Tutorial Hacking Servidores
https://wiki.acosadores.net/doku.php?id=tutorial:hacking-servidores
#hacking #redes #informática #fuzzing #nmap #curl #seclists #ffuf #feroxbuster #cewl #searchsploit #wpscan #metasploit #grep
Anyone know if there is a version of the "rockyou" password list where each entry is already hashed with sha256? I'm attacking a toy hashing scheme for a #ctf and it would be useful to have it precomputed.
I'm running a script to compute it now but it would be nice if I could use someone else's hard work
Does anyone actually use the User-Agent
wordlists from SecLists that are grouped by OS/platform? Some of these files only contain a single User-Agent
(lol) because apparently LG adds a random string to their UAs. /cc @danielmiessler https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/User-Agents/operating-platform/
#wordlists #seclists
The leaked files from the disclosure https://seclists.org/fulldisclosure/2024/Jun/7 have since been removed from https://developercommunity.visualstudio.com/t/Incorrect-code-generation-on-warbirded-b/10680249. Someone on Reddit (https://www.reddit.com/user/TapAppropriate1458/) posted a direct link to a download from azurewebsites.net that's been taken down now too. The #InternetArchive has the files still at:
https://web.archive.org/web/20240624211440/https://sendvsfeedback2-download.azurewebsites.net/api/fileBlob/file?name=B0cde770200a945109437927ba3fe4d67638537352993712632_ICE_REPRO.zip&tid=0cde770200a945109437927ba3fe4d67638537352993712632
Unfortunately I cannot verify whether those files/the link was the original file or a re-upload. But at least all files within `ICE REPRO.zip/Linker/linkrepro.zip' match the size (in bytes) of the originals as given in the listing on seclists.
The file download from there has the sha256 hash:
d4c1a74f81e5259596466027ebac9f7eb026931c7cef02e5c37d884bbbb7f96f ICE_REPRO.zip
---
In addition, the disclosure notes that the MS symbol server does (STILL ONLINE!) leak the PDB of warbird.dll if requested. A backup has been re-upped here: https://files.catbox.moe/8iz2qk.pdb
Again, the sha256 hash. This has been matched against the original served by the MS symbol server:
2e8b5e0c17b4a4693ed494444f347f22a2eed15bcade18a5ac25d370011f8aa5 warbird.dll.pdb
---
I provide those hashes just for people to be on the safe side while analyzing the files. Keep in mind that accessing those files may be illegal.
#MSRP #leak #SecLists #Microsoft #WarBird #PlayReady #DRM #PDB #Widevine #PlayFair #Piracy
Defense in depth -- the #Microsoft way (part 87): shipping more rotten software to billions of unsuspecting customers https://seclists.org/fulldisclosure/2024/Apr/28
@lattera
#SecLists has a secret-keywords wordlist.
https://github.com/danielmiessler/SecLists/blob/master/Discovery/Variables/secret-keywords.txt
Are you allowed to be proud when your work is included in SecLists? 🥲
#SecLists #pentesting #RedTeam #BugBounty #wordlist #DNS #subdomains #hacking #recon
OWASP Juice Shop - I have just completed this room! Check it out: https://tryhackme.com/room/owaspjuiceshop #tryhackme #juiceshop #burp #OWASP #web #seclists #XSS #SQLi #owaspjuiceshop via @RealTryHackMe