André Baptista (@0xacb) on X (original) (raw)
Hacker grinding for L1gh7 and Fr33dφm, straight outta the cosmic realm. Co-founder
- Pinned
DMARC can reveal more domains associated with a target.dmarc.live/info/ allows you to find domains using the same DMARC record. Check it out 👇 There's also a python tool: github.com/Tedixx/dmarc-s…
Found an XSS but got blocked by the CSP?cspbypass.com has a compiled list of ways to bypass the Content-Security Policy. Check out the video below 👇
Just released viewgen, a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys or web.config files. All algorithms supported. TL;DR: Got a web.config file or LFI on ASP.NET? Pop a shell
We did it 🔥 RCE on Steam Client! We’ll publish a writeup if we have permission
Have you used
@rez0__
's ffufai yet? It's like ffuf but ffufai it automatically suggests file extensions for fuzzing based on the target URL and its headers! It's awesome 🔥
This email domain confusion technique from
@garethheyes
is so cool! Some really weird behavior can be found between different mail agents and the right characters/symbols 🤔
Hidden or disabled fields are commonly overlooked, but they can still open the door to some cool bugs. Try creating a bookmarklet to instantly reveal these fields. Here are some quick examples you can copy and paste: 🔖 Enable all disabled or readonly fields:
This
@bishopfox
tool is next level! 🚀 Eyeballer uses AI to analyze screenshots and sorts them into categories based on appearance, including: 👀 Old-looking pages, 👀 Login pages, 👀 404 responses 👀 Web apps 👀 Parked domains Get your eyeballs around this👇
Nginx normalizes paths (/../, %2e, etc.) before applying access rules like: location = /admin { deny all; } But backends like Node.js or PHP handle decoding again, and differently. Requesting /;admin or /admin%2f..%2f might bypass Nginx’s block, but get normalized to /admin by
RFC 2047 "encoded-word" is crazy! It lets you smuggle encoded payloads into email addresses and the craziest thing is that some parsers decode it before validation 👇 Shout out to
@garethheyes
for this 🔥
When testing GraphQL APIs make sure to run graphw00f (github.com/dolevf/graphw0…) to fingerprint the specific GraphQL implementation the application is running. Then you can review the Threat Matrix to get likely attack vectors.