Please open Telegram to view this post
VIEW IN TELEGRAM
π8π5π₯5
Want to find the origin IP?
1-Hunt for a subdomain with no WAF
2-extract the ASN
2-check it on bgp.he.net
3- grab the IP range, and verify a live IP.
Welcome to their world!
#bugbountytips #BugBounty
1-Hunt for a subdomain with no WAF
2-extract the ASN
2-check it on bgp.he.net
3- grab the IP range, and verify a live IP.
Welcome to their world!
#bugbountytips #BugBounty
π₯29π3π±1
CVE-2025-1661: Path Traversal in The HUSKY WordPress Plugin, 9.8 rating π₯
The vulnerability allows an attacker to execute arbitrary files on the server, including PHP code.
Search at Netlas.io:
π Link: https://nt.ls/OEg7k
π Dork: http.body:"plugins/woocommerce-products-filter"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce-products-filter/husky-products-filter-professional-for-woocommerce-1365-unauthenticated-local-file-inclusion
The vulnerability allows an attacker to execute arbitrary files on the server, including PHP code.
Search at Netlas.io:
π Link: https://nt.ls/OEg7k
π Dork: http.body:"plugins/woocommerce-products-filter"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce-products-filter/husky-products-filter-professional-for-woocommerce-1365-unauthenticated-local-file-inclusion
π±6π₯4π2π1
CVE-2025-25291, -25292 and other: Multiple vulnerabilitites in GitLab, 8.8 ratingβοΈ
Traditionally, GitLab publishes information about several vulnerabilities at once. These include Interpretation Conflict, DoS, Credentials Disclose, etc.
Search at Netlas.io:
π Link: https://nt.ls/PDxYA
π Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released/
Traditionally, GitLab publishes information about several vulnerabilities at once. These include Interpretation Conflict, DoS, Credentials Disclose, etc.
Search at Netlas.io:
π Link: https://nt.ls/PDxYA
π Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released/
π4π¨βπ»2
Disclosing YouTube Creator Emails for a $20k Bounty
From creator privacy to phishing paradise: How a secret parameter could have exposed the private email addresses of monetized YouTube channels
From creator privacy to phishing paradise: How a secret parameter could have exposed the private email addresses of monetized YouTube channels
brutecat.com
Disclosing YouTube Creator Emails for a $20k Bounty
From creator privacy to phishing paradise: How a secret parameter could have exposed the private email addresses of monetized YouTube channels
π₯10π3πΏ2
π₯9π2
Nightmare
Nightmare is an intro to binary exploitation / reverse engineering course based around ctf challenges.
Nightmare is an intro to binary exploitation / reverse engineering course based around ctf challenges.
guyinatuxedo.github.io
Nightmare - Nightmare
Nightmare: an intro to binary exploitation / reverse engineering course based around CTF challenges.
β€7π1
β€6π1
π― Mastering CRTO? This Resource is Pure Gold!
If you're preparing for Certified Red Team Operator (CRTO) or want to sharpen your adversary emulation skills, Iβve found something invaluable for you!
π Check here : https://m4lici0u5.com/notes/crto-notes/
π Whatβs inside?
π΄ββ οΈ Cobalt Strike β Beacons, pivoting & advanced tactics.
π΄ββ οΈ AD Attacks β Lateral movement, Kerberoasting, DCSync & more.
π΄ββ οΈ Bypassing Defenses β EDR evasion, AMSI bypass, OPSEC tricks.
π΄ββ οΈ Persistence & PrivEsc β Staying stealthy like real APTs.
If you're preparing for Certified Red Team Operator (CRTO) or want to sharpen your adversary emulation skills, Iβve found something invaluable for you!
π Check here : https://m4lici0u5.com/notes/crto-notes/
π Whatβs inside?
π΄ββ οΈ Cobalt Strike β Beacons, pivoting & advanced tactics.
π΄ββ οΈ AD Attacks β Lateral movement, Kerberoasting, DCSync & more.
π΄ββ οΈ Bypassing Defenses β EDR evasion, AMSI bypass, OPSEC tricks.
π΄ββ οΈ Persistence & PrivEsc β Staying stealthy like real APTs.
π₯11π4πΏ4π«‘3
CVE-2024-13918, -13919: XSS in Laravel Framework, 8.0 ratingβοΈ
The vulnerabilities allow an attacker to execute code in the victim's browser via Reflected XSS if the victim clicks on a decoy link.
More then 770k instances at Netlas.io:
π Link: https://nt.ls/95OAY
π Dork: http.headers.set_cookie:"laravel_session="
Read more: https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-01_Laravel_Reflected_XSS_via_Request_Parameter_in_Debug-Mode_Error_Page
The vulnerabilities allow an attacker to execute code in the victim's browser via Reflected XSS if the victim clicks on a decoy link.
More then 770k instances at Netlas.io:
π Link: https://nt.ls/95OAY
π Dork: http.headers.set_cookie:"laravel_session="
Read more: https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-01_Laravel_Reflected_XSS_via_Request_Parameter_in_Debug-Mode_Error_Page
π5β€3π±1π¨βπ»1
function rappidns() {
curl -s "https://rapiddns.io/subdomain/$1?full=1" | grep -oE "[\.a-zA-Z0-9-]+\.$1" | tr '[:upper:]' '[:lower:]' | sort -u
}Please open Telegram to view this post
VIEW IN TELEGRAM
rapiddns.io
$1 Subdomain - RapidDNS Rapid DNS Information Collection
RapidDNS is a domain name information query system that supports querying information about websites, subdomains and the same ip website. RapidDNS supports A, AAAA, CNAME, CERTIFICATE and MX types.
π17π’2
Get Windows Domain Information:
C:\> nltest /DCLIST:DomainName
C:\> nltest /DCNAME:DomainName
C:\> nltest /DSGETDC:DomainName
These commands utilize nltest, a command-line tool included with Windows Server and some client versions (when Remote Server Administration Tools, RSAT, are installed).
Below is a detailed breakdown:
1. nltest /DCLIST:DomainName
Purpose: Lists all domain controllers for the specified domain (DomainName).
Output: Displays a list of domain controllers with their names, IP addresses, and site information.
Example:
C:\> nltest /DCLIST:EXAMPLE
DC: \\https://DC01.example.com [192.168.1.10] Site: Default-First-Site-Name
DC: \\https://DC02.example.com [192.168.1.11] Site: Default-First-Site-Name
The command completed successfully
2. nltest /DCNAME:DomainName
Purpose: Retrieves the name of a domain controller for the specified domain.
Output: Returns a single DC name, often the one the workstation is communicating with.
Example:
C:\> nltest /DCNAME:EXAMPLE
DC: \\https://DC01.example.com
The command completed successfully
3. nltest /DSGETDC:DomainName
Purpose: Queries and returns detailed information about a domain controller for the specified domain, including its name, IP, site, and more.
Output: Provides a verbose output with attributes like DC name, IP address, domain GUID, and forest details.
Example:
C:\> nltest /DSGETDC:EXAMPLE
DC: \\https://DC01.example.com
Address: 192.168.1.10
Dom Guid: {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
Site: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE
The command completed successfully
C:\> nltest /DCLIST:DomainName
C:\> nltest /DCNAME:DomainName
C:\> nltest /DSGETDC:DomainName
These commands utilize nltest, a command-line tool included with Windows Server and some client versions (when Remote Server Administration Tools, RSAT, are installed).
Below is a detailed breakdown:
1. nltest /DCLIST:DomainName
Purpose: Lists all domain controllers for the specified domain (DomainName).
Output: Displays a list of domain controllers with their names, IP addresses, and site information.
Example:
C:\> nltest /DCLIST:EXAMPLE
DC: \\https://DC01.example.com [192.168.1.10] Site: Default-First-Site-Name
DC: \\https://DC02.example.com [192.168.1.11] Site: Default-First-Site-Name
The command completed successfully
2. nltest /DCNAME:DomainName
Purpose: Retrieves the name of a domain controller for the specified domain.
Output: Returns a single DC name, often the one the workstation is communicating with.
Example:
C:\> nltest /DCNAME:EXAMPLE
DC: \\https://DC01.example.com
The command completed successfully
3. nltest /DSGETDC:DomainName
Purpose: Queries and returns detailed information about a domain controller for the specified domain, including its name, IP, site, and more.
Output: Provides a verbose output with attributes like DC name, IP address, domain GUID, and forest details.
Example:
C:\> nltest /DSGETDC:EXAMPLE
DC: \\https://DC01.example.com
Address: 192.168.1.10
Dom Guid: {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
Site: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE
The command completed successfully
π15β€6π₯1
Please open Telegram to view this post
VIEW IN TELEGRAM
π«‘12π3π₯3