwords and prints them in cleartext.
— Outputs to a Excel file.
🔗 Source:
https://github.com/p0dalirius/FindGPPPasswords
#ad #windows #gpo #credentials
Please open Telegram to view this post
VIEW IN TELEGRAM
👍3
𝗚𝗮𝗺𝗲 𝗼𝗳 𝗔𝗰𝘁𝗶𝘃𝗲 𝗗𝗶𝗿𝗲𝗰𝘁𝗼𝗿𝘆
GOAD is a pentest active directory LAB project. This lab aims to give pentesters a vulnerable AD environment ready to use to practice usual attack techniques.
https://github.com/Orange-Cyberdefense/GOAD
GOAD is a pentest active directory LAB project. This lab aims to give pentesters a vulnerable AD environment ready to use to practice usual attack techniques.
https://github.com/Orange-Cyberdefense/GOAD
📖 Account Takeover на GitLab
Новый забавный дисклоз от гитлаба. Оказывается, в конце 2023 года им сдали баг на сброс пароля, в котором достаточно было поменять запрос на JSON и добавить вторую почту в массив.
Ссылка на отчет
#web #ato
Новый забавный дисклоз от гитлаба. Оказывается, в конце 2023 года им сдали баг на сброс пароля, в котором достаточно было поменять запрос на JSON и добавить вторую почту в массив.
Ссылка на отчет
#web #ato
👍3