Tag Archives: penetration testing

How to tamper the Deutsche Bank iOS app

      Nessun commento su How to tamper the Deutsche Bank iOS app

Disclaimer This article does not give you permission to hack, tamper with, or alter any aspect of the application. I do not accept responsibility for any illicit activity you engage in. The bug was notified to those directly involved via the bugcrowd platform even if the latter did not give… Read more »

Hooking an iOS app with Theos

      Nessun commento su Hooking an iOS app with Theos

Installation on Jailbroken device The first step is to connect to the jb device via ssh after that execute the following commands: mkdir /opt export THEOS=/opt/theos git clone –recursive https://github.com/theos/theos.git $THEOS Download an SDK for your device and place it inside /opt/theos/sdks  Hook an iOS app with Theos This demo… Read more »

THM: CyberHeroes

      Nessun commento su THM: CyberHeroes

Dear friends, today I will show you how to resolve the CyberHeroes challenge tryhackme. Let’s start with a service/port scan Initial scanning   nmap -sC -sV -p- -Pn $IP It is evident that there is a web service running on port 80 after some dir busting the only interesting part is… Read more »

PROVING GROUNDS: Black Gate

      Nessun commento su PROVING GROUNDS: Black Gate

Service Discovery nmap -sS -sV -sC $IP Since an old version of Redis runs on port 6379, is it possible to use the following exploit to get a reverse shell on the target machine Exploit Redis The first step is to setup a listener handler. It’s possible to use netcat,… Read more »

Hack the box: Baby RE

      Nessun commento su Hack the box: Baby RE

Hello dear friends and welcome back, today I want to show you how I did resolve the Baby RE from hack the box. The binary is a 64bit ELF and it required to insert the key in a way to get the flag. The next step is to execute the… Read more »

Android Diva Series: Insecure Data Storage Part 4

  Hello dear friends and welcome back for another Android Diva series blog, today we will resolve Insecure Data Storage Part 4. So first of all, we have to store some value For this exercise, we will use jadx and adb So what we will do is to analyze the… Read more »

Android Diva Series: HardCoding Issues Part1

      Nessun commento su Android Diva Series: HardCoding Issues Part1

Hello dear friends and welcome back for another Android Diva series blog, today we will resolve HardCoding Issues part 1 For this exercise we will use jadx. Drag and drop the Apk file into Jadx then select HardcodeActivity file and fantastic we found the key vendorsecretkey  

Android Diva Series: Installation and Insecure log exercise

Hello dear friends, today we will start a new series based on Android penetration testing. We will go to analyze the diva application. WHAT IS DIVA? DIVA (Damn insecure and vulnerable App) is an App intentionally designed to be insecure. We are releasing the Android version of Diva. We thought… Read more »

Inject Frida inside an ipa file

      Nessun commento su Inject Frida inside an ipa file

Hello dear friends and welcome back for another mobile security blog, today I’ll show you how to inject frida inside an ipa application. So for todo that we need to install some tools: iOS Deploy brew install node npm install -g ios-deploy If you want to know more about this… Read more »

CTF Vulnhub: Hackme 1 Walkthrough

      Nessun commento su CTF Vulnhub: Hackme 1 Walkthrough

Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve hackme: 1machine. Description ‘hackme’ is a beginner difficulty level box. The goal is to gain limited privilege access via web vulnerabilities and subsequently, privilege escalate as root. The lab was created to mimic the real-life environment. ‘hackme’… Read more »

How to install Frida on iOS device without Jailbreak

Hello dear friends, today I’ll show you how to “install” frida on iOS device without Jailbreak it, but first of the thing what is frida? Frida it’s a dynamic code instrumentation toolkit. It lets you inject snippets of JavaScript or your own library into native apps. The first step is… Read more »

CTF: DC-3 Walkthrough

      Nessun commento su CTF: DC-3 Walkthrough

Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve DC-3 machine. Description DC-3 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing. As with the previous DC releases, this one is designed with beginners in mind, although this… Read more »

CTF: LazySysAdmin Walkthrough

      Nessun commento su CTF: LazySysAdmin Walkthrough

Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve LazySysAdmin machine. Description Difficulty: Beginner – Intermediate Boot2root created out of frustration from failing my first OSCP exam attempt. Information gathering TCP Scanning Banner Grabbing Nmap scanning Dirb When the samba server is running it’s always a good… Read more »

CTF: Fowsniff:1 Walkthrough

      Nessun commento su CTF: Fowsniff:1 Walkthrough

Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve Fowsniff machine. Description This is a boot2root machine, It’s a beginner level, but requires more than just an exploitdb search or metasploit to run. It was created in (and is intended to be used with) VirtualBox, and… Read more »

CTF: DerpNStink Walkthrough

      Nessun commento su CTF: DerpNStink Walkthrough

Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve DerpNStink machine Description: Mr. Derp and Uncle Stinky are two system administrators who are starting their own company, DerpNStink. Instead of hiring qualified professionals to build up their IT landscape, they decided to hack together their own… Read more »

CTF: W1R3S Walkthrough

      Nessun commento su CTF: W1R3S Walkthrough

Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve  W1R3S. Description You have been hired to do a penetration test on the W1R3S.inc individual server and report all findings. They have asked you to gain root access and find the flag (located in /root directory). Difficulty… Read more »

CTF: Unknowndevice64 Walkthrough

      Nessun commento su CTF: Unknowndevice64 Walkthrough

Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve  Unknowndevice64. Description unknowndevice64 v1.0 is a medium level boot2root challenge. The OVA has been tested on both VMware and Virtual Box. Difficulty: Intermediate Flags: Your Goal is to get root and read /root/flag.txt Information gathering TCP Scanning… Read more »

CTF: HackInOS Walkthrough

      Nessun commento su CTF: HackInOS Walkthrough

Introduction Hello dear friends, this is my first CTF walkthrough, I hope you’ll enjoy It. Box Description HackinOS is a beginner level CTF style vulnerable machine. I created this VM for my university’s cyber security community and all cyber security enthusiasts. I thank to Mehmet Oguz Tozkoparan, Ömer Faruk Senyayla… Read more »