⛔⛔TRYHACKME ROADMAP⛔⛔
# Level 1 - Intro
- [ ] OpenVPN https://tryhackme.com/room/openvpn
- [ ] Welcome https://tryhackme.com/jr/welcome
- [ ] Intro to Researching https://tryhackme.com/room/introtoresearch
- [ ] Learn Linux https://tryhackme.com/room/zthlinux
- [ ] Crash Course Pentesting https://tryhackme.com/room/ccpentesting
Introductory CTFs to get your feet wet
- [ ] Google Dorking https://tryhackme.com/room/googledorking
- [ ] OHsint https://tryhackme.com/room/ohsint
- [ ] Shodan.io https://tryhackme.com/room/shodan
# Level 2 - Tooling
- [ ] Tmux https://tryhackme.com/room/rptmux
- [ ] Nmap https://tryhackme.com/room/rpnmap
- [ ] Web Scanning https://tryhackme.com/room/rpwebscanning
- [ ] Sublist3r https://tryhackme.com/room/rpsublist3r
- [ ] Metasploit https://tryhackme.com/room/rpmetasploit
- [ ] Hydra https://tryhackme.com/room/hydra
- [ ] Linux Privesc https://tryhackme.com/room/linuxprivesc
- [ ] Web Scanning https://tryhackme.com/room/rpwebscanning
More introductory CTFs
- [ ] Vulnversity - https://tryhackme.com/room/vulnversity
- [ ] Blue - https://tryhackme.com/room/blue
- [ ] Simple CTF https://tryhackme.com/room/easyctf
- [ ] Bounty Hacker https://tryhackme.com/room/cowboyhacker
# Level 3 - Crypto & Hashes with CTF practice
- [ ] Crack the hash https://tryhackme.com/room/crackthehash
- [ ] Agent Sudo https://tryhackme.com/room/agentsudoctf
- [ ] The Cod Caper https://tryhackme.com/room/thecodcaper
- [ ] Ice https://tryhackme.com/room/ice
- [ ] Lazy Admin https://tryhackme.com/room/lazyadmin
- [ ] Basic Pentesting https://tryhackme.com/room/basicpentestingjt
# Level 4 - Web
- [ ] OWASP top 10 https://tryhackme.com/room/owasptop10
- [ ] Inclusion https://tryhackme.com/room/inclusion
- [ ] Injection https://tryhackme.com/room/injection
- [ ] Vulnversity https://tryhackme.com/room/vulnversity
- [ ] Basic Pentesting https://tryhackme.com/room/basicpentestingjt
- [ ] Juiceshop https://tryhackme.com/room/owaspjuiceshop
- [ ] Ignite https://tryhackme.com/room/ignite
- [ ] Overpass https://tryhackme.com/room/overpass
- [ ] Year of the Rabbit https://tryhackme.com/room/yearoftherabbit
- [ ] DevelPy https://tryhackme.com/room/bsidesgtdevelpy
- [ ] Jack of all trades https://tryhackme.com/room/jackofalltrades
- [ ] Bolt https://tryhackme.com/room/bolt
# Level 5 - Reverse Engineering
- [ ] Intro to x86 64 https://tryhackme.com/room/introtox8664
- [ ] CC Ghidra https://tryhackme.com/room/ccghidra
- [ ] CC Radare2 https://tryhackme.com/room/ccradare2
- [ ] CC Steganography https://tryhackme.com/room/ccstego
- [ ] Reverse Engineering https://tryhackme.com/room/reverseengineering
- [ ] Reversing ELF https://tryhackme.com/room/reverselfiles
- [ ] Dumping Router Firmware https://tryhackme.com/room/rfirmware
# Level 6 - PrivEsc
- [ ] Sudo Security Bypass https://tryhackme.com/room/sudovulnsbypass
- [ ] Sudo Buffer Overflow https://tryhackme.com/room/sudovulnsbof
- [ ] Windows Privesc Arena https://tryhackme.com/room/windowsprivescarena
- [ ] Linux Privesc Arena https://tryhackme.com/room/linuxprivescarena
- [ ] Windows Privesc https://tryhackme.com/room/windows10privesc
- [ ] Blaster https://tryhackme.com/room/blaster
- [ ] Ignite https://tryhackme.com/room/ignite
- [ ] Kenobi https://tryhackme.com/room/kenobi
- [ ] Capture the flag https://tryhackme.com/room/c4ptur3th3fl4g
- [ ] Pickle Rick https://tryhackme.com/room/picklerick
# Level 7 - CTF practice
- [ ] Post Exploitation Basics https://tryhackme.com/room/postexploit
- [ ] Smag Grotto https://tryhackme.com/room/smaggrotto
- [ ] Inclusion https://tryhackme.com/room/inclusion
- [ ] Dogcat https://tryhackme.com/room/dogcat
- [ ] LFI basics https://tryhackme.com/room/lfibasics
- [ ] Buffer Overflow Prep https://tryhackme.com/room/bufferoverflowprep
- [ ] Overpass https://tryhackme.com/room/overpass
- [ ] Break out the cage https://tryhackme.com/room/breakoutthecage1
- [ ] Lian Yu https://tryhackme.com/room/lianyu
FROM INTERNET
1)RCE Apache Struts2 remote command execution (S2-045) on [wifi-partner.mtn.com.gh]
https://hackerone.com/reports/1070532
2)DNS Miconfiguration Leads to Subdomain Takeover - max1.liveplan.com
https://hackerone.com/reports/1294492
3)Facebook email disclosure and account takeover
https://rikeshbaniyaaa.medium.com/facebook-email-disclosure-and-account-takeover-ecdb44ee12e9
4)Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling
https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/
5)Host Header Attack
https://mohitkhemchandani.notion.site/mohitkhemchandani/Host-Header-Attack-cfce3d87c67b40e3afd63f33f93ee2ed
6)Multistage WordPress Redirect Kit
https://blog.sucuri.net/2021/09/multistage-wordpress-redirect-kit.html?utm_campaign=Blog%20RSS&utm_medium=email&_hsmi=157340273&_hsenc=p2ANqtz--PZFN11eYwDDRK2WEcAeNO907cw3mfH-BJUUlTS-uMF-onns1YmEJbZ85-zrMSG-VcX78xjUUYFcmbCeoOFSlusA58qw&utm_content=157340273&utm_source=hs_email
7)Can My ISP See If I’m Using a VPN, and Do They Care?
https://www.howtogeek.com/749839/can-my-isp-see-if-im-using-a-vpn-and-do-they-care/
8)TREVORproxy is a SOCKS proxy that round-robins requests through SSH hosts. TREVORspray is a A featureful Python O365 sprayer based on MSOLSpray which uses the Microsoft Graph API
https://github.com/blacklanternsecurity/TREVORspray
9)TIGMINT : Twitter, Instagram and Geo-Tagging Media Intelligence (OSINT)
https://github.com/TIGMINT/TIGMINT
[11:01 AM, 9/11/2021] +91 73106 97236: Join https://t.me/hackingmastert56 for more!
🔰INTRODUCTION TO ARTIFICIAL INTELLIGENCE(AI).🔰
🔺Learn AI by usage of Deep learning ,create powerful AI for Real-World applications,Compete with AI world.🔻
🔗Link : https://mega.nz/folder/wYU1RSgT#wJJ3IExEpgvqDPpaZxZ2nw
[12:13 PM, 9/11/2021] +91 73106 97236: FROM INTERNET
1)RCE Apache Struts2 remote command execution (S2-045) on [wifi-partner.mtn.com.gh]
https://hackerone.com/reports/1070532
2)DNS Miconfiguration Leads to Subdomain Takeover - max1.liveplan.com
https://hackerone.com/reports/1294492
3)Facebook email disclosure and account takeover
https://rikeshbaniyaaa.medium.com/facebook-email-disclosure-and-account-takeover-ecdb44ee12e9
4)Critical Vulnerability in HAProxy (CVE-2021-40346): Integer Overflow Enables HTTP Smuggling
https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/
5)Host Header Attack
https://mohitkhemchandani.notion.site/mohitkhemchandani/Host-Header-Attack-cfce3d87c67b40e3afd63f33f93ee2ed
6)Multistage WordPress Redirect Kit
https://blog.sucuri.net/2021/09/multistage-wordpress-redirect-kit.html?utm_campaign=Blog%20RSS&utm_medium=email&_hsmi=157340273&_hsenc=p2ANqtz--PZFN11eYwDDRK2WEcAeNO907cw3mfH-BJUUlTS-uMF-onns1YmEJbZ85-zrMSG-VcX78xjUUYFcmbCeoOFSlusA58qw&utm_content=157340273&utm_source=hs_email
7)Can My ISP See If I’m Using a VPN, and Do They Care?
https://www.howtogeek.com/749839/can-my-isp-see-if-im-using-a-vpn-and-do-they-care/
8)TREVORproxy is a SOCKS proxy that round-robins requests through SSH hosts. TREVORspray is a A featureful Python O365 sprayer based on MSOLSpray which uses the Microsoft Graph API
https://github.com/blacklanternsecurity/TREVORspray
9)TIGMINT : Twitter, Instagram and Geo-Tagging Media Intelligence (OSINT)
https://github.com/TIGMINT/TIGMINT
https://www.blockchain.com/btc/address/1E6aXv4nvjBNMbkx6jPuK9Qn111DkLVL26
[1:45 AM, 9/12/2021] +91 73106 97236: 🔘🧅 Dark Web: Complete Introduction to the Deep/Dark Web 2021 🧅🔘
What you'll learn :👇
👉Understand the complete working, terminology and be able to have a complete understanding about the Deep/Dark web.
👉To access the Deep web as well as the Dark web with Complete Ease and total security.
👉To visit some advanced and famous websites located on the Hidden Web(Deep and Dark Web).
👉Understanding Working, Trading, Buying, Selling as well as Mining CRYPTOCURRENCIES.
👉About the Dangers as well as precautions to be taken care of while surfing the Web.
👉Use Darknet Email services.
Anonymously access the dark net and TOR hidden services (onion services).
🔗 Course Link : https://mega.nz/folder/ujx00YYS#78mrLFKI6JxWnm8R49aIRA
♻️SHARE AND SUPPORT US♻️
[ 🔰 CYBER SECURITY COURSES🔰
1. Bug Bounty Android Hacking.
2. Bug Bounty Hunting Guide To Advance.
3. Bug Bounty Hunting Offencive.
4. Bug Bounty Web Hacking.
5. CISSP Full Course.
6. Hands On Penetration Testing Labs.
7. Learn Cracking WiFi Password Keys.
8. Learn Python and Ethical Hacking From Scratch.
9. Master in Ethical Hacking with Android.
10. Practical Bug Hunting.
11. Practical Ethical Hacking.
12. Red Team Blueprint.
13. Complete Ethical Hacking.
14. Complete N-Map Course.
15. WiFi Hacking with Kali.
16. Windows Privilege Escalation.
✅ Download Link:: https://drive.google.com/drive/mobile/folders/1q2sOBNU4lPBkwtF1Msl6uCACBV5TUGWD
Share & Support::
Complex OSINT Search Tools
Link:
Https://www.github.com/HOPain/OSINT-Search-Tools
🎩 Metasploit modules for Android 🎩
🎩 Metasploit exploits for Android:
exploit/unix/fileformat/metasploit_msfvenom_apk_template_cmd_injection
exploit/android/fileformat/adobe_reader_pdf_js_interface
exploit/android/browser/stagefright_mp4_tx3g_64bit
exploit/android/browser/samsung_knox_smdm_url
exploit/android/adb/adb_server_exec
exploit/multi/hams/steamed
exploit/android/local/janus
exploit/multi/handler
🎩 Metasploit privilege escalation exploits for Android:
exploit/android/browser/webview_addjavascriptinterface
post/multi/recon/local_exploit_suggester
exploit/multi/local/allwinner_backdoor
exploit/android/local/put_user_vroot
exploit/android/local/futex_requeue
exploit/android/local/binder_uaf
exploit/android/local/su_exec
🎩 Metasploit payloads for Android:
payload/android/meterpreter_reverse_https
payload/android/meterpreter/reverse_https
payload/android/meterpreter_reverse_http
payload/android/meterpreter/reverse_http
payload/android/meterpreter_reverse_tcp
payload/android/meterpreter/reverse_tcp
payload/android/shell/reverse_https
payload/android/shell/reverse_http
payload/android/shell/reverse_tcp
🎩 Metasploit post exploitation modules for Android:
post/multi/gather/enum_software_versions
post/android/manage/remove_lock_root
post/android/manage/remove_lock
post/multi/gather/wlan_geolocate
post/multi/manage/set_wallpaper
post/multi/manage/play_youtube
post/android/gather/wireless_ap
post/android/gather/hashdump
post/multi/manage/autoroute
post/android/gather/sub_info
post/android/capture/screen
post/android/local/koffee
🎩 Metasploit auxiliary modules for Android:
auxiliary/admin/android/google_play_store_uxss_xframe_rce
auxiliary/gather/android_browser_new_tab_cookie_theft
auxiliary/dos/android/android_stock_browser_iframe
auxiliary/gather/android_object_tag_webview_uxss
auxiliary/scanner/http/es_file_explorer_open_port
auxiliary/server/android_browsable_msf_launch
auxiliary/gather/samsung_browser_sop_bypass
auxiliary/gather/android_stock_browser_uxss
auxiliary/gather/android_browser_file_theft
auxiliary/server/android_mercury_parseuri
auxiliary/gather/android_htmlfileprovider
auxiliary/scanner/sip/sipdroid_ext_enum
auxiliary/gather/firefox_pdfjs_file_theft
auxiliary/server/browser_autopwn2
auxiliary/server/browser_autopwn
auxiliary/analyze/crack_mobile
FROM INTERNET
1)Create free Shopify application credits.
https://hackerone.com/reports/1257428
2)Exposing Millions of IRCTC Passengers' ticket details.
https://renganathanofficial.medium.com/exposing-millions-of-irctc-passengers-ticket-details-53338280fb9e
3)$5000 Google IDOR Vulnerability Writeup
https://asterfiester.medium.com/5000-google-idor-vulnerability-writeup-c7b45926abe9
4)$3133.70 Google Dialogflow IDOR Vulnerability
https://asterfiester.medium.com/3133-70-google-dialogflow-idor-vulnerability-7a72771678dd
5)Time-Based SQL Injection with ffuf
https://www.hacktube5.tech/bug-bounty-tips-and-tricks/time-based-sql-injection-with-ffuf/
6)macOS Forensic Artifacts
https://arcpointforensics.com/macos-forensic-artifacts/
7)55 Awesome Helping Websites
https://venomgrills.com/Thread-55-Awesome-Helping-Websites
8)87000 Fortigate Devices VPN Accounts Password Leaked By The Hacker
https://cyberworkx.in/2021/09/11/87000-fortigate-devices-vpn-accounts-password-leaked-by-the-hacker/
TOOLS
🔍 DRUPAL HUNTER EXPLOITATION TOOL 🔍
# --= https://github.com/dr-iman/Drupal-Hunter
⏰ CMS DETECTOR v2 (WP, DUPAL, JOOMLA) ⏰
# --= https://github.com/dr-iman/cms-detector
🧙 WORDPRESS DETECTOR (VULN DORKER) 🧙
# --= https://github.com/dr-iman/Wordpress-detector
📑 PACKET STORM EXPLOIT LIST 📑
# --= https://github.com/BuddhaLabs/PacketStorm-Exploits
⚜️ PHP SHELLS
⚜️
# --= https://github.com/.../shell.../tree/master/shell/php
📁 PHP FILE MANAGER 📁
# --= https://github.com/alexantr/filemanager
🛒 OPENCART BRUTEFORCE AND IMAGE UPLOAD 🛒
# --= https://github.com/indoxploit-coders/opencart-bruteforce
🕸 WEBSHELLS v2 🕸
# --= https://github.com/phpshellxyz/webshell
🎖 MIXED TOOLS (Cpanel Brute, ShellFinder, Symlink Shell, DDoSer) 🎖
# --= https://github.com/incredibleindishell/PHP-web-shells
⚔️ WHMCS KILLER V4 SHELL(Server Root, Domain Resellers, Client Root, CC, Pass, Accs) ⚔️
# --= https://github.com/iamhex/WHMCS-Killer-v4
🥪 Amazon AWS S3 Bucket Enumeration 🥪
# --= https://github.com/0xSearches/sandcastle/
📧 Amazon SMTP Credential Checker 📧
# --= https://github.com/noolep/AWCREC
🔑 Twilio Mass Checker 🔑
# --= https://github.com/noolep/Twilio_Check
🧧 Laravel .env Database Exploit 🧧
# --= https://github.com/security007/laravelExploit
🔫 007 Scanner(Grabber, Admin finder and more) 🔫
# --= https://github.com/security007/007scanner
💥 Laravel Config Exploit 💥
# --= https://github.com/anhaxteam/laravel-config-exploit
✖️ Laravel PHP Unit RCE and Env Exploiter ✖️
# --= https://github.com/.../Laravel-PhpUnit-Rce-And-Get-Env...
0️⃣ Zerobyte's Laravel Exploiter 0️⃣
# --= https://github.com/zerobyte-id-bak/LaravelENV
🕶 DarkSplitz Exploit Framework 🕶
# --= https://github.com/koboi137/darksplitz
🍑 NetAss2 - Network Assessment Assistance Framework 🍑
# --= https://github.com/zerobyte-id-bak/NetAss2
📞 Bashter - Web Scanner & Analyzer 📞
# --= https://github.com/zerobyte-id-bak/Bashter
🥡 Domain Take Over Finder 🥡
# --= https://github.com/zerobyte-id-bak/FinderDomainTakeOver
😎 Sudomy - Subdomain Enumeration & Analysis 😎
# --= https://github.com/Screetsec/Sudomy
🆙 Wordpress Auto Upload Shell in Plugin 🆙
# --= https://github.com/AnonRoz-Team/wp_auto_upshell
🗼Domain to IP [FAST] 🗼
# --= https://github.com/rebl0x3r/domain2ip
🧲 xAttacker - Website Vulnerability Scanner & Auto Exploiter 🧲
# --= https://github.com/moham3driahi/xattacker
💉 SQLI, LFI, XSS and RCE Dorker & Auto Exploiter 💉
# --= https://github.com/.../sqli-lfi-xss-rce-dorker-and-auto...
🦌 Drupal Hunter 🦌
# --= https://github.com/dr-iman/drupal-hunter
💥 Wordpress Exploits (Stored XSS, XML-RPC DDoS, Add Admin, RSS, Login) 💥
# --= https://github.com/shadowz3n/wpexploit
◀️ Revslider Auto Exploiter ◀️
# --= https://github.com/kyo1337/revsliderautoexploiter
🕸 WebDav Mass Exploiter 🕸
# --= https://github.com/kyo1337/Webdav-Mass-Exploiter
🧖 IP Mass Grabber [.exe] 🧖
# --= https://github.com/kyo1337/Mass-IP-Grabbing
🐚 Shell Finder [ Dictionary Attack + Wordlist ]🐚
# --= https://github.com/kyo1337/Shell-Finder
🏔 CMS Detector + Vulnerability Finder (Exploit DB) 🏔
# --= https://github.com/ptonewreckin/cmsdetector
🦾 Advanced CMS Detector (Slow but Exact) 🦾
# --= https://github.com/redhathackers/cms-detector
🖥 RDP Cracker [ BASH + Wordlists ] 🖥
# --= https://github.com/exploit-inters/crackrdp
✔️ TIDoS - The Offensive Manual Web Application Penetration Testing Framework ✔️
# --= https://github.com/exploit-inters/TIDoS-Framework
Cloud Security
1. Azurescape - Cross-Account Container Takeover
in Azure Container Instances
https://unit42.paloaltonetworks.com/azure-container-instances
2. IAM Vulnerable - An AWS IAM Privilege Escalation Playground
https://labs.bishopfox.com/tech-blog/iam-vulnerable-an-aws-iam-privilege-escalation-playground
Red Team Tactics
1. JDBC Connection URL Attack
https://su18.org/post/jdbc-connection-url-attack
2. IP-Board Stored XSS to RCE Chain
https://ssd-disclosure.com/ssd-advisory-ip-board-stored-xss-to-rce-chain
3. Attacking Google Chrome's Strict Site Isolation via Speculative Execution and Type Confusion
https://www.spookjs.com
Offensive security
A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization😁
https://github.com/frohoff/ysoserial
exploit
Full PoC with cab creation for CVE-2021-40444
https://github.com/lockedbyte/CVE-2021-40444
]-> https://github.com/Udyz/CVE-2021-40444-Sample/blob/main/poc.html
FROM INTERNET
1)Story of my first bounty by a low hanging fruit
https://medium.com/@liferacer333/story-of-my-first-bounty-by-a-low-hanging-fruit-9b5cfef1bd89
2)iOS Wi-Fi Demon: From iOS Format String to Zero-Click RCE
https://ictexpertsluxembourg.lu/technical-corner/ios-wi-fi-demon-from-ios-format-string-to-zero-click-rce/
3)How the Windows Firewall RPC Filter Works
https://www.tiraniddo.dev/2021/08/how-windows-firewall-rpc-filter-works.html
4)PID In Linux
https://www.kumaratuljaiswal.in/2021/09/pid-in-linux.html?m=1
5)Vulnerability Summary for the Week of September 6, 2021
https://us-cert.cisa.gov/ncas/bulletins/sb21-256
6)A Phishing Guide: Lessons Learned on the Journey to Detecting Phishing Domains
https://medium.com/security-analytics/a-phishing-guide-lessons-learned-on-the-journey-to-detecting-phishing-domains-816ec21e5f7a
7)SOME PDFS
https://drive.google.com/drive/folders/12Mvq6kE2HJDwN2CZhEGWizyWt87YunkU
