Hey guys, Welcome back. This is the continuation of the series on web application hacking. Today we are gonna see, the controls and validations placed on the client side and how we bypass it.
Lets get this started.
The fundamental security flaw in a Client-Server architecture is the server has no control over the client. And the first lesson in web-application security or building web applications in general is never trust user input.
Transmitting data via the client
The most general assumption of a developer is that a user is confined to input that is restricted in the UI. This assumption makes the development process…
Hey guys,
Welcome back, In this blog we are going to see how to recover deleted files using “testdisk”.
Sorry for changing the topic from previous blogs, I hope you will find this helpful.
Testdisk is used to Scan and repair disk partitions. It can check and repair most partition types, also it can undelete files from
— DOS/Windows FAT12, FAT16 and FAT32
— Linux ext2
— NTFS
Lets get this started.
First we can install testdisk in our machine,
In debian-based distributions, use
sudo apt-get install testdiskIn arch-based distributions, use
pacman -S testdiskThis will get testdisk installed…
Welcome back guys, this is continuation of the previous blog on Mapping the Application. Lets continue our analysis to further gain more information about the application
Lets get this started.
These are the key things that are to be looked after, when analysing the application.
• Core functionality
• Periperal behaviour
• Core Security mechanisms
• User-Input Processing
• Client-side technologies
• Server-side technologies
• Any details about internal structure
Entry points for User-Input
The key areas to look at,
• URL File paths
• Query string parameters
• Parameters in POST request
• Cookies
• Headers processed by Server
URL File Paths
Normally…
Hey guys,
Welcome back.
I plan to write a series on Web Application Hacking. Starting from scratch I look forward to cover most topics. I skipped the recon section, this assumes that you have selected a website to hack in.
Lets get this started with the Mapping the Application.
You have to know more about the application you are targeting. The mantra to find bugs is Enumeration…. Enumeration…. Enumeration…. The more you know how an application works the easier things get.
Enumerating Content
Manually go through the application to gain a very basic understanding of what the application is built for. For…
A beginner level box, enumerate FTP, get a webshell after bruteforcing your way into a file upload, Simple privesc using GTFOBins and Cron jobs.
Lets get started,
This is my first writeup about machines, so correct me if I am wrong anywhere.
SCANNING
First deploy the machine and fire your nmap scan
nmap -A 10.10.73.175Three ports were open,
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 3.0.3
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
|_-rw-r--r-- 1 ftp ftp…Hey guys,
Welcome back.
Have you ever wondered how portscanners like Nmap exactly identify the target Operating Systems. If you say TCP/IP Stack fingerprinting, yeah you are right. There are some techniques to do that.
If you are curious to know, read on.
Stack fingerprinting is a series of techniques that are used to determine the operating system running on a target host by examining characteristics of the TCP/IP stack implementation.
The following are some techniques used to identify the OS based on the TCP/IP stack.
FIN Port Probes
Some Operating System implementations produce a fingerprinting “signature” in response to…
Hey guys,
Welcome back, in this blog, we are going to see how to get more information from a phone number through OSINT using a tool called PhoneInfoga.
PhoneInfoga:
It is an advanced tool which scans phone number using only free resources. First it fetches the information about career, country, area etc.., and then use Search Engine Fingerprinting to identify the owner.
The beauty of the tool is it is built in Python, so you can run it in any platform, even Termux.
For Indian numbers, you mostly get the Country, Area and Career not much, though that is itself…
Hey guys,
In this blog, we are going to see how to install and use the ParamSpider. A tool to mine parameters on a website.
ParamSpider is a python script which is used to find parameters from web archives of the domain. Also it could mine parameters from the subdomains as well.
Lets see how to get it installed and its usage. It might be useful for your bug hunting journey.
Everything is in the github page of the tool, this is just a simple guide. You can also follow it up from the github page.
First lets clone the…
Hey guys,
In this blog, we are going to see how to login as root in Kali.
Kali Linux is a fantastic distribution for pentesting, hacking whatever you may call it. It has a lot of tools pre installed. So we just get it on and pop shells.
The Kali’s update disables the login as root, which is disturbing because its annoying for some people to type in sudo everytime running a privileged command. Ok lets see how to change it and login as root.
I am going to demonstrate this in VMWare but it works on all installations.
You…
Hey guys,
In this blog, we are going to see how to hack an android device using a backdoor apk, so that we may gain access to it anytime.
Note: You should have the victim install a malicious App, I may only teach what to do before and after installation. It is up to your intelligence to make the victim install the App.
Ok first, Let me explain what we are going to do.
Normally on a LAN, we create a Malicious file, have it executed on a machine in our Local Network. We may use the Private IP to…
n00bie
just a n00b exploring technology and things
