Posts

Admin Account Takeover - Creating Admin Account Through CSRF and XSS

Image
One of the recent applications that I was working on, had a simple admin portal. Using which one can add new users to the application. Checking the request using burp, there was a CSRF token used. But the token was valid for the entire session. Also, the token was in the cookie and was sent in the body of the request. The application did validate the CSRF token on the server-side. But it used to check if the value of the cookie and the value in the body of the request were the same. For successful exploitation, we need the value of the cookie and it should be passed as a parameter. Looking at the application, there was an XSS found in one of the pages. Which, every user will land into once logged in. Using which I could get the value of the cookie i.e., the CSRF token. Which can be used to trigger the payload and add new users to the application. By changing the type of user to admin ( role = 1 ), it was possible to add admin users to the account. As soon as admin logs into his ac

OSCP V2 Journey

Image
My Background : I am working as an Information Security Analyst for over 2 years with experience in Vulnerability Assessment and Penetration Testing in the area of Web, Network, Mobile, Thick Client.   Pre-Prep : I started preparing 2 months before I registered for the OSCP Exam. There are good resources online to start the preparation. I think a good place to startwith the TJNull’s OSCP like machine from both HTB and Vulnhub. Purchased HTB VIP and tried doing most of the boxes mentioned in it. It was a good start to practice the enumeration techniques.   Updated list from TJNull’s OSCP like machines : HTB machines   Vunhub Machines   After 2 months of working on HTB and Vulnhub, I finally registered for the OSCP. I took 2 months LAB access in April 2020.   As soon as i got access,I went straight off to the PDF and the Videos. It took me almost 15 days to complete the PDF, videos and all the exercises with reporting and I was left with 45 days to complete the

CRASHING IPHONE WITH THIS WORD

Image
B ugs on iPhones are rising. After the recent " FaceTime " bug, here's a new bug which crashes the iPhone. By saying the word " hyphen "  5 times will crash your iphone. It works where dictation is present like Search, iMessage etc. but doesn't work on SIRI . Tap on dictation and say hyphen five times and the iPhone crashes. It seems harmless and wont affect the phone. It also works with multiple languages and works on latest iOS. It is reported that it works on iOS 11. Apple will push an update in a week or so.

SETTING WIFI ON RASPBERRY PI HEADLESS

Image
Create a file  wpa_suppicant.conf   in the boot partition of the SD card Open it with a text editor and paste the following ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev update_config=1 network={  ssid="<YOUR NETWORK NAME>"  scan_ssid=1  psk="<PASSWORD>"  key_mgmt=WPA-PSK } Edit the ssid and psk feilds . Enter your network Name and Password with " " Save and start the Pi. For Starting SSH service,  Check AUTOSTART SSH ON RASPBERRY PI 3       Raspberry Pi 3 model B without headless mode & an HDMI cable

Hacking TeamViewer? New Vulnerability Disclosed

Image
TeamViewer – The Remote - Support software is found to have a critical vulnerability which could allow users sharing desktop to gain complete control of the other end without their permission. It was first disclosed by a Reddit user “xpl0yt” on Monday. POC of this vulnerability is posted on GitHub by “gellin”, which is an injectable C++ DLL that uses naked inline hooking and direct memory modification to change TeamViewer permissions. The injectable C++ DLL can be used by both server and client using DLL Injector. If the Server exploits , it would allows viewers to enable the feature “switch sides”, which is activated only after the server authenticates the control with the client. Which will allow the server to switch the sides. If the Client exploits , it would allow the client to take control of server . As specified on Github “ Allows for control of mouse with disregard to servers current control settings and permissions ”. This affects TeamViewer ve

HOW TO SETUP STATIC IP ADDRESS ON RASPBERRY PI

Image
Configuring Network Settings to setup a static IP address on Raspberry Pi Connecting to your Raspberry Pi without a HDMI display ?  You’ll need its IP address to connect. There are two main forms, static and dynamic. By default, Raspberry Pi will be configured with a dynamic IP address. Dynamic IP address can change each time you reboot or restart the services, not ideal if you are running Raspberry Pi headless, so you need to keep checking the IP address and connect. Static IP address is somewhat permanent, it won’t change. So you know your IP address. To setup a static IP address, 1. Check your IP   sudo ifconfig pi@raspberrypi:~$ ifconfig eth0      Link encap:Ethernet  HWaddr 08:00:27:E5:E0:11           inet addr:192.168.0.106  Bcast:192.168.0.255  Mask:255.255.255.0           inet6 addr: fe80::a00:27ff:fee5:e011/64 Scope:Link           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1           RX packets:104 errors:0 dropped:0 overruns:0

USB TETHERING ON RASPBERRY PI

Image
How to connect Raspberry pi using USB tethering on Android Raspberry pi with its default config cant connect through USB Tethering. Network interface should be manually enabled. Open Terminal, enter the following command sudo nano /etc/network/interfaces This will open the interfaces file. Add the following line to that file, iface usb0 inet dhcp The file after modifying should look like this Press ctlr + x,  Y to Save and Exit. Enter the following command sudo ifup usb0 this will bring the network interface up Then reboot your RPi sudo reboot Connect Rpi to your Android device. Turn on the USB tethering on the phone. Tested and working on  Parrot os  Kali linux  Raspbian

WHAT IS SSL, TLS AND HTTPS

Image
SSL/TLS are cryptographic protocols that provide communications security over a computer network. WHAT IS SSL ? SSL (Secure Sockets Layer) is a standard security technology to create an encrypted link between a server and a client. This link ensures that all data passed between the server and the client remain private and secure. It was designed to support protocols such as FTP , HTTP , TELNET . HISTORY OF SSL : The Secure Sockets Layer or SSL was developed by Netscape in 1994 to provide security for web traffic. The first version “ SSL version 1.0 ”, due to its weak cryptographic algorithms and some security flaws, it was never released for public use. The second version 2.0 was released in 1995 considered fairly strong, used MD5. But, it was vulnerable. The next version 3.0 was released in 1996. Which was a complete redesign of the protocol. SSL : SSL ensures that all the data transmitted will be encrypted. Two files, Certificate and Private Key

HOW FACEBOOK AND OTHER SOCIAL NETWORKING SITES ARE HACKED

Image
S ocial networking service (also social networking site, SNS or social media) is an online platform that is used by people to build social networks or social relations with other people who share similar personal or career interests, activities, backgrounds or real-life connections. Social Network Sites such as Twitter, Facebook, Google + , Pinterest, Instagram have attracted millions of users, many have integrated these sites into their daily practices. There are many sites, with various technological features which support a wide range of interests and practices. Most of them can be linked to their pre-existing social networks which help strangers connect and interact based on shared interests or activities. This interaction reveals a lot of information, often including personal information visible to anyone who wants to view it. Hence privacy is often a key concern by the users. Since millions of people are willing to interact with others, it is also a new attack

THINGS TO DO AFTER INSTALLING KALI LINUX " PART-2 "

Image
1. INSTALLING  TOR apt-get install tor and press ENTER. To start tor , service start tor For proxy chain , proxychains firefox It should be up and running. 2.INSTALLING VIRTUAL BOX To install Virtual Box, apt-get install virtualbox It'll take some time, you'll be good to go. 3. INSTALLING  SKYPE Goto the link https://www.skype.com/en/download-skype/skype-for-linux/ Download the deb version, Goto the directory and type dpkg -i <filename>.deb 4. INSTALLING  TEAMVIEWER Goto the link https://www.teamviewer.com/en/download/linux/ Download the Ubuntu,Debian file , Goto the directory and type dpkg -i <filename>.deb 5. INSTALLING  LIBREOFFICE Type the command, apt-get install libreoffice Press ENTER and wait for it to download and install. 6. INSTALLING  GOOGLE CHROME Goto the link https://www.google.com/chrome/browser/desktop/ click on  Download Chrome for another platform , select LINUX , select .deb package , do

THINGS TO DO AFTER INSTALLING KALI LINUX PART-1

Image
1. Enable sound: Most of them have this problem. pulseaudio -D It will get back your sound. 2. Changing repository: gedit /etc/apt/sources.list For kali rolling ,copy and paste the following in sources.list file. deb http: // http.kali.org / kali kali-rolling main contrib non-free # For source package access, uncomment the following line # deb-src http://http.kali.org/kali kali-rolling main contrib non-free remove "#" in 3rd line to uncomment. save and exit. Check for the latest repository here: https://docs.kali.org/general-use/kali-linux-sources-list-repositories  3. Update kali linux: type the below code apt-get update && apt-get upgrade -y && apt-get dist-upgrade It'll take some time. 4. Adding a standard user: Kali by default logs in as root. It is always better to use a second user. You can create a standard user. (But you will have to use " sudo " for most of the commands) useradd -m <user name>