Introduction Greetings, dear readers! In today’s blog, we’re about to embark on an exciting journey into the world of iOS app interface manipulation. Our focus will be on enhancing the user interface of iOS applications created with SwiftUI, and we’ll add an extra layer of intrigue by accomplishing this with… Read more »
Introduction Hello, everyone. This is a comprehensive review, I’ll be sharing insights into the eMAPTv2 course and exam. I’ll discuss study tips, exam preparation, prerequisites, and key details about the certification. Additionally, I’ll provide tips for successfully passing the exam. Overview The eLearnSecurity Mobile Application Penetration Testing (eMAPT) certification is… Read more »
Greetings friends, it’s been a while since I worked as a penetration tester and my main job is to test mobile applications and my favorite tool is Frida, so I decided to write an article about it. What is Frida? Frida is a dynamic binary instrumentation framework available for multiple… Read more »
Service Discovery nmap -sS -sV -sC $IP Since an old version of Redis runs on port 6379, is it possible to use the following exploit to get a reverse shell on the target machine Exploit Redis The first step is to setup a listener handler. It’s possible to use netcat,… Read more »
Hello dear friends and welcome back, today I want to show you how I did resolve the Baby RE from hack the box. The binary is a 64bit ELF and it required to insert the key in a way to get the flag. The next step is to execute the… Read more »
Hello dear friends and welcome back for another Android Diva series blog, today we will resolve Input validation vulnerability Part 2 We will use this input point to get some internal file file:////data/data/jakhar.aseem.diva/uinfo-808817149tmp Fanntastic we completed this exercise
Hello dear friends and welcome back for another Android Diva series blog, today we will resolve Insecure Data Storage Part 4. So first of all, we have to store some value For this exercise, we will use jadx and adb So what we will do is to analyze the… Read more »
Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve Prime:1machine. Description This machine is designed for those one who is trying to prepare for OSCP or OSCP-Exam. This is first level of prime series. Some help at every stage is given. Machine is lengthy as OSCP… Read more »
Hello dear friends and welcome back for another Android Diva series blog, today we will resolve HardCoding Issues part 1 For this exercise we will use jadx. Drag and drop the Apk file into Jadx then select HardcodeActivity file and fantastic we found the key vendorsecretkey
Hello dear friends, today we will start a new series based on Android penetration testing. We will go to analyze the diva application. WHAT IS DIVA? DIVA (Damn insecure and vulnerable App) is an App intentionally designed to be insecure. We are releasing the Android version of Diva. We thought… Read more »
Hello, dear friends today I’ll show you how to resolve the CTF Uncrackable – Android Level1. First, we need to install the application in order to understand what it does and how it works adb install UnCrackable-Level1.apk mmm interesting there is a root detection, so now we will use jadx… Read more »
Hello dear friends and welcome back for another mobile security blog, today I’ll show you how to inject frida inside an ipa application. So for todo that we need to install some tools: iOS Deploy brew install node npm install -g ios-deploy If you want to know more about this… Read more »
Hello dear friends, and welcome back for another mobile application security blog, today I’ll show you how to bypass a login form with Frida. For this exercise, I did prepare an easy android Application that you can download from this link. After the download run the app on gennymotion emulator…. Read more »
Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve hackme: 1machine. Description ‘hackme’ is a beginner difficulty level box. The goal is to gain limited privilege access via web vulnerabilities and subsequently, privilege escalate as root. The lab was created to mimic the real-life environment. ‘hackme’… Read more »
Hello dear friends, and welcome back of another mobile application security blog, on the previous article I did show you how to install Frida on iOS device and how to install frida client, today I’ll show you how to install frida on Android simulator (genymotion). For this example, I use… Read more »
Hello dear friends, today I’ll show you how to “install” frida on iOS device without Jailbreak it, but first of the thing what is frida? Frida it’s a dynamic code instrumentation toolkit. It lets you inject snippets of JavaScript or your own library into native apps. The first step is… Read more »
Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve DC-3 machine. Description DC-3 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing. As with the previous DC releases, this one is designed with beginners in mind, although this… Read more »
Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve LazySysAdmin machine. Description Difficulty: Beginner – Intermediate Boot2root created out of frustration from failing my first OSCP exam attempt. Information gathering TCP Scanning Banner Grabbing Nmap scanning Dirb When the samba server is running it’s always a good… Read more »
Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve bulldog machine. Description Bulldog Industries recently had its website defaced and owned by the malicious German Shepherd Hack Team. Could this mean there are more vulnerabilities to exploit? Why don’t you find out? 🙂 This is a standard… Read more »
Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve SP: eric machine. Description Eric is trying to reach out on the Internet, but is he following best practice? Flags – /root/flag.txt – /home/eric/flag.txt Tested with VirtualBox DHCP enabled Difficulty: Beginner Should not be as easy as to… Read more »
Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve zico2 machine. Description Zico’s Shop: A Boot2Root Machine intended to simulate a real world cenario Disclaimer: By using this virtual machine, you agree that in no event will I be liable for any loss or damage including… Read more »
Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve Matrix machine. Description Matrix is a medium level boot2root challenge. The OVA has been tested on both VMware and Virtual Box. Difficulty: Intermediate Flags: Your Goal is to get root and read /root/flag.txt Networking: DHCP: Enabled IP… Read more »
Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve Fowsniff machine. Description This is a boot2root machine, It’s a beginner level, but requires more than just an exploitdb search or metasploit to run. It was created in (and is intended to be used with) VirtualBox, and… Read more »
Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve DerpNStink machine Description: Mr. Derp and Uncle Stinky are two system administrators who are starting their own company, DerpNStink. Instead of hiring qualified professionals to build up their IT landscape, they decided to hack together their own… Read more »
Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve FristiLeaks. Description A small VM made for a Dutch informal hacker meetup called Fristileaks. Meant to be broken in a few hours without requiring debuggers, reverse engineering, etc.. Information gathering TCP Scanning Analyze the web app After… Read more »
Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve ch4inrulz. Description Frank has a small website and he is a smart developer with a normal security background , he always love to follow patterns , your goal is to discover any critical vulnerabilities and gain access… Read more »
Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve W1R3S. Description You have been hired to do a penetration test on the W1R3S.inc individual server and report all findings. They have asked you to gain root access and find the flag (located in /root directory). Difficulty… Read more »
Hello dear friends, welcome back for another CTF Walkthrough. Today we will solve Unknowndevice64. Description unknowndevice64 v1.0 is a medium level boot2root challenge. The OVA has been tested on both VMware and Virtual Box. Difficulty: Intermediate Flags: Your Goal is to get root and read /root/flag.txt Information gathering TCP Scanning… Read more »
Introduction Hello dear friends, this is my first CTF walkthrough, I hope you’ll enjoy It. Box Description HackinOS is a beginner level CTF style vulnerable machine. I created this VM for my university’s cyber security community and all cyber security enthusiasts. I thank to Mehmet Oguz Tozkoparan, Ömer Faruk Senyayla… Read more »
Ciao a tutti cari amici di iProg dopo le prime lezioni “teoriche” e’ arrivato il momento di “sporcarci” le mani ma prima di tutto e’ necessario installare alcuni tools: Java SDK Android SDK APK Tool Dex2Jar e JD-GUI una volta scaricati e installati, useremo questo sito per poter scaricare i file APK. Il prossimo passo… Read more »
In questa seconda lezione esploreremo il modello di sicurezza nei sistemi Android (si richiede un minimo di conoscenza di programmazione di app Android per poter comprendere al meglio quest’articolo). Anche se Android è un sistema basato su Linux esso ha una “prospettiva” diversa per quanto concerne la sicurezza, infatti la sicurezza è… Read more »
Ciao a tutti cari amici di iProg, oggi vorrei parlarvi di un modulo di metasploit ovvero shodan_search, in pratica questo modulo utilizza le api di shodan per permetterci di effettuare ricerche direttamente da metasploit. Per chi non lo sapesse shodan è un motore di ricerca, molto spesso viene anche chiamato… Read more »
Uno dei problemi che si incontrano quando uno inizia a cimentarsi nella sicurezza informatica è quello di non sapere dove testare le cose studiate senza far “danni”. Fortunatamente il team di metasploit ha rilasciato una macchina virtuale chiamata ‘Metasploitable’, questa VM può essere utilizzata per effettuare attività di formazione di sicurezza… Read more »
Arachni è un web scanner molto potente, questo tool può essere eseguito sia nella modalità “web gui” che nella modalità “linea di comando” ed è reperibile qui. Modalità web gui Una volta scaricato ed estratto il tool, lanciamo il programma terminale e rechiamoci presso la cartella bin presente all’interno della cartella… Read more »
Ciao a tutti cari amici di iProg, in questo tutorial di oggi voglio mostrarvi un altro tool molto potete ed utile durante la fase di Fingerprinting, il tool si chiama Discover ed è possible scaricarlo dal seguente indirizzo, una volta scaricato spostiamoci all’interno della cartella discover e lanciamo lo script cd discover… Read more »
Ciao a tutti cari amici di iProg , oggi continuiamo a parlare di sicurezza informatica più precisamente discuteremo di fingerprinting o se preferite “raccolte d’informazioni”, se già avete effettuato qualche pentest come potete sapere questa è una delle fasi più importanti. Molte persone che si avvicinano per la prima volta nel campo… Read more »
Ciao a tutti cari amici di iProg, nel tutorial di oggi voglio mostrarvi come poter hackerare un dispositivo Android attraverso l’ausilio di metasploit. Per chi non lo sapesse metasploit è un framework che consente ai penterster di velocizzare il processo di creazione di un exploit, ovviamente questo è una descrizione abbastanza… Read more »
Ciao a tutti cari amici di iProg era da parecchio che non scrivevo un articolo, ma purtroppo sono stato molto occupato in questo periodo. Qualche tempo fa vi accennai in cosa consiste un attacco di tipo man in the middle, oggi vorrei mostrarvi un tool straordinario che si chiama mitmf ed… Read more »
Ciao a tutti cari amici di iProg, alcuni utenti mi hanno contatto chiedendomi se potevo fare altri tutorial riguardante la sicurezza informatica, quindi ho deciso di fare questo tutorial su una tipologia di attacco molto pericoloso ovvero lo sniffing, per farla semplice questo tipo di attacco consiste nell’intercettare i dati che… Read more »
Ciao a tutti e bentornati in questa nuova lezione dedicata al nuovo linguaggio di casa Apple. Swift tra le varie strutture dati mette a disposizione anche le struct, per chi non ricorda cosa sono le struct o come si usano può leggersi questo nostro articolo: Struct in C. struct Persona { var nome :String… Read more »