Terrons
Tiniest blog



Osint to PWN
[X] BigAnt admin hardcoded credentials                

[X] Find vulnerable admin login panels

[X] Android Debug Bridge misconfiguration

[X] Cassandra exposed databases auth-free

[X] Find exposed discord webhooks

[X] Firebase misconfiguration

[X] Find FTP servers with anonymous login allowed

[X] Jenkins misconfig leads to RCE

[X] Many exposed MongoDBs

[X] Access SMB servers auth-free

[X] ALGO IP Speakers & more with hardcoded passwords

[X] SIMATIC HMI default credentials

[X] Explore AXIS open IP Cameras on Google

[X] Find open Redis istances

[X] Find exposed files on Rsync

[X] Thousands of misconfigured Elasticsearch instances

[X] There are many public S3 buckets


Misc & tools
[X] AutoClicker

[X] Basic SQL injection scanner

[X] Compromised email checker

[X] Directory fuzzer

[X] Wifi deauth attack script

[X] Google url crawler

[X] Network sniffer

[X] YouTube views generator

[X] Reverse shell generator    


CVE POCs    
[X] CVE-2024-8181

[X] CVE-2024-7120

[X] CVE-2024-5947

[X] CVE-2024-31621

[X] CVE-2024-22901

[X] CVE-2023-5222

[X] CVE-2023-45852

[X] CVE-2023-43261

[X] CVE-2023-38433

[X] CVE-2023-37265

[X] CVE-2023-34598
 
[X] CVE-2023-33568

[X] CVE-2023-27350

[X] CVE-2014-0160 


About Me