gyanamoitips

  The Windows key + Print Screen:- To take a screenshot on Windows 10 and automatically save the file, press  the Windows key + PrtScn . Your screen will go dim and a screenshot of your entire screen will save to the Screenshots folder. Alt+Print Screen:- To capture only the active window you're working in, press Alt + PrtScn. Using Snipping Tool:- just press the Windows Key + Shift + S.

SQLiDetector:- Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases. Description:- The main idea for the tool is scanning for Error Based SQL Injection by using different payloads like '123 ''123 `123 ")123 "))123 `)123 `))123 '))123 ')123"123 []123 ""123 '"123 "'123 \123 And match for 152 error regex patterns for different databases . How does it work? Use your subdomain grabber script or tools. Pass all collected subdomains to httpx or httprobe to get only live subs. Use your links and URLs tools to grab all waybackurls like waybackurls, gau, gauplus, etc. Use URO tool to filter them and reduce the noise. Grep to get all the links that contain parameters only. You can use Grep or GF tool. Pass the final URLs file to the tool, and it will test them. The...

  Javascript code to decrypt message using crypto js : - data = " IYkyGxYaNgHpnZWgwILMalVFmLWFgTCHCZL9263NOcfSo5lBjAzOZAtF5bF++R0Bi+9c9E+p3VEr/xvj4oABtRWVJ2wlWzLbYC2rKFk5iapFhb7uZCUpO4w4Su3a5QFa2vInjYueziRoqySZd/DpstMJ8rsJ94VGizFFFZ1l0sw1ax+wfBA v5+wHs/hlnHi/ea66KBO3rgXKahvV28h+4bh5etc8RCrmiiNbfg6Oj0jQJDjdYIdW8T9YPOI9E1hih8lbfRnMWcOFJgYekfLpoy5LI525UGnlM46J1k6ekLqsn9FqvbiOOoLgqa4YqBm1i9P0ePyjkME+t+RiL8xXX+ItgOYr9G7kM64wlTJPCW8B/crmUdmGzQNC/hD/u/8wfHBS2f8u6OtQMG/+Kpk1oju8lcUZGI/4S8A6/OuktvQr2zgnbs2aADMrM37Oait/pJ3G73S7NwVT8EaK+X43c0C/fUvW2/bD/rqCNpAh9WQlz4Cj6JHwjbmwuind6aCimF1tHjXuR9FXu+g17sPT4ZkKZ6aeBG+m170XdCGn2hVM0wH1rh3VeCG2u/JFqfuGKGSoqeHeNY/icu9pEhtZDzHd7aPoaMXcWvXC9PjooBf7GM1EPacSdnon1kBobjtKSt1l15DjO5TMrJoX7VO7GotQwo+uI/u5Kop01hBXxyxyggl1/8N0ESohPJoqLDrIwvbGK5kW4B49FVPnx9CMvjZDdSsoxPAh+hx6SPe8Hj0Nx4bRs06cbtOkte/V8QSYIqjiJDleEqPrdiKlvgToZz9L29ZR/3Ln65qU1sq7q9c0SEYxIopV7TdTjFS7y76zDPFZkhzc3DjfLtJo/M1hdtt648APcZdmAIgWH6fh3eJZ0qbiPh8RStYH7I2COmnlMw4+t/B5mlhYVSgwPK2Ir736Mh+P9Bw...

  File Upload General Methodology :- Other useful extensions: PHP: .php, .php2, .php3, .php4, .php5, .php6, .php7, .phps, .phps, .pht, .phtm, .phtml, .pgif, .shtml, .htaccess, .phar, .inc ASP: .asp, .aspx, .config, .ashx, .asmx, .aspq, .axd, .cshtm, .cshtml, .rem, .soap, .vbhtm, .vbhtml, .asa, .cer, .shtml Jsp: .jsp, .jspx, .jsw, .jsv, .jspf, .wss, .do, .action Coldfusion: .cfm, .cfml, .cfc, .dbm Flash: .swf Perl: .pl, .cgi Erlang Yaws Web Server: .yaws Bypass file extensions checks :- Try adding special characters at the end. You could use Burp to bruteforce all the ascii and Unicode characters. (Note that you can also try to use the previously motioned extensions) file.php%20 file.php%0a file.php%00 file.php%0d%0a file.php/ file.php.\ file. file.php.... file.pHp5.... Magic Header Bytes :- PNG : " \x89PNG\r\n\x1a\n\0\0\0\rIHDR\0\0\x03H\0\xs0\x03[ " JPG : " \xff\xd8\xff " From File upload to other vulnerabilities :- Set filename to ../../../tmp/lol.png and try to a...

What is XSS :- Cross-Site Scripting ( XSS ) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. XSS Vulneability Scanner Tool's :- https://github.com/UltimateHackers/XSStrike https://github.com/shawarkhanethicalhacker/BruteXSS http://xss-scanner.com/ https://tools.kali.org/web-applications/xsser Methodology :- Check if any value you control ( parameters , path , headers ?, cookies ?) is being reflected in the HTML or used by JS code. Find the context where it's reflected/used. Reflected values :- In order to successfully exploit a XSS the first thing you need to find...