2 months ago
Get the blue badge forever (for now) on X just spend ad $5
For any account that runs advertisements, you must spend at least $5. Once your advertisement has been halted, you must simply wait until X gives you a complimentary badge (about 1-2 day) . After that, you are able to close the advertisement, and you will receive the complimentary blue badge.
This work when your account not currently subscribed to premium.
Note: I say forever because I have try 6 month and the badge not lost. (for now)
For any account that runs advertisements, you must spend at least $5. Once your advertisement has been halted, you must simply wait until X gives you a complimentary badge (about 1-2 day) . After that, you are able to close the advertisement, and you will receive the complimentary blue badge.
This work when your account not currently subscribed to premium.
Note: I say forever because I have try 6 month and the badge not lost. (for now)
2 months ago
2 months ago
IF YOU GET 2FA ON YAHOO HERE IS HOW TO BYPASS IT:
How to login on IPhone/PC :
👍Download Edison Mail
👍Press others it’s going to be a little icon all the way at the bottom right it will literally say “Other” just press that and login with the info provided
👍Watch this video : https://imgur.com/a/QaPOMA...
👍After you login look around for anything valuable example , uber , target , Walmart so many things to look for just simply reset pass for these specific shops and go in and hit whatever you want it’s that simple
♾Ads: This method brought to you by Scarletta buy the spamming class to spam your own bank logs 🔛
How to login on Android:
👍Download bluemail app
👍Click add account
👍Click 'Other Email' option
👍Sign in with email and the app pass
How to login on PC:
👍First download bluestacks ( it’s basically an android on computer could download it on mac any computer works)
👍Then download the app “BlueMail”
👍Then press other emails
👍Sign in with email and app pass that it comes with screen record showing you how to login step by step : https://imgur.com/a/vfxxqO...
How to login on IPhone/PC :
👍Download Edison Mail
👍Press others it’s going to be a little icon all the way at the bottom right it will literally say “Other” just press that and login with the info provided
👍Watch this video : https://imgur.com/a/QaPOMA...
👍After you login look around for anything valuable example , uber , target , Walmart so many things to look for just simply reset pass for these specific shops and go in and hit whatever you want it’s that simple
♾Ads: This method brought to you by Scarletta buy the spamming class to spam your own bank logs 🔛
How to login on Android:
👍Download bluemail app
👍Click add account
👍Click 'Other Email' option
👍Sign in with email and the app pass
How to login on PC:
👍First download bluestacks ( it’s basically an android on computer could download it on mac any computer works)
👍Then download the app “BlueMail”
👍Then press other emails
👍Sign in with email and app pass that it comes with screen record showing you how to login step by step : https://imgur.com/a/vfxxqO...
Imgur: The magic of the Internet
Discover the magic of the internet at Imgur, a community powered entertainment destination. Lift your spirits with funny jokes, trending memes, entertaining gifs, inspiring stories, viral videos, and so much more from users.
https://imgur.com/a/QaPOMAE
2 months ago
CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS
GitHub - TanveerS1ngh/Chamilo-LMS-CVE-2023-4220-Exploit: Refurbish Chamilo LMS CVE-2023-4220 exploit written in bash
Refurbish Chamilo LMS CVE-2023-4220 exploit written in bash - TanveerS1ngh/Chamilo-LMS-CVE-2023-4220-Exploit
https://github.com/TanveerS1ngh/Chamilo-LMS-CVE-2023-4220-Exploit
2 months ago
GitHub - TanveerS1ngh/Pluck-CMS-v4.7.18-Remote-Code-Execution-CVE-2023-50564-: Refurbish exploit in bash
Refurbish exploit in bash. Contribute to TanveerS1ngh/Pluck-CMS-v4.7.18-Remote-Code-Execution-CVE-2023-50564- development by creating an account on GitHub.
https://github.com/TanveerS1ngh/Pluck-CMS-v4.7.18-Remote-Code-Execution-CVE-2023-50564-
2 months ago
GitHub - TanveerS1ngh/SQLPad-6.10.0-Exploit-CVE-2022-0944: Refurbish
Refurbish. Contribute to TanveerS1ngh/SQLPad-6.10.0-Exploit-CVE-2022-0944 development by creating an account on GitHub.
https://github.com/TanveerS1ngh/SQLPad-6.10.0-Exploit-CVE-2022-0944
2 months ago
CVE-2023-41425
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
Github link:
https://github.com/Tanveer...
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
Github link:
https://github.com/Tanveer...
GitHub - TanveerS1ngh/WonderCMS-4.3.2-XSS-to-RCE-Exploits-CVE-2023-41425: CVE-2023-41425 Refurbish
CVE-2023-41425 Refurbish. Contribute to TanveerS1ngh/WonderCMS-4.3.2-XSS-to-RCE-Exploits-CVE-2023-41425 development by creating an account on GitHub.
https://github.com/TanveerS1ngh/WonderCMS-4.3.2-XSS-to-RCE-Exploits-CVE-2023-41425
2 months ago
zgimszhd61/CVE-2024-23114 · GitHub
Repository for CVE-2024-23113. Contribute to zgimszhd61/CVE-2024-23114 development by creating an account on GitHub.
https://github.com/zgimszhd61/CVE-2024-23114
2 months ago
GitHub - MarioTesoro/CVE-2024-48569: Proof of concept of multiple Stored Cross-Site Scripting (XSS) vulnerabilities discovered in ACI Worldwide Proactive Risk M..
Proof of concept of multiple Stored Cross-Site Scripting (XSS) vulnerabilities discovered in ACI Worldwide Proactive Risk Manager v 9.1.1.0 - MarioTesoro/CVE-2024-48569
https://github.com/MarioTesoro/CVE-2024-48569
2 months ago
A vulnerability, which was classified as problematic, was found in PHPGurukul Vehicle Record System 1.0. This affects an unknown part of the file /admin/edit-brand.php. The manipulation of the argument Brand Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The in
CVE/phpgurukul_vehicle_record_system_edit_brand_xss.md at main · jadu101/CVE · GitHub
Contribute to jadu101/CVE development by creating an account on GitHub.
https://github.com/jadu101/CVE/blob/main/phpgurukul_vehicle_record_system_edit_brand_xss.md
2 months ago
🕵️♂️ MetaDetective
Unleash Metadata Intelligence with MetaDetective.
Bridging the chasm in metadata extraction and analysis.
Link : https://github.com/franckf...
Unleash Metadata Intelligence with MetaDetective.
Bridging the chasm in metadata extraction and analysis.
Link : https://github.com/franckf...
2 months ago
Hive Swapper! Most advanced Skin Changer for Fortnite! One of the best Fortnite Skin Swapper you can get! Download Now for 100% Free!
👉 Not Tested yet!
https://mega.nz/file/Bag2i...
#Fortnite
👉 Not Tested yet!
https://mega.nz/file/Bag2i...
#Fortnite
2 months ago
2 months ago
Get the blue badge forever on X / TWITTER 🔥
Get the blue badge forever (for now) on X just spend ad $5
For any account that runs advertisements, you must spend at least $5. Once your advertisement has been halted, you must simply wait until X gives you a complimentary badge (about 1-2 day) . After that, you are able to close the advertisement, and you
Get the blue badge forever (for now) on X just spend ad $5
For any account that runs advertisements, you must spend at least $5. Once your advertisement has been halted, you must simply wait until X gives you a complimentary badge (about 1-2 day) . After that, you are able to close the advertisement, and you
2 months ago
CVE-2019-9053
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Github link:
https://github.com/louisth...
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Github link:
https://github.com/louisth...
GitHub - louisthedonothing/CVE-2019-9053: CVE-2019-9053 rewritten in python3 to fix broken syntax. Affects CMS made simple <2.2.10
CVE-2019-9053 rewritten in python3 to fix broken syntax. Affects CMS made simple <2.2.10 - louisthedonothing/CVE-2019-9053
https://github.com/louisthedonothing/CVE-2019-9053
2 months ago
Some Netflix hits 🔥
9990990051:CrimePartners0903 | Profile_Name = Kratos | VideoQuality = UHD | MaxStream = 4 | country = India | Member_Since = May,2022 | NextBillingDate = 2024/10/27 | Status = CURRENT_MEMBER
sukheshgirigmail.com:Sukhi2008 | Profile_Name = Girisha | VideoQuality = HD | MaxStream = 2 | country = India | Member_Since = December,2023 | Status = CURRENT_MEMBER | PaymentMethod = RELIANCE_JIO_PI_BILLED
jainil2558ccis.edu.in:cosmoscastla | Profile_Name = Jainil2558 | VideoQuality = SD | MaxStream = 1 | country = India | Member_Since = October,2024 | NextBillingDate = 2024/11/10 | Status = CURRENT_MEMBER
ashis.chakraborttygmail.com:ADITYA | Profile_Name = ashis_9991 | VideoQuality = UHD | MaxStream = 4 | country = India | Member_Since = September,2022 | NextBillingDate = 2024/10/24 | Status = CURRENT_MEMBER | PaymentMethod = UPI
harshay2007gmail.com:Netflix123 | Profile_Name = . | VideoQuality = UHD | MaxStream = 4 | country = India | Member_Since = July,2019 | NextBillingDate = 2024/10/30 | Status = CURRENT_MEMBER | PaymentMethod = CC
8718813040:sac99498 | Profile_Name = Sachin | VideoQuality = UHD | MaxStream = 4 | country = India | Member_Since = August,2024 | NextBillingDate = 2024/11/14 | Status = CURRENT_MEMBER | PaymentMethod = UPI
8554872491:bangalore22 | Profile_Name = Manasa | VideoQuality = UHD | MaxStream = 4 | country = India | Member_Since = May,2018 | NextBillingDate = 2024/10/23 | Status = CURRENT_MEMBER | PaymentMethod = UPI
gagans_chdyahoo.com:NimishChawla | Profile_Name = Gagandeep | VideoQuality = UHD | MaxStream = 4 | country = India | Member_Since = January,2022 | NextBillingDate = 2024/10/28 | Status = CURRENT_MEMBER | PaymentMethod = CC
sriinfotechonlinegmail.com:msd1832011 | Profile_Name = Rajendra | VideoQuality = UHD | MaxStream = 4 | country = India | Member_Since = September,2022 | NextBillingDate = 2024/10/26 | Status = CURRENT_MEMBER | PaymentMethod = CC
9677031343:Mashaallah@1 | Profile_Name = jaffry1234 | VideoQuality = HD720p | MaxStream = 1 | country = India | Member_Since = October,2024 | NextBillingDate = 2024/11/04 | Status = CURRENT_MEMBER | PaymentMethod = UPI
pallavikhurana1990gmail.com:mummykahahai | Profile_Name = Tanvi | VideoQuality = UHD | MaxStream = 4 | country = India | Member_Since = December,2018 | NextBillingDate = 2024/11/19 | Status = CURRENT_MEMBER | PaymentMethod = UPI
diasjoshna31gmail.com:bahraingoa | Profile_Name = Joshna | VideoQuality = HD720p | MaxStream = 1 | country = India | Member_Since = May,2021 | NextBillingDate = 2024/11/03 | Status = CURRENT_MEMBER | PaymentMethod = CC
anubratomgmail.com:k/XWe+KsBQ.?3Bi | Profile_Name = Anubrato | VideoQuality = HD | MaxStream = 2 | country = India | Member_Since = October,2023 | NextBillingDate = 2024/10/25 | Status = CURRENT_MEMBER | PaymentMethod = UPI
Asifjawed987gmail.com:Rashid727572 | Profile_Name = Asif jawed | VideoQuality = UHD | MaxStream = 4 | country = India | Member_Since = October,2021 | NextBillingDate = 2024/11/16 | Status = CURRENT_MEMBER | PaymentMethod = UPI
soubaanrimsgmail.com:ldpl2007 | Profile_Name = Soubaan | VideoQuality = UHD | MaxStream = 4 | country = India | Member_Since = August,2024 | NextBillingDate = 2024/11/05 | Status = CURRENT_MEMBER | PaymentMethod = CC
9966513000:Meena1300 | Profile_Name = Sanjana | VideoQuality = UHD | MaxStream = 4 | country = India | Member_Since = June,2019 | NextBillingDate = 2024/10/26 | Status = CURRENT_MEMBER | PaymentMethod = CC
pawankk000gmail.com:Doriwal0060 | Profile_Name = Pawan | VideoQuality = HD | MaxStream = 2 | country = India | Member_Since = September,2024 | NextBillingDate = 2024/11/01 | Status = CURRENT_MEMBER | PaymentMethod = UPI
9990990051:CrimePartners0903 | Profile_Name = Kratos | VideoQuality = UHD | MaxStream = 4 | country = India | Member_Since = May,2022 | NextBillingDate = 2024/10/27 | Status = CURRENT_MEMBER
sukheshgirigmail.com:Sukhi2008 | Profile_Name = Girisha | VideoQuality = HD | MaxStream = 2 | country = India | Member_Since = December,2023 | Status = CURRENT_MEMBER | PaymentMethod = RELIANCE_JIO_PI_BILLED
jainil2558ccis.edu.in:cosmoscastla | Profile_Name = Jainil2558 | VideoQuality = SD | MaxStream = 1 | country = India | Member_Since = October,2024 | NextBillingDate = 2024/11/10 | Status = CURRENT_MEMBER
ashis.chakraborttygmail.com:ADITYA | Profile_Name = ashis_9991 | VideoQuality = UHD | MaxStream = 4 | country = India | Member_Since = September,2022 | NextBillingDate = 2024/10/24 | Status = CURRENT_MEMBER | PaymentMethod = UPI
harshay2007gmail.com:Netflix123 | Profile_Name = . | VideoQuality = UHD | MaxStream = 4 | country = India | Member_Since = July,2019 | NextBillingDate = 2024/10/30 | Status = CURRENT_MEMBER | PaymentMethod = CC
8718813040:sac99498 | Profile_Name = Sachin | VideoQuality = UHD | MaxStream = 4 | country = India | Member_Since = August,2024 | NextBillingDate = 2024/11/14 | Status = CURRENT_MEMBER | PaymentMethod = UPI
8554872491:bangalore22 | Profile_Name = Manasa | VideoQuality = UHD | MaxStream = 4 | country = India | Member_Since = May,2018 | NextBillingDate = 2024/10/23 | Status = CURRENT_MEMBER | PaymentMethod = UPI
gagans_chdyahoo.com:NimishChawla | Profile_Name = Gagandeep | VideoQuality = UHD | MaxStream = 4 | country = India | Member_Since = January,2022 | NextBillingDate = 2024/10/28 | Status = CURRENT_MEMBER | PaymentMethod = CC
sriinfotechonlinegmail.com:msd1832011 | Profile_Name = Rajendra | VideoQuality = UHD | MaxStream = 4 | country = India | Member_Since = September,2022 | NextBillingDate = 2024/10/26 | Status = CURRENT_MEMBER | PaymentMethod = CC
9677031343:Mashaallah@1 | Profile_Name = jaffry1234 | VideoQuality = HD720p | MaxStream = 1 | country = India | Member_Since = October,2024 | NextBillingDate = 2024/11/04 | Status = CURRENT_MEMBER | PaymentMethod = UPI
pallavikhurana1990gmail.com:mummykahahai | Profile_Name = Tanvi | VideoQuality = UHD | MaxStream = 4 | country = India | Member_Since = December,2018 | NextBillingDate = 2024/11/19 | Status = CURRENT_MEMBER | PaymentMethod = UPI
diasjoshna31gmail.com:bahraingoa | Profile_Name = Joshna | VideoQuality = HD720p | MaxStream = 1 | country = India | Member_Since = May,2021 | NextBillingDate = 2024/11/03 | Status = CURRENT_MEMBER | PaymentMethod = CC
anubratomgmail.com:k/XWe+KsBQ.?3Bi | Profile_Name = Anubrato | VideoQuality = HD | MaxStream = 2 | country = India | Member_Since = October,2023 | NextBillingDate = 2024/10/25 | Status = CURRENT_MEMBER | PaymentMethod = UPI
Asifjawed987gmail.com:Rashid727572 | Profile_Name = Asif jawed | VideoQuality = UHD | MaxStream = 4 | country = India | Member_Since = October,2021 | NextBillingDate = 2024/11/16 | Status = CURRENT_MEMBER | PaymentMethod = UPI
soubaanrimsgmail.com:ldpl2007 | Profile_Name = Soubaan | VideoQuality = UHD | MaxStream = 4 | country = India | Member_Since = August,2024 | NextBillingDate = 2024/11/05 | Status = CURRENT_MEMBER | PaymentMethod = CC
9966513000:Meena1300 | Profile_Name = Sanjana | VideoQuality = UHD | MaxStream = 4 | country = India | Member_Since = June,2019 | NextBillingDate = 2024/10/26 | Status = CURRENT_MEMBER | PaymentMethod = CC
pawankk000gmail.com:Doriwal0060 | Profile_Name = Pawan | VideoQuality = HD | MaxStream = 2 | country = India | Member_Since = September,2024 | NextBillingDate = 2024/11/01 | Status = CURRENT_MEMBER | PaymentMethod = UPI
2 months ago
Exploring Security Vulnerabilities in HTB's Chemistry CTF
In this Capture the Flag (CTF) challenge from Hack The Box, we tackled the “Chemistry” box, where reconnaissance played a pivotal role. Here’s an overview of the methodology used to exploit the vulnerabilities.
Recon and Initial Findings
Using Nmap, we discovered open ports—22 (SSH) and 5000, a Python-based web server using Werkzeug. Port 5000 hosted a “Chemistry CIF Analyzer” web application, enabling CIF (Crystallographic Information File) uploads for structure analysis. CIF files store crystal structure data, and handling them securely is crucial.
Upload Testing and CIF Analysis
We tested the upload functionality by uploading a sample CIF file, which returned a 404 error but hinted at a server path /structure. This behavior suggested a possible CIF parsing vulnerability using the pymatgen library. Outdated versions of Werkzeug and Python increased the likelihood of security flaws.
Exploitation via Deserialization and CIF Structure
Using a deserialization exploit in pymatgen, we crafted a malicious CIF file, embedding a reverse shell payload. This approach leveraged the server’s vulnerable parsing mechanisms. By executing the payload, we gained access to a low-privilege shell.
Hash Cracking and Privilege Escalation
Further exploration revealed an MD5-hashed database containing user credentials. Using hash-cracking tools, we obtained plaintext passwords, granting SSH access to the “rosa” user. From there, tunneling enabled us to exploit another service running on port 8080, where aiohttp, an outdated Python asynchronous server framework, revealed a directory traversal vulnerability (CVE-2024-23334). This allowed us to escalate privileges and access sensitive files.
Conclusion
This CTF highlighted critical security aspects: outdated dependencies, deserialization flaws, and improper file handling can expose applications to severe vulnerabilities. Continuous updates, secure file parsing practices, and dependency management are essential in safeguarding applications from these threats.
#hackthebox
In this Capture the Flag (CTF) challenge from Hack The Box, we tackled the “Chemistry” box, where reconnaissance played a pivotal role. Here’s an overview of the methodology used to exploit the vulnerabilities.
Recon and Initial Findings
Using Nmap, we discovered open ports—22 (SSH) and 5000, a Python-based web server using Werkzeug. Port 5000 hosted a “Chemistry CIF Analyzer” web application, enabling CIF (Crystallographic Information File) uploads for structure analysis. CIF files store crystal structure data, and handling them securely is crucial.
Upload Testing and CIF Analysis
We tested the upload functionality by uploading a sample CIF file, which returned a 404 error but hinted at a server path /structure. This behavior suggested a possible CIF parsing vulnerability using the pymatgen library. Outdated versions of Werkzeug and Python increased the likelihood of security flaws.
Exploitation via Deserialization and CIF Structure
Using a deserialization exploit in pymatgen, we crafted a malicious CIF file, embedding a reverse shell payload. This approach leveraged the server’s vulnerable parsing mechanisms. By executing the payload, we gained access to a low-privilege shell.
Hash Cracking and Privilege Escalation
Further exploration revealed an MD5-hashed database containing user credentials. Using hash-cracking tools, we obtained plaintext passwords, granting SSH access to the “rosa” user. From there, tunneling enabled us to exploit another service running on port 8080, where aiohttp, an outdated Python asynchronous server framework, revealed a directory traversal vulnerability (CVE-2024-23334). This allowed us to escalate privileges and access sensitive files.
Conclusion
This CTF highlighted critical security aspects: outdated dependencies, deserialization flaws, and improper file handling can expose applications to severe vulnerabilities. Continuous updates, secure file parsing practices, and dependency management are essential in safeguarding applications from these threats.
#hackthebox
2 months ago
GitHub - 0xflux/rust_shellcode: Pipeline for creating shellcode from a nostd rust project.
Pipeline for creating shellcode from a nostd rust project. - 0xflux/rust_shellcode
https://github.com/0xflux/rust_shellcode
2 months ago
Sounds interesting! Look what I found mwehwhe.
https://github.com/cr-0w/m...
https://github.com/cr-0w/m...
GitHub - cr-0w/maldev: ⚠️ malware development
⚠️ malware development. Contribute to cr-0w/maldev development by creating an account on GitHub.
https://github.com/cr-0w/maldev
2 months ago
🚨 Possible Gap Factory Data Breach 🚨
Reports indicate that Gap Factory may have experienced a serious data breach, potentially exposing personal information, including SSNs, addresses, emails, and more. Hackers reportedly accessed the company’s servers and compromised sensitive data.
If this affects you, it might be a good time to monitor your accounts and be cautious of any unusual activity or phishing attempts. Stay safe online, everyone!
Reports indicate that Gap Factory may have experienced a serious data breach, potentially exposing personal information, including SSNs, addresses, emails, and more. Hackers reportedly accessed the company’s servers and compromised sensitive data.
If this affects you, it might be a good time to monitor your accounts and be cautious of any unusual activity or phishing attempts. Stay safe online, everyone!
Sponsored by
Zed Underson
2 months ago
Learn and earn over $5,000
Learn and earn over $5,000 start today!
