Disclosing YouTube Creator Emails for a $20k Bounty
From creator privacy to phishing paradise: How a secret parameter could have exposed the private email addresses of monetized YouTube channels
From creator privacy to phishing paradise: How a secret parameter could have exposed the private email addresses of monetized YouTube channels
brutecat.com
Disclosing YouTube Creator Emails for a $20k Bounty
From creator privacy to phishing paradise: How a secret parameter could have exposed the private email addresses of monetized YouTube channels
π₯10π3πΏ2
π₯9π2
Nightmare
Nightmare is an intro to binary exploitation / reverse engineering course based around ctf challenges.
Nightmare is an intro to binary exploitation / reverse engineering course based around ctf challenges.
guyinatuxedo.github.io
Nightmare - Nightmare
Nightmare: an intro to binary exploitation / reverse engineering course based around CTF challenges.
β€7π1
β€6π1
π― Mastering CRTO? This Resource is Pure Gold!
If you're preparing for Certified Red Team Operator (CRTO) or want to sharpen your adversary emulation skills, Iβve found something invaluable for you!
π Check here : https://m4lici0u5.com/notes/crto-notes/
π Whatβs inside?
π΄ββ οΈ Cobalt Strike β Beacons, pivoting & advanced tactics.
π΄ββ οΈ AD Attacks β Lateral movement, Kerberoasting, DCSync & more.
π΄ββ οΈ Bypassing Defenses β EDR evasion, AMSI bypass, OPSEC tricks.
π΄ββ οΈ Persistence & PrivEsc β Staying stealthy like real APTs.
If you're preparing for Certified Red Team Operator (CRTO) or want to sharpen your adversary emulation skills, Iβve found something invaluable for you!
π Check here : https://m4lici0u5.com/notes/crto-notes/
π Whatβs inside?
π΄ββ οΈ Cobalt Strike β Beacons, pivoting & advanced tactics.
π΄ββ οΈ AD Attacks β Lateral movement, Kerberoasting, DCSync & more.
π΄ββ οΈ Bypassing Defenses β EDR evasion, AMSI bypass, OPSEC tricks.
π΄ββ οΈ Persistence & PrivEsc β Staying stealthy like real APTs.
π₯11π4πΏ4π«‘3
CVE-2024-13918, -13919: XSS in Laravel Framework, 8.0 ratingβοΈ
The vulnerabilities allow an attacker to execute code in the victim's browser via Reflected XSS if the victim clicks on a decoy link.
More then 770k instances at Netlas.io:
π Link: https://nt.ls/95OAY
π Dork: http.headers.set_cookie:"laravel_session="
Read more: https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-01_Laravel_Reflected_XSS_via_Request_Parameter_in_Debug-Mode_Error_Page
The vulnerabilities allow an attacker to execute code in the victim's browser via Reflected XSS if the victim clicks on a decoy link.
More then 770k instances at Netlas.io:
π Link: https://nt.ls/95OAY
π Dork: http.headers.set_cookie:"laravel_session="
Read more: https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-01_Laravel_Reflected_XSS_via_Request_Parameter_in_Debug-Mode_Error_Page
π5β€3π±1π¨βπ»1
function rappidns() {
curl -s "https://rapiddns.io/subdomain/$1?full=1" | grep -oE "[\.a-zA-Z0-9-]+\.$1" | tr '[:upper:]' '[:lower:]' | sort -u
}Please open Telegram to view this post
VIEW IN TELEGRAM
rapiddns.io
$1 Subdomain - RapidDNS Rapid DNS Information Collection
RapidDNS is a domain name information query system that supports querying information about websites, subdomains and the same ip website. RapidDNS supports A, AAAA, CNAME, CERTIFICATE and MX types.
π17π’2
Get Windows Domain Information:
C:\> nltest /DCLIST:DomainName
C:\> nltest /DCNAME:DomainName
C:\> nltest /DSGETDC:DomainName
These commands utilize nltest, a command-line tool included with Windows Server and some client versions (when Remote Server Administration Tools, RSAT, are installed).
Below is a detailed breakdown:
1. nltest /DCLIST:DomainName
Purpose: Lists all domain controllers for the specified domain (DomainName).
Output: Displays a list of domain controllers with their names, IP addresses, and site information.
Example:
C:\> nltest /DCLIST:EXAMPLE
DC: \\https://DC01.example.com [192.168.1.10] Site: Default-First-Site-Name
DC: \\https://DC02.example.com [192.168.1.11] Site: Default-First-Site-Name
The command completed successfully
2. nltest /DCNAME:DomainName
Purpose: Retrieves the name of a domain controller for the specified domain.
Output: Returns a single DC name, often the one the workstation is communicating with.
Example:
C:\> nltest /DCNAME:EXAMPLE
DC: \\https://DC01.example.com
The command completed successfully
3. nltest /DSGETDC:DomainName
Purpose: Queries and returns detailed information about a domain controller for the specified domain, including its name, IP, site, and more.
Output: Provides a verbose output with attributes like DC name, IP address, domain GUID, and forest details.
Example:
C:\> nltest /DSGETDC:EXAMPLE
DC: \\https://DC01.example.com
Address: 192.168.1.10
Dom Guid: {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
Site: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE
The command completed successfully
C:\> nltest /DCLIST:DomainName
C:\> nltest /DCNAME:DomainName
C:\> nltest /DSGETDC:DomainName
These commands utilize nltest, a command-line tool included with Windows Server and some client versions (when Remote Server Administration Tools, RSAT, are installed).
Below is a detailed breakdown:
1. nltest /DCLIST:DomainName
Purpose: Lists all domain controllers for the specified domain (DomainName).
Output: Displays a list of domain controllers with their names, IP addresses, and site information.
Example:
C:\> nltest /DCLIST:EXAMPLE
DC: \\https://DC01.example.com [192.168.1.10] Site: Default-First-Site-Name
DC: \\https://DC02.example.com [192.168.1.11] Site: Default-First-Site-Name
The command completed successfully
2. nltest /DCNAME:DomainName
Purpose: Retrieves the name of a domain controller for the specified domain.
Output: Returns a single DC name, often the one the workstation is communicating with.
Example:
C:\> nltest /DCNAME:EXAMPLE
DC: \\https://DC01.example.com
The command completed successfully
3. nltest /DSGETDC:DomainName
Purpose: Queries and returns detailed information about a domain controller for the specified domain, including its name, IP, site, and more.
Output: Provides a verbose output with attributes like DC name, IP address, domain GUID, and forest details.
Example:
C:\> nltest /DSGETDC:EXAMPLE
DC: \\https://DC01.example.com
Address: 192.168.1.10
Dom Guid: {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
Site: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV GTIMESERV WRITABLE
The command completed successfully
π15β€6π₯1
Please open Telegram to view this post
VIEW IN TELEGRAM
π«‘12π3π₯3
Vespa is an open-source big data serving engine used for building applications that require real-time processing and serving of large datasets. The Vespa configuration server typically runs on port 19071. This server is responsible for managing the configuration of Vespa nodes and can sometimes expose sensitive information or be vulnerable to misconfigurations.
1. Open Port: Ensure that port 19071 is not exposed to the public internet without proper authentication and authorization mechanisms in place.
2. Configuration Files: Check if the configuration files are accessible or if there are any misconfigurations that could lead to information disclosure.
3. Authentication: Verify that the configuration server requires proper authentication and that default credentials have been changed.
4. Access Control: Ensure that access to the configuration server is restricted to only authorized personnel.
5. Logging and Monitoring: Look for any logging or monitoring issues that could expose sensitive information.
To check if port 19071 is open, you can use
nmap:nmap -p 19071 <target_ip>
If the port is open, you can try to access it using a web browser or tools like
curl:curl https://<target_ip>:19071
βIf you find any vulnerabilities or misconfigurations, document them thoroughly and report them to the bug bounty program. Good luck!
Please open Telegram to view this post
VIEW IN TELEGRAM
π9π₯7β€3
β’ LOLBAS [Windows LOLBins abuse ] β https://lolbas-project.github.io/
β’ GTFOBins [Linux privilege escalation] β https://gtfobins.github.io/
β’ IppSec Rocks [HTB attack walkthroughs] β https://ippsec.rocks/?#
β’ WADComs [Windows AD enumeration] β https://wadcoms.github.io/
Please open Telegram to view this post
VIEW IN TELEGRAM
β€19π₯2
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯8
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯41β€6π¨βπ»2