RatSec

RatSec Blog

Top 50 Ports & Weaknesses

17 May 2024 - Posted in Bug bounties by The XSS Rat

These ports represent common entry points and services used across the internet. The vulnerabilities associated with these ports can stem from outdated software, poor configurations, weak passwords,

File Inclusion

15 May 2024 - Posted in Bug bounties by The XSS Rat

Introduction Define LFI and RFI: LFI (Local File Inclusion): A vulnerability that allows attackers to include files from the local server. RFI (Remote File Inclusion): A vulnerability that allows

Netcat Cheat Sheet

11 May 2024 - Posted in Uncategorized by The XSS Rat

1. Listening Mode: nc -l -p <port> Start Netcat in listening mode on a specific port. This mode waits for incoming connections. Connect Mode: nc <host> <port> Connect to a specific

Top 100 network hacking techniques that every bug bounty hunter should be familiar with

04 May 2024 - Posted in Uncategorized by The XSS Rat

Vulnerability Scanning Packet Sniffing Man-in-the-Middle Attacks (MitM) DNS Spoofing ARP Spoofing SSL/TLS Hijacking Session Hijacking IP Spoofing MAC Address Spoofing SMTP Relay Exploits Firewall

osi attacks

08 April 2024 - Posted in Uncategorized by The XSS Rat

Application Layer Functions Attack Vectors User interface & applevel service malware injection Web browsing, email, file transfer Phishing attacks HTTP, SMTP, DNS protocols App-level DDoS attacks

BugBounty tools for JavaScript

05 April 2024 - Posted in tools by The XSS Rat

getJS - https://github.com/003random/getJS GoLinkFinder - https://github.com/0xsha/GoLinkFinder de4js - https://lelinhtinh.github.io/de4js/ JSParser - https://github.com/nahamsec/JSParser LinkFinder

Active Directory Attacks

28 March 2024 - Posted in Uncategorized by The XSS Rat

Active Directory attacks: Pass-the-Hash (PtH) Attack: Involves stealing hashed credentials from one system and using them to authenticate to another system. Pass-the-Ticket (PtT) Attack: Similar to

Protecting Your Digital Fortress: The Importance of Multi-Factor Authentication

20 March 2024 - Posted in Uncategorized by The XSS Rat

In today's digital age, our lives are increasingly intertwined with the online world. From banking to social media and everything in between, we rely on the internet for countless tasks. However,

SSTI Payloads

15 March 2024 - Posted in Uncategorized by The XSS Rat

${{<%[%'"}}%. ${{7*7}} ${{3*'3'}} <%= 3 * 3 %> ${6*6} {{dump(app)}} {{app.request.server.all|join(',')}} {{config.items()}} {{ [].class.base.subclasses()

Directory Traversal, Quick Guide

11 March 2024 - Posted in Bug bounties by The XSS Rat

Directory traversal, also known as path traversal, is a type of vulnerability that allows an attacker to access files and directories that are outside of the intended directory structure. This can

« Prev
1
2
3
Next »

Recent Posts