Perintah / Command Sudomy di Kali Linux

 Pindah directory sudomy:

cd /home/*user*

comand sudomy : 

sudomy kali linux: docker run -v "${PWD}/output:/usr/lib/sudomy/output" -v "${PWD}/sudomy.api:/usr/lib/sudomy/sudomy.api" -it --rm screetsec/sudomy:v1.1.0 -d apple.com
Published by On Tidak ada komentar:

100 (very) short bug bounty rules:


1/ Spend at least 30 minutes on a new target

2/ Look for “No”s

3/ Use Italics Tags in your inputs instead of XSS payloads

4/ Focus on SaaS apps that are multi-tenant

5/ Buy Burp Pro

6/ On a new target go straight to the User Management section

7/ See if inviting an existing user to your org exposes their name

8/ See if inviting an existing user removes them from their own org

9/ If the scope has a wildcard, use sub finder to find subdomains

10/ Run HTTPX on the list of subdomains to narrow down alive targets

11/ On an app you’re not familiar with, use it like a normal user first

12/ If the docs say you can’t do X, but you can do X then you have a bug

13/ Use match & replace rules to find new endpoints

14/ Budget time into your week specifically for hacking

15/ Give yourself a no-bug time limit. I do 3 hours.

16/ Go back to old dupes and see if you can still reproduce. 

17/ Look for “+2” in your reputation log to find dupes that should be now.

18/Ask for help from other hackers

19/ Make your report a conversation, not a sales pitch

20/ Accept & expect that dupes will happen

21/ File & Forget

22/ If an endpoint has “api/v2/“, try “api/v1/”

23/ If an endpoint has “api/v2”, try removing the “v2” altogether

24/ 6 $1000 Mediums pay more than 1 $5,000 crit. Don’t ignore any bugs

25/ Lows are still bugs that should be filed

26/ Be kind to your triager 

27/ Say “thank you” when you get a bounty

28/ If an app uses UUIDs, you can still look for IDORs. Just set “AC:H”.

29/ If UUID IDORs exist, then look for an endpoint that exposes UUIDs

30/ Pin your success on whether your followed your plan, not if you found bugs

31/ A program that has a lot of hackers doesn’t mean there isn’t low-hanging fruit

32/ Going deep _will_ payoff

33/ Working with new hackers will payoff in dividends

34/ Don’t be jealous

35/ Bug Bounty income isn’t consistent. Be okay with peaks & valleys for your own sanity

36/ If you find a bug that’s OOS, still ask the customer if they care

37/ There’s no end. Enjoy the journey

38/ Have a hobby that’s not related to hacking

39/ Have friends that don’t hack

40/ Figure out what time of day you hack the best. Late nights aren’t for me.

41/ Spend that extra 2 minutes to make your report look/read nice

42/ “Subscribe” to programs that pay well and have good scope

43/ Don’t whine on Twitter about a single report. Or at all for that matter.

44/ IDORs and Privilege Escalations are a great place to start

45/ Unmet expectations lead to disappointment

46/ Teach someone else how to hack

47/ Time spent reading/learning is time-well spent

48/ Focus on programs that you actually use in your day-to-day

49/ Establish a relationship with the program

50/ Try asking the program what types of bugs they want to see

51/ Look at a programs leaderboard to see who you should collar with

52/ When collaborating, an even bounty split eliminates hassle

53/ Take a break when you stop having fun

54/ At an LHE, start hacking ahead of time

55/ Look for programs that are active in resolving reports

56/ Look for programs that haven’t awarded a lot recently

57/ Look for programs that have collaboration enabled

58/ Look for programs that don’t list out a bunch of known issues

59/ Look for programs that have a history of adding new scope

60/ Change your strategy if you’ve gone a while without a finding

61/ If you’re on a roll, keep doing what you’re doing

62/ But don’t let success keep you from evolving/growing

63/ Compare yourself against yourself from last year

64/ Maintain online presence for new opportunities

65/ Be thankful for failure

66/ Read disclosed reports

67/ Focus on one program at a time. Cycle if you get bored.

68/ Don’t spray XSS payloads everywhere

69/ If possible, work at a company that has a BBP

70/ Spend bounty money on tools that will generate more bounties

71/ Budget a specific amount of your bounties for fun. And stick to it.

72/ When hacking a store, don’t be afraid to make small purchases

73/ Look for changes in JS files to know when there may be new functionality

74/ Look for references to subdomains in a company’s GH repos

75/ Look for references to subdomains in employee’s GH repos

76/ If the app uses Intercom, try booting it with another email

77/ Look for second-degree IDORs

78/ SSRFs exist when the app makes any external request. Look for these requests.

79/ Look for actuator endpoints

80/ Find hackers that hack differently than you.

81/ Try hacking in a different room of the house

82/ Try hacking at a different location altogether

83/ If you find the same bug on different endpoints, file as different bugs

84/ Try always having some pending bugs in your pipeline

85/ Break your yearly bounty goal into monthly goals

86/ Know when a bounty isn’t worth fighting over

87/ Push back gently when a report gets downgraded

88/ Use the leaderboard as motivation, not as comparison

89/ Don’t re-invent the wheel when a tool exists

90/ Don’t be afraid to build the wheel if the tool doesn’t

91/ Try collabing in real time over video chat

92/ Always ask why something works the way it does

93/ When collabing, don’t be afraid to be the underperformer

94/ When collabing, don’t get salty about being the oqerperformer

95/ Use mediation, but use it sparingly

96/ Be generous with your earnings

97/ Hack for fun, not for a paycheck

98/ LHEs are a privilege, not an expectation

99/ Programs are your friend, not your adversary. Work with them

100/ The platform is your friend, not your adversary. Work with them


Published by On Tidak ada komentar:
in

open redirect payload

 


site:target.com inurl:redir | inurl:redir |redirect_uri | inurl:redirect_url | inurl:return_url |inurl:href | inurl:host | inurl:next | inurl:url | inurl:uri | inurl:origin | inurl:referrer | inurl:callback_url |inurl:redirect | inurl:imh_url | inurl:returnto | inurl: checkout_url | inurl:continue | inurl:return_path | inurl:destination | inurl:rurl | inurl:image_url | inurl:newurl | inurl:redirect | inurl: redirectUrl

Published by On Tidak ada komentar:

Platform bug bounty

 🛷 WEBSITES WHERE YOU CAN MAKE MONEY BY HUNTING BUGS🛷

Hackers and Cyber Security Experts get paid well but some of them doesn’t get chance so easily. So here are some platforms for bug bounty programs to earn good.

🤿Bug Bounty Platforms🥌

HackerOne

https://www.hackerone.com

Bugcrowd

https://www.bugcrowd.com

Synack

https://www.synack.com

Detectify

https://cs.detectify.com

Cobalt

https://cobalt.io

Open Bug Bounty

https://www.openbugbounty.org

Zero Copter

https://www.zerocopter.com

Yes We Hack

https://www.yeswehack.com

Hacken Proof

https://hackenproof.com

Vulnerability Lab

https://www.vulnerability-lab.com

Fire Bounty

https://firebounty.com

Bug Bounty

https://bugbounty.jp/

Anti Hack

https://antihack.me

Intigrity

https://intigrity.com/

Safe Hats

https://safehats.com

Red Storm

https://www.redstorm.io/

Cyber Army

https://www.cyberarmy.id

Yogosha

https://yogosha.com

Published by On Tidak ada komentar:

Learn ETHICAL HACKING From 0 To Hero | Full Guide with 23+ Courses | Mega.nz

Cost = $10000+

Requirements: A clear Mindset

Most Important 1 - 4
= Important
Don’t skip anything, Everything is in order
and download the courses in small parts in order

Step - 1
Tryhackme: Beginner Level
Link - https://tryhackme.com/hacktivities

Pre Security only -

  • Cyber Security
  • How The WebWorks
  • Windows Fundamentals

Step - 2
Networking - Networking is the most important thing in this field. You should know how the internet works, Wifi, IPV4, IPV6, Modem & Routers, TCPIP

TOTAL CompTIA A+ Certification (220-1002):
Mega Link - https://mega.nz/folder/zSpnzKKD#UPhqD2NZBoM3ImhvMsx9qA

Step - 3
CompTIA Network+ Cert. (N10-007) The Total Course part:
Mega Link - https://mega.nz/folder/fC5njSyR#NMw88ZzRaYhDTSmYewodXA

Step - 4
Linux Essentials For Hackers:
Mega Link - https://mega.nz/folder/mSZm0ToD#eHVXlQEZqjvy7wtOjr6bsQ

oR

Linux Fundamentals (only if you have much time)
Mega Link - https://mega.nz/folder/bWAzhIpK#75a7aku_sRt6xELqZx4Rtw

Step - 5:
Programming Languages

  1. C/C++ - (don’t need to do both … only 1 of these)
    [C++ recommend because it can be used for other purposes also and its has OOPs also]

    C++ Programming For Beginners- From Beginner to Beyond
    Mega Link - https://mega.nz/folder/mHojiKDQ#3Elcoz07kRO_wHNsqGSSyg

    C Programming For Beginners - Master the C Language
    Mega Link - https://mega.nz/folder/Hep3WCyL#edxDM0t-hLe56aXVJMb1Zg

NOTE - First learn C/c++ Language before start hacking. You can learn other languages while learning hacking at the same time/day.

  1. Python courses are given at the bottom (you can do python now or after learning Basic ethical hacking.

  2. SQL - Sql is one of the important languages in this field because there are many attacks. If we have good knowledge about SQL we can exploit databases with more ease.

    The Ultimate MySQL Bootcamp Go from SQL Beginner to Expert:
    Mega Link - https://mega.nz/folder/LS4FBKwI#2JKm18_PJngL8Fc4MP7mcw

  3. The next one is Javascript-

    Javascript for Pentesters 1:

    Mega Link - https://mega.nz/folder/ya5W0Lxa#Ocx3Gbtkv8PqSzzSpG6PfA

    Javascript for Pentesters 2:

    Mega Link - https://mega.nz/folder/ub40ARZD#TmsUGA1MK4_-lVbRvJG-QQ

Step - 6
Start Learn Hacking now (courses are arranged in order)

  1. Hacking in Practice Intensive Ethical Hacking MEGA Course:

    Mega Link - https://mega.nz/folder/STp0RTgI#9evucI3TuA4ovRHwIzkZjw

  2. Learn Ethical Hacking From Scratch:

    Mega Link - https://mega.nz/folder/uOhmlJDK#XurLsSfc4Q_2lqir8__7xQ

  3. Network Hacking Continued - Intermediate to Advanced:

    Mega Link - https://mega.nz/folder/rDwizT6T#cfvtFj1U5NSML8A9e9WKKg

  4. Website Hacking Penetration Testing & Bug Bounty Hunting:

    Mega Link - https://mega.nz/folder/rLwGFBqL#fypM_Tl6_PqMLDllXPhdhw

  5. Intro to Bug Bounty Hunting and Web Application Hacking:

    Mega Link - https://mega.nz/folder/HD5kFLIb#0GL5H-vCZ97egfYQDgGHOg

  6. Practical Ethical Hacking - The Complete Course

    Mega Link - https://mega.nz/folder/CKwkRTgD#eyLfo_HAvRIDZ7hJO_1N7w

  7. Learn Python & Ethical Hacking From Scratch:

    Mega Link - https://mega.nz/folder/vTgRBCBQ#-NcoMXnPAoQ1YnT7ywpwWw

  8. Complete Hacking Tools in Kali Linux:

    Mega Link - https://mega.nz/folder/OShBhKQa#AsIpstxQ_B3At405IbhsfA

  9. The Complete Ethical Hacking Course Beginner to Advanced:

    Mega Link - https://mega.nz/folder/TXpXUSbI#5vS2-RUclbt-kqRumNjyXg

  10. Recon for Ethical Hacking Penetration Testing & Bug Bounty:

    Mega Link - https://mega.nz/folder/CDphRCJB#eBZqSmleyW6Thld_8RbZwQ

You can learn More Languages these are optional but you can try. These will improve your skills.
Do not give more time to these languages (Important are C, Python, SQL, js)

  1. Bash Mastery The Complete Guide to Bash Shell Scripting:

    Mega Link - https://mega.nz/folder/CGBj3S5S#UT2y_zzEcV8MybIEHvhpGQ

  2. Python For Pentesters:

    Mega Link - https://mega.nz/folder/DCRhGKoA#wpRiRdPwtTNeK1cYXYnRQQ

  3. Python 101 for Hackers:

    Mega Link- https://mega.nz/folder/qLBFTaDJ#V3FjAQQdBp7flYKrrF8r3g

  4. Learn Python Programming Masterclass: (Its generic Python classes for programmers)

    Mega Link - https://mega.nz/folder/OKJTFKqa#9txi45qrFK_OgoefYatLPw

Step - 7
Practice your skills here:
Portswigger:(Try to solve all the labs without solutions)
Link - https://portswigger.net/web-security/all-labs

Pentesterlab: Solve all the free labs(want to gain more knowledge, paid is the best option)
https://pentesterlab.com/exercises

Ctfchallenge:
https://ctfchallenge.com/

Over the wire: Best for to understand and to learn more advanced Linux
https://overthewire.org/wargames/

Tryhackme: Try to solve the free labs
https://tryhackme.com/

Post - thecyberworld

Post/content Update by - xa (Hacksnation.com)

Cyber Security, Pentesting & Challenges Resources

Published by On Tidak ada komentar:

Silsilah guru ngaji

 

KH. Akrom Sofwan


SILSILAH GURU NGAJI

(Download)


Nabi Muhammad Shollahu 'Alaihi Wasallam

Abdulloh bin Umar RA.

Syafi’ Maula Abdillah

Al Imam Malik bin Anas

Asy Syaikh Al Imam Al A’zhom Ibn Abdillah bin Idris Asy Syafi’i (Imam Syafi’i)

Imam Abu Ibrohim Ismail bin Yahya Al Mazani 

Imam Abu Al Qosim

Imam Ahmad ibn Umar bin Surej Abu Al Abas Al Baghdadi

Imam Ibrohim Al Maruzi

Imam Abu Bakar Qofal

Abu Abdillah Muhammad Al Juwaeni

Abdul Malik ibn Yusuf bin Muhammad Al Juwaeni (imam Haromain)

Abu Hamid bin Muhammad Al Ghozali Ath Thusiy (imam Ghozali)

Syaikh Muhammad Naisaburi

Imam Kamal Ardabili

Syaikhul Islam Muhyiddin bin Zakarya bin Syarifuddin

Syaikh Hibatulloh Al Baar

Syaikh Abdurrohim Al Quroisyiy

Syaikh Umar Al Bulqini 

Syaikh Solih bin Umar bin Ruslan bin Nasir bin Solih Al Bulqini 

Imam Jalaluddin Muhammad bin Ahmad Al Mahalliy

Abu Yahya Zakarya bin Muhammad bin Ahmad bin Zakarya Al Anshori (Syaikhul Islam Zakarya Al Anshori) 

Syihabuddin bin Ahmad bin Hajar Al Haitamiy (Syaikh Ibn Hajar)

Wajihuddin Abdurrohman bin Ziyad Az Zubaedi

Abdul Aziz Al Mulaibari

Syaikh Zainuddin

Syaikh Abdul Aziz Zamzami

Syaikh Sulaeman Al Babili

Syaikh Ahmad bin Romadlon

Syaikh Sulaeman bin Muhammad bin Umar Al Bujaerimi Al Mishriy

Syaikh Ali Al Wana'i 

Syaikh Muhammad Solih Rois

Syaikh Abdulloh bin Umar

Syaikh Ahmad Zaini Dahlan

Syaikh Muhammad Nawawi Al Bantani 

Syaikh Abu Bakar bin Al Arif Billah As Sayid Muhammad Syatho

Syaikhina Kholil Bangkalan, Madura

KH. Hasyim Asy'ari 

KH. Abdul Karim (Mbah Manab) pondok pesantren Hidayatul Mubtadiin Lirboyo- Kediri

KH. Mahrus Ali (Pengasuh pondok pesantren Hidayatul Mubtadiin, Lirboyo - Kediri)

KH. Akrom Shofwan (Pengasuh pondok pesantren Syafi'i  Akrom, Jenggot, Pekalongan)

Dzul Qurnain




Published by On Tidak ada komentar:
in
Langganan: Postingan (Atom)