🎯 Live Exploit 🎯 - A CTF & binary exploitation toolkit that automates payload generation, ROP chains, shellcode creation, and crash analysis for exploit development.

Writeup - Easy 130$ Bounty: User to Admin

Like all bug hunters I always hunting. When I was watching youtube or movie my terminal is fuzzing. If I search anything on the internet and if there is a website acting differently, this will add one plus hour to my night shift :). And that night I saw a movie review site then immediately started to check key functions of site like register, login, logout, update profile etc. As you can imagine its very fast process because you expect nothing than a little hint. But this time was different, it was too fast too easy and too good. There is a 3 easy step for this bug and I believe everyone here can execute it but maybe you guys believe that this kinda of bugs are not seen in real life. ( I was thinking same as you until I find this). Lets step up and start. 1- Register and Login Press enter or click to view image in full size This is a normal register request with 3 fields (username,email and password) but host subdomain was api. After successful registration I logged in. And Login...

SubOwner - This tool is designed to check for subdomain takeovers by resolving the CNAME records and verifying them against known vulnerable services.

SubOwner - This tool is designed to check for subdomain takeovers by resolving the CNAME records and verifying them against known vulnerable services. 🔗 https://github.com/ifconfig-me/subowner #bugbounty #bugbountytips

𝐀𝐮𝐭𝐨𝐑𝐞𝐜𝐨𝐧

𝐀𝐮𝐭𝐨𝐑𝐞𝐜𝐨𝐧 AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services. It is intended as a time-saving tool for use in CTFs and other penetration testing environments (e.g. OSCP). It may also be useful in real-world engagements. The tool works by firstly performing port scans / service detection scans. From those initial results, the tool will launch further enumeration scans of those services using a number of different tools. For example, if HTTP is found, feroxbuster will be launched (as well as many others). Everything in the tool is highly configurable. The default configuration performs no automated exploitation to keep the tool in line with OSCP exam rules. If you wish to add automatic exploit tools to the configuration, you do so at your own risk. The author will not be held responsible for negative actions that result from the mis-use of this tool. Disclaimer: While AutoRecon endeavors to perform as much identificat...

🎯 Live Exploit 🎯 - A CTF & binary exploitation toolkit that automates payload generation, ROP chains, shellcode creation, and crash analysis for exploit development.

A CTF & binary exploitation toolkit that automates payload generation, ROP chains, shellcode creation, and crash analysis for exploit development.

🎯 Live Exploit 🎯

A CTF & binary exploitation toolkit that automates payload generation, ROP chains, shellcode creation, and crash analysis for exploit development. It provides an interactive CLI for quick prototyping of exploits in CTFs and security research.
Features:
Sure! Here are just the main points, numbered:
1. Buffer Overflow Payload Generator
2. ROP Chain Generator
3. Format String Exploit
4. Shellcode Generation
5. Fuzzing
6. Crash Detection
7. Memory Dumping
8. Binary Analysis
9. Exploit Execution
10. Heap Exploitation
11. Kernel Exploitation
12. Payload Delivery
13. Reporting
14. Interactive CLI

Git: https://github.com/0-d-a-y/liveexploit

#penetrationtesting #Cybersecurity #cyber #onlinelearning #onlinecoaching #InfoSecTraining #online #technology #datasecurity #clouds #OWASP #pentesting #onlinetraining #EthicalHacking #ComputerScience #onlinecourse #hacked #social #PenetrationTesting #Hacking #Infosec #ctf

#Automated Tools #bug bounty #cyber security

Labels

Report Abuse

Writeup - Easy 130$ Bounty: User to Admin

SubOwner - This tool is designed to check for subdomain takeovers by resolving the CNAME records and verifying them against known vulnerable services.

𝐀𝐮𝐭𝐨𝐑𝐞𝐜𝐨𝐧

NFS-SEC

🎯 Live Exploit 🎯 - A CTF & binary exploitation toolkit that automates payload generation, ROP chains, shellcode creation, and crash analysis for exploit development.

Post a Comment

Shodan Dorks that might useful in Bug Bounty

💳 International Visa Debit Card for free - Grab it Now

🔥Penelope Shell🔥- this tool serves as a replacement for netcat when exploiting RCE vulnerabilities

AUTO IP CHANGER

Mastering FFUF: The Ultimate Web Fuzzing Guide

NFS-SEC