Karim Habeeb @NoRed0x Twitter profile

Last Seen Profiles

@SKhanSkhan9340

@Elena_TeraBox

@mumeann

@Pecintabinor111

@bison_football

@Ray____oO

@jnwn06181692

@goo0gly

@pb_2foundation

@dewajita

@DrydenRegional

@imiu__12

@NandedCity_Pune

@BishnoiYouth

@DrydenRegional

@LGehlbach87121

@minniescape

@BiljaPl

@smritipriyaa

@Tolerance946738

@ShaquanaM85018

@fortcollins1987

@toastre13

@infosec_viking

@coolbadtakes

@alexandraspw

@collizin

@bokeplokalmalam

@expozine

@KvnBlac

@ConchSeta

@BEJILBANGET

@mocha_rhaasta

@tegeulis

@Eden57145680

@JigglyJiqqy

Karim Habeeb

@NoRed0x

15 days

Add the folder 'home/000~ROOT~000/' to your wordlist, and you might discover some juicy data. Enjoy!" #bugbountytips #bugbountytip #cybersecurity #ethicalhacking

14

148

833

Karim Habeeb

@NoRed0x

1 year

add this file to your wordlist `.gitlab-ci.yml` , enjoy its contain a database username and password #bugbounty #bugbountytips #bugbountytip

20

188

812

Karim Habeeb

@NoRed0x

2 years

bypass alert ==> [alert][0].call(this,1) #bugbounty #bugbountytips #bugbountytip

19

137

556

Karim Habeeb

@NoRed0x

1 year

Add /api/.env to the wordlist, and maybe you will have access to dotenv file environment that leads to exposing SMTP credentials and AWS access key , secret key #bugbountytips #bugbountytip #cybersecurity #ethicalhacking

9

114

418

Karim Habeeb

@NoRed0x

3 months

Add 'app/etc/local.xml' to the wordlist, and maybe you will get juicy data. Enjoy! #bugbountytips #bugbountytip #cybersecurity #ethicalhacking

7

74

413

Karim Habeeb

@NoRed0x

1 year

wordpress-wpconfig Sensitive Data Exposure: Check for endpoint maybe you will get juicy data. enjoy #bugbounty #bugbountytips #bugbountytip #cybersecurity #ethicalhacking

9

93

382

Karim Habeeb

@NoRed0x

1 month

Add 'app/config/config.local.neon' to the wordlist, and maybe you will get juicy data. Enjoy! #bugbountytips #bugbountytip #cybersecurity #ethicalhacking

6

38

373

Karim Habeeb

@NoRed0x

1 year

Files Containing Juicy Info inurl:"/.vscode/sftp.json" #bugbounty #bugbountytips #bugbountytip #cybersecurity #ethicalhacking

2

61

357

Karim Habeeb

@NoRed0x

6 months

If you find Web frameworks like Symfony, add '/app_dev.php/_profiler/open?file=app/config/parameters.yml' to the wordlist, and you may get juicy data. Enjoy!" #bugbountytips #bugbountytip #cybersecurity #ethicalhacking

4

94

353

Karim Habeeb

@NoRed0x

28 days

Add '/_vti_pvt/service.pwd' to the wordlist, and maybe you will get juicy data. Enjoy! #bugbountytips #bugbountytip #cybersecurity #ethicalhacking

6

44

302

Karim Habeeb

@NoRed0x

9 months

Add '' to the wordlist, and maybe you will get juicy data. Enjoy! #bugbountytips #bugbountytip #cybersecurity #ethicalhacking

4

55

275

Karim Habeeb

@NoRed0x

2 years

DB credentials are stored in the file wp-config.php.old. #bugbounty #bugbountytip

13

50

262

Karim Habeeb

@NoRed0x

8 months

Add '' to the wordlist, and maybe you will get juicy data. Enjoy! #bugbountytips #bugbountytip #cybersecurity #ethicalhacking

1

44

267

Karim Habeeb

@NoRed0x

1 year

wp-config backup Sensitive Data Exposure: Check for `wp-config.php.bak` endpoint maybe you will get juicy data. enjoy #bugbounty #bugbountytips #bugbountytip #cybersecurity #ethicalhacking

6

58

253

Karim Habeeb

@NoRed0x

7 months

Add 'local_settings.py' to the wordlist, and maybe you will get juicy data. Enjoy! Created a nuclei template for it #bugbountytips #bugbountytip #cybersecurity #ethicalhacking

2

45

247

Karim Habeeb

@NoRed0x

4 months

Add '.ftpconfig' to the wordlist, and maybe you will get juicy data. Enjoy! #bugbountytips #bugbountytip #cybersecurity #ethicalhacking

2

42

240

Karim Habeeb

@NoRed0x

1 year

Sensitive Data Exposure: Check for config.php~ endpoint maybe you will get juicy data. enjoy #bugbounty #bugbountytips #bugbountytip #cybersecurity #ethicalhacking #database

6

45

224

Karim Habeeb

@NoRed0x

1 year

Docker-Based Sensitive Data Exposure: Check for docker-compose.yml endpoint maybe you will get juicy data. enjoy #bugbounty #bugbountytips #bugbountytip #cybersecurity #ethicalhacking #Docker

4

34

219

Karim Habeeb

@NoRed0x

1 year

DB credentials are stored in the file `config/const.DB.php.bak`,enjoy #bugbounty #bugbountytips #bugbountytip #cybersecurity #ethicalhacking

6

48

218

Karim Habeeb

@NoRed0x

9 months

Add '' to the wordlist, and maybe you will get juicy data. Enjoy! #bugbountytips #bugbountytip #cybersecurity #ethicalhacking

3

41

214

Karim Habeeb

@NoRed0x

11 months

Sensitive Data Exposure: Check for the `` endpoint maybe you will get juicy data. enjoy #bugbounty #bugbountytips #bugbountytip #cybersecurity #ethicalhacking

2

39

208

Karim Habeeb

@NoRed0x

2 years

Sensitive Data Exposure (Github recon) SMTP username and password #bugbounty #bugbountytips #bugbountytip

9

125

Karim Habeeb

@NoRed0x

5 months

Add 'master.passwd/master.passwd.txt' to the wordlist, and you might uncover some juicy data. Enjoy! #bugbountytips #bugbountytip #cybersecurity #ethicalhacking

2

25

127

Karim Habeeb

@NoRed0x

5 months

Add 'servudaemon.ini' to the wordlist, and maybe you will get juicy data. Enjoy! Created a nuclei template for it: #bugbountytips #bugbountytip #cybersecurity #ethicalhacking

1

25

121

Karim Habeeb

@NoRed0x

2 years

Sensitive Data Exposure (JS Recon) "accesskey:" and "secretkey:" #bugbounty #bugbountytips #bugbountytip #AWS

4

21

108

Karim Habeeb

@NoRed0x

9 months

Add .env to the wordlist, and you may gain access to the dotenv file environment, potentially exposing DB credentials. #bugbountytips #bugbountytip #cybersecurity #ethicalhacking #

3

19

109

Karim Habeeb

@NoRed0x

1 year

bash_history Sensitive Data Exposure: Check for `/.bash_history` endpoint maybe you will get juicy data. enjoy #bugbounty #bugbountytips #bugbountytip #cybersecurity #ethicalhackin

3

22

103

Karim Habeeb

@NoRed0x

2 years

Sensitive Data Exposure (JS Recon) "accessToken:" and "oauth_token:" #bugbounty #bugbountytips #bugbountytip #AWS

9

10

98

Karim Habeeb

@NoRed0x

1 year

if you are interested in network penetration testing or red teaming, I explained office persistence with cobalt strike, enjoy #redteam #penetrationtesting

office persistence

nored0x.github.io

0

43

92

Karim Habeeb

@NoRed0x

2 years

if you are interested in network penetration testing or red teaming, I explained most of Kerberos attacks, enjoy part 1 ===>Kerbroasting

Kerberos attacks 1-Kerberoasting

Kerberos attacks 1-Kerberoasting -Offline cracking of service account passwords

nored0x.github.io

4

13

58

Karim Habeeb

@NoRed0x

3 years

Alhamdulillah Today I'm starting a new journey at SRT member @synack

3

0

43

Karim Habeeb

@NoRed0x

1 year

if you want to test SMTP credentials use the website

1

7

32

Karim Habeeb

@NoRed0x

2 years

if you are interested in network penetration testing or red teaming I collected most of the commands used in AD domain enumeration in three parts, enjoy part 1 ==>

Active Directory Domain Enumeration Part-1 With Powerview

enumerating the Domain,users, groups, Domain controller ,computers and local groups

nored0x.github.io

2

9

28

Karim Habeeb

@NoRed0x

2 years

@abdelrahman0x01 wordlist :

Security-Wordlist/Backup-wp-config.php-WordList.txt at main · DragonJAR/Security-Wordlist

A wordlist repository with human-curated and reviewed content. - DragonJAR/Security-Wordlist

github.com

0

5

21

Karim Habeeb

@NoRed0x

15 days

@_bahgat_ @abhinav31103851 search for sensitive file| wordlist | #bugbountytips like this

1

18

Karim Habeeb

@NoRed0x

3 years

after two year at @hackthebox_eu i have finished 100 machine i have great experience from htb in the network penetration testing

1

0

15

Karim Habeeb

@NoRed0x

2 years

Alhamdulillah, I'm glad to announce that I have passed the Web Application Penetration Testing Extremely exam, thanks to @eLearnSecurity for the great course and content Thank you @Resecurity for your support

4

0

15

Karim Habeeb

@NoRed0x

2 years

if you are interested in network penetration testing or red teaming, I explained the attack using a scf file to gather hashes and if you want to try this attack,htb machine (Driver) #redteam #penetrationtesting

This link will take you to a page that’s not on LinkedIn

lnkd.in

0

4

16

Karim Habeeb

@NoRed0x

15 days

@abhinav31103851 I collect some endpoints manually from sources such as Twitter, h1 reports, WaybackURLs, etc.

2

0

13

Karim Habeeb

@NoRed0x

2 years

Alhamdulillah, I'm glad to announce that I have passed the eLearnSecurity eCPPT Certified Professional Penetration Tester exam, thanks to @eLearnSecurity for the great course and content Thank you @Resecurity for your support

2

0

12

Karim Habeeb

@NoRed0x

2 years

In this article, I wrote about Windows Credentials SAM Database part-1 I used tools samdump2,pwdump7, InvokePowerDump.ps1,creddump7,impacket, Mimikatz, Metasploit Framework: HashDump, load kiwi, credential_collector, John The Ripper

Windows Credentials part-1 SAM Database

Windows Credentials-SAM Database part-1

nored0x.github.io

0

3

11

Karim Habeeb

@NoRed0x

2 years

if you are interested in network penetration testing or red teaming, I explained the attack using a scf file to gather hashes and if you want to try this attack, htb machine (Driver) #redteam #penetrationtestin

This link will take you to a page that’s not on LinkedIn

lnkd.in

0

2

10

Karim Habeeb

@NoRed0x

2 years

if you are interested in network penetration testing or red teaming, I collected some commands for Linux Post Exploitation, enjoy #RedTeaming #PenTesting #PenetrationTesting #PenTest #Cyber #infosec

Linux Post Exploitation Command List

In regards to gathering information related to Privilege Escalation, once access to a host has been obtained there are several subcategories we can use to distinguish the different types of informa...

nored0x.github.io

0

5

10

Karim Habeeb

@NoRed0x

3 years

if you are interested in network penetration tester or red teaming I collected most of the commands used in windows enumeration, enjoy

Windows Enumeration

nored0x.github.io

0

2

9

Karim Habeeb

@NoRed0x

1 year

I just pwned Investigation in Hack The Box! #hackthebox #htb #cybersecurity

Owned Investigation from Hack The Box!

I have just owned machine Investigation from Hack The Box

www.hackthebox.com

0

9

Karim Habeeb

@NoRed0x

2 years

I have explained How to Dump Login Passwords From Current Linux Users and dump credentials from memory, enjoy

Dump Login Passwords From Current Linux Users

nored0x.github.io

0

3

7

Karim Habeeb

@NoRed0x

3 years

if you are interested in network penetration testing or red teaming, I explained office persistence with cobalt strike, enjoy #redteam

office persistence

nored0x.github.io

0

2

5

Karim Habeeb

@NoRed0x

1 year

@mamunwhh Active url

0

5

Karim Habeeb

@NoRed0x

2 years

part 3 ===>Silver Ticket

Kerberos attacks 3-Silver Ticket

Kerberos attacks 1-Silver Ticket

nored0x.github.io

0

5

Karim Habeeb

@NoRed0x

2 years

Alhamdulillah,Just got a new Pentester Academy credential via @Accredible for via @securitytube Thank you @RESecurity for your support

Certified Red Team Professional (CRTP) • Karim Habeeb • Pentester Academy

Home of digital credentials

www.credential.net

0

5

Karim Habeeb

@NoRed0x

2 years

part 4 ===>golden Ticket

Kerberos attacks 4-golden Ticket

nored0x.github.io

0

1

5

Karim Habeeb

@NoRed0x

2 years

part 2 ===>AS-REP Roasting

Kerberos attacks 2-AS-REP Roasting

nored0x.github.io

0

4

Karim Habeeb

@NoRed0x

3 years

if you are interested in network penetration testing or red teaming, I explained most Kerberos attacks , enjoy part 1 ===>Kerbroasting part 2 ===>AS-REP Roasting part 3 ===>Silver Ticket

2

0

4

Karim Habeeb

@NoRed0x

3 years

حل 3 تحديات من web security cybertalents Encrypted Database: source code+md4 hash newsletter: command injection Searching for the cookie: xss

Cyber talents walkthrough |Searching for the cookie بالعربي |web...

#web#cybersecurity #ctf #cybertalents_بالعربيlink:https://cybertalents.com/challenges/web/searching-for-the-cookieCyber security, Capture the flag competitio...

www.youtube.com

0

1

3

Karim Habeeb

@NoRed0x

3 years

if you are interested in network penetration testing or red teaming I collected most of the commands used AD domain enumeration in three parts, enjoy part 1 ==> part 2 ==> part 3 ==>

0

1

3

Karim Habeeb

@NoRed0x

3 years

the second part of Kerberos attacks (AS-REP Roasting)

Kerberos attacks 2-AS-REP Roasting

nored0x.github.io

0

2

Karim Habeeb

@NoRed0x

2 years

I just pwned Precious in Hack The Box! #hackthebox #htb #cybersecurity

Owned Precious from Hack The Box!

I have just owned machine Precious from Hack The Box

www.hackthebox.com

0

1

3

Karim Habeeb

@NoRed0x

2 years

part 2==>

Active Directory Domain Enumeration Part-2 With Powerview

enumerating the Shares,Group Policies, OUs, ACLs ,User Hunting and local groups

nored0x.github.io

0

2

Karim Habeeb

@NoRed0x

7 months

@rmxyacine @0xSabir I already edit it on GitHub

0

2

Karim Habeeb

@NoRed0x

3 years

I collected most writeups for web vulnerability in this list #bugbounty #webapplicationsecurity

Writeups Bug Bounty hackerone

Information Disclosure

nored0x.github.io

0

1

2

Karim Habeeb

@NoRed0x

2 years

@androidappsdev2 Manually

0

2

Karim Habeeb

@NoRed0x

7 months

@0xSabir Thanks can you share valid template

1

0

2

Karim Habeeb

@NoRed0x

2 years

@7h3h4ckv157 Thanks for sharing ❤️

0

2

Karim Habeeb

@NoRed0x

2 years

part 3==>

Active Directory Domain Trust and forest Enumeration Part-3 With Powerview

Active Directory Domain Trust and forest Enumeration

nored0x.github.io

0

2

Karim Habeeb

@NoRed0x

23 days

@Proxy936623 The file path /_vti_pvt/service.pwd is not native to any current web framework but is specifically associated with Microsoft FrontPage

0

1

2

Karim Habeeb

@NoRed0x

3 years

I just pwned Secret in Hack The Box! #hackthebox #htb #cybersecurity

Owned Secret from Hack The Box!

I have just owned machine Secret from Hack The Box

www.hackthebox.com

0

2

Karim Habeeb

@NoRed0x

1 year

@HeisenbugHQ Just exposed

0

2

Karim Habeeb

@NoRed0x

3 years

writeup for jerry HTB machine if you want to try to exploit in tomcat and get rce #htb #penetration

HTB jerry Machine

Description Let’s start with this machine. Download the VPN pack for the individual user and use the guidelines to log into the HTB VPN. The Jerry machine is IP is 10.10.10.95.

nored0x.github.io

0

2

Karim Habeeb

@NoRed0x

3 years

حل 3 تحديات من web security cyber talents blue inc: Broken Access Control got control: host header who am i: Broken Access Control

Cyber talents walkthrough | who am iبالعربي |web security challenges

web#cybersecurity #ctf #cybertalents_بالعربيlink:https://cybertalents.com/challenges/web/who-am-iCybersecurity, Capture the flag competitionweb security ctfc...

www.youtube.com

0

1

Karim Habeeb

@NoRed0x

2 years

@abdelrahman0x01 fuzzing

1

0

1

Karim Habeeb

@NoRed0x

9 months

@roohaa_n @ReconOne_bk I found phpMyAdmin, logged in with the provided credentials and successfully accessed the database

0

1

Karim Habeeb

@NoRed0x

3 years

In the first part of Kerberos attacks (Kerbroasting) I wrote about spn and use PowerShell scripts such as FindPotentiallyCrackableAccounts.ps1, GetUserSPNs.ps1, TGSCipher.ps1, and Mimikatz waiting for your feedback

Kerberos attacks 1-Kerberoasting

Kerberos attacks 1-Kerberoasting -Offline cracking of service account passwords

nored0x.github.io

0

1

Karim Habeeb

@NoRed0x

3 years

if you are interesting in penetration tester and red-teaming, I install SQL server in windows server and connect from windows 10 by HeidiSQL #redteam #penetrationtesting

sql server setup for penetration testing

nored0x.github.io

0

1

Karim Habeeb

@NoRed0x

3 years

the command for cobalt strike:execute-assembly opt/seatbelt/SeatbeltNet3.5AnyCPU.exe all

0

1

Karim Habeeb

@NoRed0x

3 years

@0xMohamedHassan @jnordine @xchatty @DFIRScience @andreafortunatw @linuxize @EricRZimmerman @0xMuhammad بالتوفيق يا محمد

0

1

Karim Habeeb

@NoRed0x

3 years

Seatbelt: This tool is more gathering-info oriented than privesc, but it has some pretty nice checks and looks for some passwords. You need to compile it: use precompiled binaries:

1

0

1

Karim Habeeb

@NoRed0x

3 years

the third part of Kerberos attacks (silver ticket) #redteam #penetrationtesting

Kerberos attacks 3-Silver Ticket

Kerberos attacks 1-Silver Ticket

nored0x.github.io

0

1

Karim Habeeb

@NoRed0x

3 years

@CyberDefenders @MalGamy12 عاش ي جيمى ❤️ @MalGamy12

0

Karim Habeeb

@NoRed0x

3 years

if you are interested in network penetration testing or red teaming, I explained the attack using a scf file to gather hashes and if you want to try this attack,htb machine (Driver)

using a scf file to gather hashes

SMB-SCF File Attacks(NetNTLMv2 hash(challenge) grab)

nored0x.github.io

0

1

Karim Habeeb

@NoRed0x

3 years

part 4 ===>golden Ticket

0

1

Karim Habeeb

@NoRed0x

6 months

@0xGAD @ine Congratulations 👏👏

1

0

1

Karim Habeeb

@NoRed0x

3 years

the fourth part in Kerberos attacks(golden ticket) #redteam #penetrationtesting

Kerberos attacks 4-golden Ticket

nored0x.github.io

0

1

Karim Habeeb

@NoRed0x

23 days

@nav1n0x From the late 1990s to the early 2000s, the file path /vti_pvt/service. pwd stored configuration files, including sensitive data, related to FrontPage Server Extensions

0

1

Karim Habeeb

@NoRed0x

3 years

The first part in Active Directory Domain Enumeration With Powerview #redteam #penetrationtesting #activedirectory

Active Directory Domain Enumeration Part-1 With Powerview

enumerating the Domain,users, groups, Domain controller ,computers and local groups

nored0x.github.io

0

1