🔥Penelope Shell🔥- this tool serves as a replacement for netcat when exploiting RCE vulnerabilities

Writeup - Easy 130$ Bounty: User to Admin

Like all bug hunters I always hunting. When I was watching youtube or movie my terminal is fuzzing. If I search anything on the internet and if there is a website acting differently, this will add one plus hour to my night shift :). And that night I saw a movie review site then immediately started to check key functions of site like register, login, logout, update profile etc. As you can imagine its very fast process because you expect nothing than a little hint. But this time was different, it was too fast too easy and too good. There is a 3 easy step for this bug and I believe everyone here can execute it but maybe you guys believe that this kinda of bugs are not seen in real life. ( I was thinking same as you until I find this). Lets step up and start. 1- Register and Login Press enter or click to view image in full size This is a normal register request with 3 fields (username,email and password) but host subdomain was api. After successful registration I logged in. And Login...

SubOwner - This tool is designed to check for subdomain takeovers by resolving the CNAME records and verifying them against known vulnerable services.

SubOwner - This tool is designed to check for subdomain takeovers by resolving the CNAME records and verifying them against known vulnerable services. 🔗 https://github.com/ifconfig-me/subowner #bugbounty #bugbountytips

𝐀𝐮𝐭𝐨𝐑𝐞𝐜𝐨𝐧

𝐀𝐮𝐭𝐨𝐑𝐞𝐜𝐨𝐧 AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services. It is intended as a time-saving tool for use in CTFs and other penetration testing environments (e.g. OSCP). It may also be useful in real-world engagements. The tool works by firstly performing port scans / service detection scans. From those initial results, the tool will launch further enumeration scans of those services using a number of different tools. For example, if HTTP is found, feroxbuster will be launched (as well as many others). Everything in the tool is highly configurable. The default configuration performs no automated exploitation to keep the tool in line with OSCP exam rules. If you wish to add automatic exploit tools to the configuration, you do so at your own risk. The author will not be held responsible for negative actions that result from the mis-use of this tool. Disclaimer: While AutoRecon endeavors to perform as much identificat...

🔥Penelope Shell🔥- this tool serves as a replacement for netcat when exploiting RCE vulnerabilities

🔥Penelope Shell🔥

Designed for ease of use, this tool serves as a replacement for netcat when exploiting RCE vulnerabilities. It supports Linux and macOS and requires Python 3.6 or later.

Features:

1. Remote port forwarding

2. SOCKS & HTTP proxy

3. Persistence modules

4. Team server

5. Currently, `spawn`, `script`, and `portfwd` commands are supported only on Unix shells. These need to be implemented for Windows shells as well.

6. An option to disable all logging, not just session logging.

7. Main menu autocompletion for short commands.

8. Download/upload autocompletion.

9. IPv6 support.

10. Encryption.

11. UDP support.

⚠️This project was created for educational purposes and should not be used in environments without legal authorization.

🔗 https://github.com/brightio/penelope

#cyber #CyberMonday #cybermonday #Cybersecurity #cybersecurity #cybersecurityawareness #infosec #infosecurity #infosecnews #infosecurity #InfoSecTraining #infosecuritytips #online #onlinelearning #onlinecoaching

#bug bounty #cyber security #infosec

Labels

Report Abuse

Writeup - Easy 130$ Bounty: User to Admin

SubOwner - This tool is designed to check for subdomain takeovers by resolving the CNAME records and verifying them against known vulnerable services.

𝐀𝐮𝐭𝐨𝐑𝐞𝐜𝐨𝐧

NFS-SEC

🔥Penelope Shell🔥- this tool serves as a replacement for netcat when exploiting RCE vulnerabilities

Post a Comment

Shodan Dorks that might useful in Bug Bounty

💳 International Visa Debit Card for free - Grab it Now

AUTO IP CHANGER

Mastering FFUF: The Ultimate Web Fuzzing Guide

NFS-SEC