Канал: OU MUAMUA SEC TOOLS

Intigriti 1021 – XSS Challenge - Medium

Intigriti 1021 – XSS Challenge - Medium

Alert 1 to win: A series of XSS challenges

Alert 1 to win: A series of XSS challenges

How to find subdomains with Sublist3r

How to find subdomains with Sublist3r

Use Burp Suite with wordlists of Kali to do fuzzing for SQLi, File Traversal,etc

Use Burp Suite with wordlists of Kali to do fuzzing for SQLi, File Traversal,etc

XSS-GAME: You are entering the XSS game area 1-6 by google

XSS-GAME: You are entering the XSS game area 1-6 by google

How to install and use SQLi Labs

How to install and use SQLi Labs

How to use VPNBook with OpenVPN in Kali

How to use VPNBook with OpenVPN in Kali

How to install browser Tor in KALI

How to install browser Tor in KALI

How to use hash-identifier and hashcat to decode diferents hashes

How to use hash-identifier and hashcat to decode diferents hashes

Exercises of XSS in BRUTELOGIC (1-10)- PART 1 of 3

Exercises of XSS in BRUTELOGIC (1-10)- PART 1 of 3

Exercises of XSS in BRUTELOGIC (11-20)- PART 2 of 3

Exercises of XSS in BRUTELOGIC (11-20)- PART 2 of 3

Exercises of XSS in Prompt(1) to win 0x00 to 0x09

Exercises of XSS in Prompt(1) to win 0x00 to 0x09

Install and use of XSStrike to find XSS vulnerabilities

Install and use of XSStrike to find XSS vulnerabilities

SQL INJECTION FUNDAMENTALS HTB # 3 - Skills Assessment

SQL INJECTION FUNDAMENTALS HTB # 3 - Skills Assessment

FILE INCLUSION / DIRECTORY TRAVERSAL HTB

FILE INCLUSION / DIRECTORY TRAVERSAL HTB

GETTING STARTED - HTB - 2

GETTING STARTED - HTB - 2

Getting Started HTB

Getting Started HTB

JAVASCRIPT DEOBFUSCATION HTB

JAVASCRIPT DEOBFUSCATION HTB

Web Request - HTB

Web Request - HTB

LINUX FUNDAMENTALS HTB

LINUX FUNDAMENTALS HTB

SQL INJECTION FUNDAMENTALS - HTB # 1

SQL INJECTION FUNDAMENTALS - HTB # 1

SQL INJECTION FUNDAMENTALS - HTB # 2

SQL INJECTION FUNDAMENTALS - HTB # 2

Configuración OBS Studio: como Recortar Pantalla, Atajos y Audio (2021)

Configuración OBS Studio: como Recortar Pantalla, Atajos y Audio (2021)

Instalación Android 9 en VirtualBox (2021)

Instalación Android 9 en VirtualBox (2021)

Lab Blind SQL injection with conditional responses

Lab Blind SQL injection with conditional responses

Lab SQL injection attack, listing the database contents on non Oracle databases

Lab SQL injection attack, listing the database contents on non Oracle databases

Lab Blind SQL injection with conditional errors

Lab Blind SQL injection with conditional errors

Lab Blind SQL injection with time delays and information retrieval

Lab Blind SQL injection with time delays and information retrieval

Lab Reflected XSS with some SVG markup allowed

Lab Reflected XSS with some SVG markup allowed

Lab Forced OAuth profile linking

Lab Stored XSS into anchor href attribute with double quotes HTML encoded

Lab Stored XSS into anchor href attribute with double quotes HTML encoded

Lab Reflected XSS into a JavaScript string with angle brackets and double quotes HTML encoded and

Lab Reflected XSS into a JavaScript string with angle brackets and double quotes HTML encoded and

Lab Reflected XSS into a JavaScript string with single quote and backslash escaped

Lab Reflected XSS into a JavaScript string with single quote and backslash escaped

Lab Reflected XSS into a JavaScript string with angle brackets HTML encoded

Lab Reflected XSS into a JavaScript string with angle brackets HTML encoded

Lab Reflected XSS into HTML context with all tags blocked except custom ones

Lab Reflected XSS into HTML context with all tags blocked except custom ones

Lab Reflected XSS into attribute with angle brackets HTML encoded

Lab Reflected XSS into attribute with angle brackets HTML encoded

Lab Stored XSS into HTML context with nothing encoded

Lab Stored XSS into HTML context with nothing encoded

Lab Reflected XSS in canonical link tag

Lab Reflected XSS in canonical link tag

Lab Reflected XSS into HTML context with nothing encoded

Lab Reflected XSS into HTML context with nothing encoded

Lab Exploiting Ruby deserialization using a documented gadget chain

Lab Exploiting Ruby deserialization using a documented gadget chain

Lab Exploiting PHP deserialization with a pre built gadget chain

Lab Exploiting PHP deserialization with a pre built gadget chain

Lab Exploiting Java deserialization with Apache Commons

Lab Exploiting Java deserialization with Apache Commons

Instalación Firefox Developer en KALI

Instalación Firefox Developer en KALI

Lab Stealing OAuth access tokens via an open redirect

Lab Stealing OAuth access tokens via an open redirect

Lab Stealing OAuth access tokens via a proxy page

Lab Stealing OAuth access tokens via a proxy page

Lab Exploiting HTTP request smuggling to perform web cache poisoning

Lab Exploiting HTTP request smuggling to perform web cache poisoning

Lab Exploiting HTTP request smuggling to perform web cache deception

Lab Exploiting HTTP request smuggling to perform web cache deception

Lab Exploiting HTTP request smuggling to deliver reflected XSS

Lab Exploiting HTTP request smuggling to deliver reflected XSS

Lab Exploiting HTTP request smuggling to capture other users' requests

Lab Exploiting HTTP request smuggling to capture other users' requests

Lab Exploiting HTTP request smuggling to reveal front end request rewriting

Lab Exploiting HTTP request smuggling to reveal front end request rewriting

Lab Exploiting HTTP request smuggling to bypass front end security controls, CL TE vulnerability

Lab Exploiting HTTP request smuggling to bypass front end security controls, CL TE vulnerability

Lab Exploiting HTTP request smuggling to bypass front end security controls, TE CL vulnerability

Lab Exploiting HTTP request smuggling to bypass front end security controls, TE CL vulnerability

Lab Web cache poisoning via ambiguous requests

Lab Web cache poisoning via ambiguous requests

Lab Host header authentication bypass

Lab Host header authentication bypass

Lab HTTP request smuggling, confirming a TE CL vulnerability via differential responses

Lab HTTP request smuggling, confirming a TE CL vulnerability via differential responses

Lab HTTP request smuggling obfuscating the TE header

Lab HTTP request smuggling obfuscating the TE header

Lab HTTP request smuggling, confirming a CL TE vulnerability via differential responses

Lab HTTP request smuggling, confirming a CL TE vulnerability via differential responses

Lab HTTP request smuggling basic CL TE vulnerability

Lab HTTP request smuggling basic CL TE vulnerability

Lab HTTP request smuggling, basic TE CL vulnerability

Lab HTTP request smuggling, basic TE CL vulnerability

Lab Web cache poisoning via a fat GET request

Lab Web cache poisoning via a fat GET request

Lab Parameter cloaking

Lab Parameter cloaking

Lab Web cache poisoning via an unkeyed query string

Lab Web cache poisoning via an unkeyed query string

Lab Basic server side template injection code context

Lab Basic server side template injection code context

Lab Server side template injection in an unknown language with a documented exploit

Lab Server side template injection in an unknown language with a documented exploit

Lab Basic server side template injection

Lab Basic server side template injection

Lab Server side template injection with information disclosure via user supplied objects

Lab Server side template injection with information disclosure via user supplied objects

Lab Targeted web cache poisoning using an unknown header

Lab Targeted web cache poisoning using an unknown header

Lab Server side template injection in a sandboxed environment

Lab Server side template injection in a sandboxed environment

Lab Server side template injection using documentation

Lab Server side template injection using documentation

Lab Web cache poisoning with an unkeyed header

Lab Web cache poisoning with an unkeyed header

Lab Web cache poisoning with an unkeyed header

Lab Web cache poisoning with an unkeyed header

Lab Modifying serialized data types

Lab Modifying serialized data types

Lab Manipulating WebSocket messages to exploit vulnerabilities

Lab Manipulating WebSocket messages to exploit vulnerabilities

Lab Modifying serialized objects

Lab Modifying serialized objects

Lab Arbitrary object injection in PHP

Lab Arbitrary object injection in PHP

Lab Manipulating WebSocket messages to exploit vulnerabilities

Lab Manipulating WebSocket messages to exploit vulnerabilities

Lab Using application functionality to exploit insecure deserialization

Lab Using application functionality to exploit insecure deserialization

Lab DOM based cookie manipulation

Lab DOM based cookie manipulation

Lab DOM based open redirection

Lab DOM based open redirection

Lab DOM XSS using web messages

Lab DOM XSS using web messages

Lab DOM XSS using web messages and a JavaScript URL

Lab DOM XSS using web messages and a JavaScript URL

Lab DOM XSS using web messages and JSON parse

Lab DOM XSS using web messages and JSON parse

Lab CORS vulnerability with trusted insecure protocols

Lab CORS vulnerability with trusted insecure protocols

Lab Multistep clickjacking

Lab Multistep clickjacking

Lab CORS vulnerability with basic origin reflection

Lab CORS vulnerability with basic origin reflection

Lab CORS vulnerability with trusted null origin

Lab CORS vulnerability with trusted null origin

Lab Clickjacking with form input data prefilled from a URL parameter

Lab Clickjacking with form input data prefilled from a URL parameter

Lab Exploiting clickjacking vulnerability to trigger DOM based XSS

Lab Exploiting clickjacking vulnerability to trigger DOM based XSS

Lab Clickjacking with a frame buster script

Lab Clickjacking with a frame buster script

Lab Basic clickjacking with CSRF token protection

Lab Basic clickjacking with CSRF token protection

Lab CSRF where token is tied to non session cookie

Lab CSRF where token is tied to non session cookie

Lab CSRF where token is not tied to user session COMMUNITY EDITION

Lab CSRF where token is not tied to user session COMMUNITY EDITION

Lab CSRF where token is duplicated in cookie COMMUNITY EDITION

Lab CSRF where token is duplicated in cookie COMMUNITY EDITION

Lab CSRF where token validation depends on request method COMMUNITY EDITION

Lab CSRF where token validation depends on request method COMMUNITY EDITION

Lab CSRF where token validation depends on token being present COMMUNITY EDITION

Lab CSRF where token validation depends on token being present COMMUNITY EDITION

Lab CSRF vulnerability with no defenses COMMUNITY EDITION

Lab CSRF vulnerability with no defenses COMMUNITY EDITION

Lab CSRF where Referer validation depends on header being present COMMUNITY EDITION

Lab CSRF where Referer validation depends on header being present COMMUNITY EDITION

Lab Reflected DOM XSS

Lab Reflected DOM XSS

Lab Stored DOM XSS

Lab Stored DOM XSS

Lab DOM XSS in document write sink using source location search inside a select element

Lab DOM XSS in document write sink using source location search inside a select element

Lab: Stored XSS into onclick event with angle brackets and double quotes HTML encoded and single quo

Lab: Stored XSS into onclick event with angle brackets and double quotes HTML encoded and single quo

Lab: DOM XSS in jQuery anchor href attribute sink using location search source

Lab: DOM XSS in jQuery anchor href attribute sink using location search source

Lab: DOM XSS in AngularJS expression with angle brackets and double quotes HTML encoded

Lab: DOM XSS in AngularJS expression with angle brackets and double quotes HTML encoded

Lab: DOM XSS in document write sink using source location search

Lab: DOM XSS in document write sink using source location search

Lab: Reflected XSS into a template literal with angle brackets, single, double quotes, backslash

Lab: Reflected XSS into a template literal with angle brackets, single, double quotes, backslash

Lab: DOM XSS in innerHTML sink using source location search

Lab: DOM XSS in innerHTML sink using source location search

Lab: Reflected XSS into HTML context with most tags and attributes blocked

Lab: Reflected XSS into HTML context with most tags and attributes blocked

Lab: SSRF with whitelist based input filter

Lab: SSRF with whitelist based input filter

Lab: Basic SSRF against another back end system

Lab: Basic SSRF against another back end system

Lab: Basic SSRF against another back end system

Lab: Basic SSRF against another back end system

Lab: Basic SSRF against the local server

Lab: Basic SSRF against the local server

Lab: SSRF with filter bypass via open redirection vulnerability

Lab: SSRF with filter bypass via open redirection vulnerability

Lab: Exploiting XXE to perform SSRF attacks

Lab: Exploiting XXE to perform SSRF attacks

Lab: Exploiting XXE using external entities to retrieve files

Lab: Exploiting XXE using external entities to retrieve files

Lab: Exploiting XXE via image file upload

Lab: Exploiting XXE via image file upload

Lab: Multi step process with no access control on one step

Lab: Multi step process with no access control on one step

Lab: Insecure direct object references

Lab: Insecure direct object references

Lab: Referer based access control

Lab: Referer based access control

Lab: User ID controlled by request parameter

Lab: User ID controlled by request parameter

Lab: User ID controlled by request parameter with password disclosure

Lab: User ID controlled by request parameter with password disclosure

Lab: User ID controlled by request parameter, with unpredictable user IDs

Lab: User ID controlled by request parameter, with unpredictable user IDs

Lab: User ID controlled by request parameter with data leakage in redirect

Lab: User ID controlled by request parameter with data leakage in redirect

Lab: Method based access control can be circumvented

Lab: Method based access control can be circumvented

Lab: URL based access control can be circumvented

Lab: URL based access control can be circumvented

Lab: User role controlled by request parameter

Lab: User role controlled by request parameter

Lab: User role can be modified in user profile

Lab: Unprotected admin functionality with unpredictable URL

Lab: Unprotected admin functionality with unpredictable URL

Lab: Unprotected admin functionality

Lab: Unprotected admin functionality

Lab: Blind OS command injection with output redirection

Lab: Blind OS command injection with output redirection

Lab: Blind OS command injection with time delay

Lab: Blind OS command injection with time delay

Lab: OS command injection, simple case

Lab: OS command injection, simple case

Lab: Information disclosure in version control history

Lab: Information disclosure in version control history

Lab: Authentication bypass via information disclosure

Lab: Authentication bypass via information disclosure

Lab: Source code disclosure via backup files

Lab: Source code disclosure via backup files

Lab: Information disclosure in error messages

Lab: Information disclosure in error messages

Lab: File path traversal, validation of start of path

Lab: File path traversal, validation of start of path

Lab: File path traversal, validation of file extension with null byte bypass

Lab: File path traversal, validation of file extension with null byte bypass

Lab: File path traversal, traversal sequences stripped non recursively

Lab: File path traversal, traversal sequences stripped non recursively

Lab: File path traversal, traversal sequences stripped with superfluous URL decode

Lab: File path traversal, traversal sequences stripped with superfluous URL decode

Lab: File path traversal, traversal sequences blocked with absolute path bypass

Lab: File path traversal, traversal sequences blocked with absolute path bypass

Lab: File path traversal, simple case

Lab: File path traversal, simple case

Lab: Authentication bypass via encryption oracle

Lab: Authentication bypass via encryption oracle

Lab: Inconsistent handling of exceptional input

Lab: Inconsistent handling of exceptional input

Lab: Flawed enforcement of business rules

Lab: Flawed enforcement of business rules

Lab: Authentication bypass via flawed state machine

Lab: Authentication bypass via flawed state machine

Lab: Weak isolation on dual use endpoint

Lab: Weak isolation on dual use endpoint

Lab: High level logic vulnerability

Lab: High level logic vulnerability

Lab: Inconsistent security controls

Lab: Inconsistent security controls

Lab: Insufficient workflow validation

Lab: Insufficient workflow validation

Lab: Excessive trust in client side controls

Lab: Excessive trust in client side controls

Lab: Password reset poisoning via dangling markup

Lab: Password reset poisoning via dangling markup

Lab: Brute forcing a stay logged in cookie

Lab: Brute forcing a stay logged in cookie

Lab: Offline password cracking

Lab: Offline password cracking

Lab: Basic password reset poisoning

Lab: Basic password reset poisoning

Lab: Password brute force via password change

Lab: Password brute force via password change

Lab: Password reset poisoning via middleware

Lab: Password reset poisoning via middleware

Lab: Password reset broken logic

Lab: Password reset broken logic

Lab: Blind SQL injection with conditional errors

Lab: Blind SQL injection with conditional errors

Lab: Blind SQL injection with time delays

Lab: Blind SQL injection with time delays

Lab: Username enumeration via response timing

Lab: Username enumeration via response timing

Lab: Username enumeration via subtly different responses

Lab: Username enumeration via subtly different responses

Lab: Username enumeration via different responses

Lab: Username enumeration via different responses

Lab: Broken brute force protection, IP block

Lab: Broken brute force protection, IP block

Lab: Broken brute force protection, multiple credentials per request

Lab: Broken brute force protection, multiple credentials per request

Lab: SQL injection attack, listing the database contents on Oracle

Lab: SQL injection attack, listing the database contents on Oracle

Lab: Blind SQL injection with conditional responses

Lab: Blind SQL injection with conditional responses

Lab: SQL injection attack, listing the database contents on non Oracle databases

Lab: SQL injection attack, listing the database contents on non Oracle databases

Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

Lab: SQL injection attack, listing the database contents on Oracle

Lab: SQL injection attack, listing the database contents on Oracle

Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft

Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft

Lab: SQL injection attack, querying the database type and version on Oracle

Lab: SQL injection attack, querying the database type and version on Oracle

Lab: SQL injection UNION attack, retrieving data from other tables

Lab: SQL injection UNION attack, retrieving data from other tables

Lab: SQL injection UNION attack, finding a column containing text

Lab: SQL injection UNION attack, finding a column containing text

Lab: OAuth account hijacking via redirect uri

Lab: OAuth account hijacking via redirect uri

Lab: SQL injection UNION attack, determining the number of columns returned by the query

Lab: SQL injection UNION attack, determining the number of columns returned by the query

Lab: SQL injection vulnerability allowing login bypass

Lab: SQL injection vulnerability allowing login bypass

Lab: Authentication bypass via OAuth implicit flow

Lab: Authentication bypass via OAuth implicit flow

Primeros Pasos Burpsuite

Primeros Pasos Burpsuite

Actualizar JAVA

Actualizar JAVA

Actualización BURPSUITE

Actualización BURPSUITE