Posts

Showing posts from 2018

Walkthrough of Hackthebox DevOops system

Image
Hello Guys, it been a while since I have wrote a blog. Well without wasting any time lets dig into the devoops system of hackthebox as the title describes. Let fireup the namp on ip of devoops which is 10.10.10.91 and wait for port scan results. So we have 2 port open ssh(22) and http(5000) Lets check whats there on http as it may contain the door (vulnerabilities) which may allow us to get initial foothold. Hmm! Nothing interesting let fireup our favorite directory buster (gobuster). We Found 2 directory let view upload directory as the name looks very interesting. Well it seems the application allow us to upload xml file. Interestingly whenever I think of xml I always remember XXE attack. But in our case we need to craft the complete xml file with proper required elements. So we have crafted the xml with our payload to view the /etc/passwd file and boom 🎆 we got the passwd file. Now as we know that the XXE can be exploited so lets find some way to gain RCE o...

Information Disclosure - Internal Path Disclosure (PHPWCMS) - CVE-2018-12990

Image
Hello All, ​INTRODUCTION T​he  purpose  of this post is to let you know how I managed to get one more CVE​. Throughout this post, I will give you relevant examples/screenshots that demonstrates how I ended up finding the vulnerability. ​Alright, lets plunge into the Proof-Of-Concept ! ​ PATH OF EXPLORATION ​ After submitting the first vulnerability (Stored Cross Site Scripting) to the developer for phpwcms application I continued to test further for finding more vulnerability. While testing I saw that CSRF Token was submitted in all the request. I tried to tamper with the parameter which contained the CSRF Token and found that the application throws an error which discloses the Internal Path of the application where it has been hosted. THE MOST AWAITED DEEP DIVE POC​ 1) While submitting the profile page request I saw that the application passes one parameter (csrf_token_value) which as per the name suggest contains the csrf token as you can refer the ...

How to use Slack as C2 Sever

Image
Hello All, INTRODUCTION The purpose of this post is to demonstrate how we can use slack channels as our Command & Control Server (C&C / C2) and walk you through the demonstration of how we can use the same for our benefits. This was also demonstrated in Null Mumbai  meetups on 09-June-2018 ( Slides ). Please note this post is only educational purpose. What is Slack ? Slack is a cloud-based set of proprietary team collaboration tools and services. It has a features of creating workspace which allows to create team and use it as a communication channel for the team. It supports group messaging, personal messaging, file sharing etc. Many organizations use slack for their communications and to have multiple groups based on the departments / task. It also support the integration with multiple applications like Gdrive, Jira, Dropbox etc. What is Command & Control Server (C&C / C2) ? In simple word the C&C servers are the centralized systems which issues...

Android Root Detection Bypass

Image
Hi All Introduction T​he purpose of this post is to understand how I bypassed root detection while pen-testing an android apps. They were using rootbeer libraries to protect the application to run on rooted device. In this post we will look at simple technique to bypass root detection. There are many module which are available for bypassing root detection. I used xposed module to bypass the root detection but it failed so I decided to try manually. What is root detection? Root Detection is an techniques which allow developer to control application  to work only on Non rooted devise. Many Application does not run on rooted devise for security reason. What is xposed module ? Xposed is an framework which work on rooted devices. It provide various module which allow user to control the android devices.There are also few module which help to evade root detection logic which is been written in the application. Step by Step approach to bypass root detection in the android...