1. Run HxD as Admin.
2. Open (Ctrl + O) and find "sublime_text.exe".
3. Search > Replace (Ctrl + R) > Hex values
4. Enter the following: Search for: 80 79 05 00 0F 94 C2 -> Replace with C6 41 05 01 B2 00 90 Search direction: All -> Replace All (only 1 instance found for me).
5. Save (Ctrl + S) then exit HxD.
6. Run Sublime Text.
Please open Telegram to view this post
VIEW IN TELEGRAM
1๐7โค5๐ฅ2
site:*.host.com ext:asp
site:*.host.com ext:jsp
site:*.host.com ext:aspx
site:*.host.com ext:jspx
site:*.host.com ext:do
site:*.host.com ext:action
site:*.host.com ext:php
Please open Telegram to view this post
VIEW IN TELEGRAM
โค9๐4๐ฅ1
CVE-2024-52301: Improper Input Validation in Laravel Framework, 8.7 ratingโ๏ธ
The vulnerability allows an attacker to change environment using a special crafted query string.
More then 830k instances at Netlas.io:
๐ Link: https://nt.ls/CDJgv
๐ Dork: http.headers.set_cookie:"laravel_session="
Vendor's advisory: https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h
The vulnerability allows an attacker to change environment using a special crafted query string.
More then 830k instances at Netlas.io:
๐ Link: https://nt.ls/CDJgv
๐ Dork: http.headers.set_cookie:"laravel_session="
Vendor's advisory: https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h
โค3๐3๐ฅ1
Hey everyone! ๐
A big, warm welcome to all our new members! ๐ And to our amazing long-time supporters, thank you for sticking around and making this community what it is today! ๐
If youโve been finding value in the bug bounty updates, cybersecurity tips, and job opportunities I share, Iโd truly appreciate your support. โญ You can boost or give a star to Brut Securityโit keeps me motivated to keep delivering the best content for you all! ๐ป๐
Thanks for being such an incredible community. Your encouragement means everything!โค๏ธ ๐
A big, warm welcome to all our new members! ๐ And to our amazing long-time supporters, thank you for sticking around and making this community what it is today! ๐
If youโve been finding value in the bug bounty updates, cybersecurity tips, and job opportunities I share, Iโd truly appreciate your support. โญ You can boost or give a star to Brut Securityโit keeps me motivated to keep delivering the best content for you all! ๐ป๐
Thanks for being such an incredible community. Your encouragement means everything!
Please open Telegram to view this post
VIEW IN TELEGRAM
1โค9๐ฅ2
"https://target.com" send_keys
"https://target.com" password
"https://target.com" api_key
"https://target.com" apikey
"https://target.com" jira_password
"https://target.com" root_password
"https://target.com" access_token
"https://target.com" config
"https://target.com" client_secret
"https://target.com" user auth
Please open Telegram to view this post
VIEW IN TELEGRAM
Target
Target : Expect More. Pay Less.
Shop Target online and in-store for everything from groceries and essentials to clothing and electronics. Choose contactless pickup or delivery today.
๐13๐ฅ6โค2
Itโs been a while! Howโs everyone doing? Let me know what resources you need in cybersecurity. Please note, no requests for pirated material.
๐ฅ7๐1
Please open Telegram to view this post
VIEW IN TELEGRAM
1๐12โค6๐ฅ1
โ ๏ธ S3 Bucket Recon โ ๏ธ
Source : https://github.com/securitycipher/awsome-websecurity-checklist/blob/main/Mindmaps/S3-Bucket%20Recon.png
Source : https://github.com/securitycipher/awsome-websecurity-checklist/blob/main/Mindmaps/S3-Bucket%20Recon.png
GitHub
awsome-websecurity-checklist/Mindmaps/S3-Bucket Recon.png at main ยท securitycipher/awsome-websecurity-checklist
Contribute to securitycipher/awsome-websecurity-checklist development by creating an account on GitHub.
๐7
Please open Telegram to view this post
VIEW IN TELEGRAM
๐ฅ4
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
โค8๐1
BGPView for Reconnaissance
- Get ASN Information
- Enumerate IP Prefixes for an ASN
- Retrieve IP Address Details
- Search ASN, IP, or Domain Together
- Upstreams
- Upstreams [ IPv4 ]
- Upstreams [ IPv6 ]
- All Peers
- Extract ASN Prefixes with Peer Details
- Downstreams
- Subdomain Enumeration from ASN
- Query ASN by Organization Name
ยฉ Yasin
- Get ASN Information
curl -s "https://api.bgpview.io/asn/AS12345" | jq
- Enumerate IP Prefixes for an ASN
curl -s "https://api.bgpview.io/asn/AS12345/prefixes" | jq '.data.ipv4_prefixes[] | .prefix'
- Retrieve IP Address Details
curl -s "https://api.bgpview.io/ip/8.8.8.8" | jq
- Search ASN, IP, or Domain Together
curl -s "https://api.bgpview.io/search?query=example.com" | jq '.data'
- Upstreams
curl -s "https://api.bgpview.io/asn/AS12345/upstreams" | jq
- Upstreams [ IPv4 ]
curl -s "https://api.bgpview.io/asn/AS12345/upstreams" | jq '.data.ipv4_upstreams[] | {asn, name, description, country: .country_code}'
- Upstreams [ IPv6 ]
curl -s "https://api.bgpview.io/asn/AS12345/upstreams" | jq '.data.ipv6_upstreams[] | {asn, name, description, country: .country_code}'
- All Peers
curl -s "https://api.bgpview.io/asn/AS12345/peers" | jq '[.data.ipv4_peers[], .data.ipv6_peers[]] | map({asn, name, description, country: .country_code})'
- Extract ASN Prefixes with Peer Details
curl -s "https://api.bgpview.io/asn/AS12345/peers" | jq '[.data.ipv4_peers[], .data.ipv6_peers[]] | map({asn, name, description, country: .country_code, prefix: .prefix})'
- Downstreams
curl -s "https://api.bgpview.io/asn/AS12345/downstreams" | jq
- Subdomain Enumeration from ASN
curl -s "https://api.bgpview.io/asn/AS12345/prefixes"
dig -x $prefix
done
- Query ASN by Organization Name
curl -s "https://api.bgpview.io/search?query=google" | jq '.data.asns[] | {asn, name, description}'
Please open Telegram to view this post
VIEW IN TELEGRAM
๐12๐ณ4โค2
CVE-2024-52052, -053, -054, -055, -056: Multiple vulnerabilitites in Wowza Streaming Engine, 5.1 - 9.4 rating ๐ฅ
Five recent vulnerabilities we almost missed. RCE, stored XSS, file read, file write, and folder deletion - vulnerabilities for every taste!
Search at Netlas.io:
๐ Link: https://nt.ls/8BudC
๐ Dork: http.favicon.hash_sha256:3641ed4d68a0362f1ef45069584a71b0940acfcdb6abf8c13b8fc29837160a81 OR http.headers.server:"WowzaStreamingEngine"
Read more: https://www.rapid7.com/blog/post/2024/11/20/multiple-vulnerabilities-in-wowza-streaming-engine-fixed/
Five recent vulnerabilities we almost missed. RCE, stored XSS, file read, file write, and folder deletion - vulnerabilities for every taste!
Search at Netlas.io:
๐ Link: https://nt.ls/8BudC
๐ Dork: http.favicon.hash_sha256:3641ed4d68a0362f1ef45069584a71b0940acfcdb6abf8c13b8fc29837160a81 OR http.headers.server:"WowzaStreamingEngine"
Read more: https://www.rapid7.com/blog/post/2024/11/20/multiple-vulnerabilities-in-wowza-streaming-engine-fixed/
๐1