Retrieves DNS records without any authentication
Replace example.com with the target domain.
curl -s "https://api.hackertarget.com/dnslookup/?q=example.com"
Replace example.com with the target domain.
26๐ฟ12โค7๐2
Brut Security pinned ยซ๐จ If you're looking for accurate IoT results, then Sign Up On @Netlas ๐ฎโ๐จ https://app.netlas.io/ref/9cc61538/ยป
1)Finding a Hidden GraphQL Endpoint
https://medium.com/@codingbolt.in/finding-a-hidden-graphql-endpoint-56001ab29f85
2)My 2nd bounty : Referer-based access control + Response manipulation
https://medium.com/@adebayosec/my-2nd-bounty-referer-based-access-control-response-manipulation-2ab7f54d083f
3)CSRF Bypass Using Domain Confusion Leads To ATO
https://infosecwriteups.com/csrf-bypass-using-domain-confusion-leads-to-ato-ac682dd17722
4)Linear-feedback. Shift. Register
https://cyancharley.medium.com/linear-feedback-shift-register-ac6fc3298c35
5)ASCWG Reverse Engineering challenges
https://s3dny.medium.com/ascwg-reverse-engineering-challenges-778e47a5be80
6)picoCTF: No SQL Injection
https://medium.com/@baracarlo/picoctf-no-sql-injection-93a253cc4d09
7)Sunset:1 Walkthrough
https://medium.com/@nikhilbwr34/sunset-1-walkthrough-d124d06fcc93
8)Gixposed is a powerful command-line tool designed to search the commit history of Git repositories for sensitive information, such as API keys and access tokens
https://github.com/WH1T3-E4GL3/gixposed
9)MM-ReverseIPLookup created to take a domain name and find all (A) records associated with an IP address Using Free Multiple sources,
https://github.com/FINAL094/MM-ReverseIPLookup
10)Hidden secrets and urls in JS Mass hunting || Bug bounty POC
https://www.youtube.com/watch?v=HAAG5_mSxdk
https://medium.com/@codingbolt.in/finding-a-hidden-graphql-endpoint-56001ab29f85
2)My 2nd bounty : Referer-based access control + Response manipulation
https://medium.com/@adebayosec/my-2nd-bounty-referer-based-access-control-response-manipulation-2ab7f54d083f
3)CSRF Bypass Using Domain Confusion Leads To ATO
https://infosecwriteups.com/csrf-bypass-using-domain-confusion-leads-to-ato-ac682dd17722
4)Linear-feedback. Shift. Register
https://cyancharley.medium.com/linear-feedback-shift-register-ac6fc3298c35
5)ASCWG Reverse Engineering challenges
https://s3dny.medium.com/ascwg-reverse-engineering-challenges-778e47a5be80
6)picoCTF: No SQL Injection
https://medium.com/@baracarlo/picoctf-no-sql-injection-93a253cc4d09
7)Sunset:1 Walkthrough
https://medium.com/@nikhilbwr34/sunset-1-walkthrough-d124d06fcc93
8)Gixposed is a powerful command-line tool designed to search the commit history of Git repositories for sensitive information, such as API keys and access tokens
https://github.com/WH1T3-E4GL3/gixposed
9)MM-ReverseIPLookup created to take a domain name and find all (A) records associated with an IP address Using Free Multiple sources,
https://github.com/FINAL094/MM-ReverseIPLookup
10)Hidden secrets and urls in JS Mass hunting || Bug bounty POC
https://www.youtube.com/watch?v=HAAG5_mSxdk
Medium
Finding a Hidden GraphQL Endpoint
GraphQL Vulnerability
๐7โค2
CVE-2024-46483: Integer Overflow in Xlight FTP Server, 9.8 rating ๐ฅ
By overflowing the variable, an attacker could cause remote code execution on the host or a denial of service.
Search at Netlas.io:
๐ Link: https://nt.ls/M8D2R
๐ Dork: \*.banner:"Xlight" OR raw_tcp.response_data:"Xlight"
Read more: https://github.com/kn32/cve-2024-46483
By overflowing the variable, an attacker could cause remote code execution on the host or a denial of service.
Search at Netlas.io:
๐ Link: https://nt.ls/M8D2R
๐ Dork: \*.banner:"Xlight" OR raw_tcp.response_data:"Xlight"
Read more: https://github.com/kn32/cve-2024-46483
๐3โค2
Pre-Auth RCE CyberPanel 0day by Chirag Artani ๐ฅ
Useful video from our friend's channel about one of the freshest big vulnerabilities with Netlas search ๐
We also recommend checking out his website and Twitter for more tips:
๐ Site: 3rag.com
๐ Twitter: x.com/Chirag99Artani
Useful video from our friend's channel about one of the freshest big vulnerabilities with Netlas search ๐
We also recommend checking out his website and Twitter for more tips:
๐ Site: 3rag.com
๐ Twitter: x.com/Chirag99Artani
YouTube
Pre-Auth Remote Code Execution CyberPanel 0day | Live Recon Using Netlas
CyberPanel v2.3.6 has a critical vulnerability that allows remote attackers to execute arbitrary commands on the server without prior authentication.
Impact: Attackers can exploit this vulnerability by crafting malicious requests that bypass authenticationโฆ
Impact: Attackers can exploit this vulnerability by crafting malicious requests that bypass authenticationโฆ
๐ฅ4โค3๐1
๐จ Warning to All Members ๐จ
Brut Security is a professional community focused strictly on learning and discussing cybersecurity topics. Any personal questions about religion, race, or similar matters are strictly prohibited. We are here to learn and grow as ethical hackers, not to engage in discussions unrelated to cybersecurity.
Please adhere to these guidelines:
1. Keep all conversations focused on cybersecurity topics.
2. Avoid personal questions about membersโ religious or cultural backgrounds.
3. Show respect for all membersโthis is a safe, professional space.
Failure to follow these rules will lead to immediate removal from the group.
For Queries Related to Enrolment or Other Questions, Do Reach here @brutsecurity_bot
Brut Security is a professional community focused strictly on learning and discussing cybersecurity topics. Any personal questions about religion, race, or similar matters are strictly prohibited. We are here to learn and grow as ethical hackers, not to engage in discussions unrelated to cybersecurity.
Please adhere to these guidelines:
1. Keep all conversations focused on cybersecurity topics.
2. Avoid personal questions about membersโ religious or cultural backgrounds.
3. Show respect for all membersโthis is a safe, professional space.
Failure to follow these rules will lead to immediate removal from the group.
For Queries Related to Enrolment or Other Questions, Do Reach here @brutsecurity_bot
๐ฅ12โค11๐6
Happy Diwali to the Brut Security Community!
Wishing everyone a joyful and prosperous Diwali! May this festival of lights bring happiness, success, and new learning opportunities to all.
Whether youโre celebrating or just enjoying the festive spirit, let's continue to shine brightly together as a global community. Hereโs to knowledge, growth, and unity!
Stay safe, stay inspired, and Happy Diwali! ๐ช
Wishing everyone a joyful and prosperous Diwali! May this festival of lights bring happiness, success, and new learning opportunities to all.
Whether youโre celebrating or just enjoying the festive spirit, let's continue to shine brightly together as a global community. Hereโs to knowledge, growth, and unity!
Stay safe, stay inspired, and Happy Diwali! ๐ช
1โค15๐2
CVE-2024-50550: Privilege Escalation in LiteSpeed Cache WP Plugin, 8.1 rating ๐ฅ
Weak security hash verification vulnerability allows an attacker to gain administrative privileges.
Search at Netlas.io:
๐ Link: https://nt.ls/A60iV
๐ Dork: http.body:"plugins/litespeed-cache"
Read more: https://patchstack.com/articles/rare-case-of-privilege-escalation-patched-in-litespeed-cache-plugin/
Weak security hash verification vulnerability allows an attacker to gain administrative privileges.
Search at Netlas.io:
๐ Link: https://nt.ls/A60iV
๐ Dork: http.body:"plugins/litespeed-cache"
Read more: https://patchstack.com/articles/rare-case-of-privilege-escalation-patched-in-litespeed-cache-plugin/
๐3
Brut Security
Best Motivation Tip Ever
But Our Bro is Killing It ๐๐ Happy Diwali and ๐
๐ฟ12๐ฅ5๐1๐ณ1
CVE-2024-49768: Race Condition in Waitress Python server, 9.1 rating ๐ฅ
Due to an error, the server can process a request even if the connection should have been closed.
Search at Netlas.io:
๐ Link: https://nt.ls/VYS9t
๐ Dork: http.headers.server:"waitress"
Vendor's advisory: https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj
Due to an error, the server can process a request even if the connection should have been closed.
Search at Netlas.io:
๐ Link: https://nt.ls/VYS9t
๐ Dork: http.headers.server:"waitress"
Vendor's advisory: https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj
๐2๐ฟ2
Setup and host your own blind XSS and SSRF testing tool for free https://github.com/Rahim7X/Argus.git
2๐ฅ9๐2
๐ก๏ธ List of Websites Giving Free RDP/VPS ๐ฅ๏ธ
๐น sadd.io ๐
๐ธ vpswala.org ๐
๐น ihor.ru ๐ป
๐ธ gratisvps.net ๐
๐น ionos.com โ๏ธ
๐ธ vultr.com โ๏ธ
๐น skysilk.com ๐
๐ธ yellowcircle.net ๐
๐น apponfly.com/en ๐ฒ
๐ธ cloudsigma.com ๐
๐น ezywatch.com/freevps ๐น๏ธ
๐ธ digitalocean.com ๐ณ
๐น ctl.io/free-trial ๐
๐ธ developer.rackspace.com ๐ ๏ธ
๐น my.letscloud.io/sign-up โจ
๐ธ ohosti.com/vpshosting.php ๐
๐น neuprime.com/l_vds3.php ๐ฅ๏ธ
๐ Note: Some websites may require ๐ณ credit card verification for trial access.
๐น sadd.io ๐
๐ธ vpswala.org ๐
๐น ihor.ru ๐ป
๐ธ gratisvps.net ๐
๐น ionos.com โ๏ธ
๐ธ vultr.com โ๏ธ
๐น skysilk.com ๐
๐ธ yellowcircle.net ๐
๐น apponfly.com/en ๐ฒ
๐ธ cloudsigma.com ๐
๐น ezywatch.com/freevps ๐น๏ธ
๐ธ digitalocean.com ๐ณ
๐น ctl.io/free-trial ๐
๐ธ developer.rackspace.com ๐ ๏ธ
๐น my.letscloud.io/sign-up โจ
๐ธ ohosti.com/vpshosting.php ๐
๐น neuprime.com/l_vds3.php ๐ฅ๏ธ
๐ Note: Some websites may require ๐ณ credit card verification for trial access.
๐13
Find sensitive files using Wayback
#bugbountytip #bugbounty #bugbountytips
waybackurls 123.com | grep - -color -E "1.xls | \\.tar.gz | \\.bak | \\.xml | \\.xlsx | \\.json | \\.rar | \\.pdf | \\.sql | \\.doc | \\.docx | \\.pptx | \\.txt | \\.zip | \\.tgz | \\.7z"
#bugbountytip #bugbounty #bugbountytips
1๐13โค4๐ฅ3
a XSS payload with Alert Obfuscation, for bypass Regex filter
#infosec #cybersec #bugbountytip
<img src="X" onerror=top[8680439..toString(30)](1337)>
<script>top[8680439..toString(30)](1337)</script>
#infosec #cybersec #bugbountytip
โค11๐6
Reduce Noise in Burp Suite with This Simple Trick! ๐ฅ
๐ก Just add the following patterns in Burp Suite under Proxy > Options > TLS Pass Through:
If you have any other filters to do share, drop it on comments!
๐ก Just add the following patterns in Burp Suite under Proxy > Options > TLS Pass Through:
.*\.google\.com
.*\.gstatic\.com
.*\.googleapis\.com
.*\.pki\.goog
.*\.mozilla\..*
If you have any other filters to do share, drop it on comments!
1โค15๐9