Terrons
Tiniest blog,
Largest bullshits



Osint to PWN
[X] Cassandra exposed databases auth-free

[X] LDAP anonymous binding allowed

[X] SQLite Web dashboards with no login

[X] Jenkins misconfig leads to RCE

[X] Firebase hardcoded DB URL

[X] Vinchin MySQL default credentials

[X] There are many public S3 buckets

[X] Thousands of misconfigured Elasticsearch instances

[X] Find exposed discord webhooks

[X] Find vulnerable admin login panels

[X] Android Debug Bridge misconfiguration

[X] Find FTP servers with anonymous login allowed

[X] Access SMB servers auth-free

[X] Hunt exposed Files with Directory Listing

[X] Many exposed MongoDBs

[X] Explore AXIS open IP Cameras on Google

[X] ALGO IP Speakers & more with hardcoded passwords

[X] SIMATIC HMI default credentials

[X] Find exposed files on Rsync

[X] Find open Redis istances

[X] BigAnt admin hardcoded credentials


Misc & tools
[X] Compromised email checker

[X] Develop AI solutions quickly

[X] Reverse shell generator
 
[X] Basic SQL injection scanner

[X] Directory fuzzer

[X] Wifi deauth attack script

[X] Network sniffer

[X] Edit strings in binary files

[X] YouTube views generator

[X] Google URL crawler

[X] AutoClicker   


CVE POCs    
[X] CVE-2024-8181

[X] CVE-2024-7120

[X] CVE-2024-5947

[X] CVE-2024-31621

[X] CVE-2024-22901

[X] CVE-2023-5222

[X] CVE-2023-45852

[X] CVE-2023-43261

[X] CVE-2023-38433

[X] CVE-2023-37265

[X] CVE-2023-34598

[X] CVE-2023-33568

[X] CVE-2023-27350

[X] CVE-2014-0160 


About Me