Forwarded from HackMeLocal
🕹 مینیچالش روی وردپرس!
همیشه لازم نیست از راه سخت دسترسی بگیریم!
بیشتر حملههایی که صورت میگیره از یک دسترسی ساده شروع میشه که به خاطر یک اشتباه کوچیک اطلاعات اون دسترسی لو رفته. ( شب دارکی شد ... )
برای نشون دادن اهمیت این چالش طراحی شده ( لازم بگم با تغییرات جزئی مثل همین باگ روی یک پلتفرم باگ بانتی گزارش شده که بعد از کشف حتما داخل کانال توضیح میدیم ):
ما بروزترین نسخه وردپرس نصب کردیم، سپس یک WAF سر راه اون قرار دادیم اما در یک اقدامی عجیب بدون حتی یک خطا یک هکر وارد وبسایت ما شد.
⚠️ این حمله تقریبا چند دقیقه بعد از اینکه اولین ویدیو داخل وبسایت آپلود شد صورت گرفت نکته عجیب اینکه ما حتی این ویدیو را در پستهایمان استفاده نکردیم !!
🔗آدرس وبسایت ما:
https://wp1.hackmelocal.com
#BugBounty #Wordpress #Vulnrability #CTF #HackMeLocal #InformationLeak
@HackMeLocal
همیشه لازم نیست از راه سخت دسترسی بگیریم!
بیشتر حملههایی که صورت میگیره از یک دسترسی ساده شروع میشه که به خاطر یک اشتباه کوچیک اطلاعات اون دسترسی لو رفته. ( شب دارکی شد ... )
برای نشون دادن اهمیت این چالش طراحی شده ( لازم بگم با تغییرات جزئی مثل همین باگ روی یک پلتفرم باگ بانتی گزارش شده که بعد از کشف حتما داخل کانال توضیح میدیم ):
ما بروزترین نسخه وردپرس نصب کردیم، سپس یک WAF سر راه اون قرار دادیم اما در یک اقدامی عجیب بدون حتی یک خطا یک هکر وارد وبسایت ما شد.
⚠️ این حمله تقریبا چند دقیقه بعد از اینکه اولین ویدیو داخل وبسایت آپلود شد صورت گرفت نکته عجیب اینکه ما حتی این ویدیو را در پستهایمان استفاده نکردیم !!
🔗آدرس وبسایت ما:
https://wp1.hackmelocal.com
#BugBounty #Wordpress #Vulnrability #CTF #HackMeLocal #InformationLeak
@HackMeLocal
⚡6☃1🕊1
Forwarded from Hack Hive
Misconfiguration.pdf
933.5 KB
#number1_5:
Misconfiguration
For practice and learning:
easy level =
https://weblabs.popdocs.net/labs/webgoat
And
https://sud-defcon.medium.com/tryhackme-owasp-top-10-2021-v-security-misconfiguration-c40f70a74155
And
https://www.wwt.com/lab/mg05_juicedshop_a05
And
https://tryhackme.com/room/owasptop102021
And
https://portswigger.net/web-security/all-labs
And
https://ctflearn.com/challenge/1/browse
And
https://www.root-me.org/en/Challenges/Web-Server/
medium level =
https://weblabs.popdocs.net/labs/mutillidae-2
And
https://www.101labs.net/comptia-security/lab-92-owasp-a6-security-misconfiguration/
And
https://tryhackme.com/room/owasptop102021
And
https://academy.hackthebox.com/course/preview/abusing-http-misconfigurations
And
https://iammainul.medium.com/hackthebox-previse-walkthrough-49950c75d849
And
https://www.reddit.com/r/securityCTF/comments/1kw0i4q/need_help_with_ssrf_challenge_in_nginx_ssrf/
#Owasp_series
#misconfiguration
@Hackhive_channel🐝
Misconfiguration
For practice and learning:
easy level =
https://weblabs.popdocs.net/labs/webgoat
And
https://sud-defcon.medium.com/tryhackme-owasp-top-10-2021-v-security-misconfiguration-c40f70a74155
And
https://www.wwt.com/lab/mg05_juicedshop_a05
And
https://tryhackme.com/room/owasptop102021
And
https://portswigger.net/web-security/all-labs
And
https://ctflearn.com/challenge/1/browse
And
https://www.root-me.org/en/Challenges/Web-Server/
medium level =
https://weblabs.popdocs.net/labs/mutillidae-2
And
https://www.101labs.net/comptia-security/lab-92-owasp-a6-security-misconfiguration/
And
https://tryhackme.com/room/owasptop102021
And
https://academy.hackthebox.com/course/preview/abusing-http-misconfigurations
And
https://iammainul.medium.com/hackthebox-previse-walkthrough-49950c75d849
And
https://www.reddit.com/r/securityCTF/comments/1kw0i4q/need_help_with_ssrf_challenge_in_nginx_ssrf/
#Owasp_series
#misconfiguration
@Hackhive_channel🐝
❤5
Forwarded from Hack Hive
Hack Hive
Misconfiguration.pdf
hard level =
https://www.hackthebox.com/blog/active-directory-misconfigurations
And
https://olivierkonate.medium.com/hackthebox-usage-f9c7e12818cd
And
https://portswigger.net/web-security/all-labs
And
https://portswigger.net/web-security/api-testing/top-10-api-vulnerabilities
And
https://arxiv.org/abs/2107.12566
And
https://4geeks.com/interactive-coding-tutorial/exposed-code-analysis-ctf-lab
And
https://xploitlab.me/labs/ins
#owasp_series
#misconfiguration
@hackhive_channel🐝
https://www.hackthebox.com/blog/active-directory-misconfigurations
And
https://olivierkonate.medium.com/hackthebox-usage-f9c7e12818cd
And
https://portswigger.net/web-security/all-labs
And
https://portswigger.net/web-security/api-testing/top-10-api-vulnerabilities
And
https://arxiv.org/abs/2107.12566
And
https://4geeks.com/interactive-coding-tutorial/exposed-code-analysis-ctf-lab
And
https://xploitlab.me/labs/ins
#owasp_series
#misconfiguration
@hackhive_channel🐝
Hack The Box
5 Active Directory misconfigurations (& how they're exploited)
Audit your AD environment for misconfigurations (and attacks) that can lead to severe consequences when exploited by malicious actors.
🔥6
@PasswordSearchBot
Password Search Bot
A Telegram bot (10 free searches/day) that provides passwords associated with any email address found in data breaches.
➖➖➖➖➖
CHANNEL
GROUP
DISCORD
Password Search Bot
A Telegram bot (10 free searches/day) that provides passwords associated with any email address found in data breaches.
➖➖➖➖➖
CHANNEL
GROUP
DISCORD
Telegram
NSEs
Where Network meets Red Team 🎯
If you're into PenTesting, Hacking, and Cyber Shenanigans — you're home!
🧠 Learn • 🚀 Hack • 🧩 Quiz • 📚 Books • 😁 Memes
If you're into PenTesting, Hacking, and Cyber Shenanigans — you're home!
🧠 Learn • 🚀 Hack • 🧩 Quiz • 📚 Books • 😁 Memes
❤🔥8❤1🔥1
A Hacker's Notebook: Real Techniques from the World of Bug Bounty
https://snapdragon-copper-dd1.notion.site/A-Hacker-s-Notebook-Real-Techniques-from-the-World-of-Bug-Bounty-20ea797be4c680e6b542c20a943782d6?pvs=73
By: @bugbountyhints
https://snapdragon-copper-dd1.notion.site/A-Hacker-s-Notebook-Real-Techniques-from-the-World-of-Bug-Bounty-20ea797be4c680e6b542c20a943782d6?pvs=73
By: @bugbountyhints
snapdragon-copper-dd1 on Notion
A Hacker's Notebook: Real Techniques from the World of Bug Bounty | Notion
This document is a collection of practical tips and techniques gathered from various bug bounty write-ups. The goal is to share these real-world scenarios to get a better perspective on finding vulnerabilities and developing a hacker's mindset.
❤13🔥1🤣1
FREE reverse engineering module now available!
Learn assembly fundamentals - perfect for beginners.
• Hands-on debugging with real examples
• Web based: no downloads, installs, or VMs
Start reversing here 👇
https://www.aceresponder.com/learn/rem-intro
Learn assembly fundamentals - perfect for beginners.
• Hands-on debugging with real examples
• Web based: no downloads, installs, or VMs
Start reversing here 👇
https://www.aceresponder.com/learn/rem-intro
Aceresponder
Reverse Engineering and Malware Analysis Intro
A free introduction to reverse engineering malware with an emphasis on interpreting assembly language.
🔥10❤4
NSEs
FREE reverse engineering module now available! Learn assembly fundamentals - perfect for beginners. • Hands-on debugging with real examples • Web based: no downloads, installs, or VMs Start reversing here 👇 https://www.aceresponder.com/learn/rem-intro
چند تا اموزش رایگان دیگه مثل ویندوز API ... داره خواستید بهش یه سر بزنید
⚡9❤3
Forwarded from GO-TO CVE
CVE-2025-24893-week-73.docx
330.2 KB
🎯 Week 73 — CVE-2025-24893 Review — xwiki rce
🔹 Week: 73
🔹 CVE: CVE-2025-24893
🔹 Type: rce
🔹 Target: xwiki
#week_73
🔹 Week: 73
🔹 CVE: CVE-2025-24893
🔹 Type: rce
🔹 Target: xwiki
#week_73
⚡9❤2