Posts

Showing posts from June, 2018

Information Disclosure - Internal Path Disclosure (PHPWCMS) - CVE-2018-12990

Image
Hello All, ​INTRODUCTION T​he  purpose  of this post is to let you know how I managed to get one more CVE​. Throughout this post, I will give you relevant examples/screenshots that demonstrates how I ended up finding the vulnerability. ​Alright, lets plunge into the Proof-Of-Concept ! ​ PATH OF EXPLORATION ​ After submitting the first vulnerability (Stored Cross Site Scripting) to the developer for phpwcms application I continued to test further for finding more vulnerability. While testing I saw that CSRF Token was submitted in all the request. I tried to tamper with the parameter which contained the CSRF Token and found that the application throws an error which discloses the Internal Path of the application where it has been hosted. THE MOST AWAITED DEEP DIVE POC​ 1) While submitting the profile page request I saw that the application passes one parameter (csrf_token_value) which as per the name suggest contains the csrf token as you can refer the below screenshot.

How to use Slack as C2 Sever

Image
Hello All, INTRODUCTION The purpose of this post is to demonstrate how we can use slack channels as our Command & Control Server (C&C / C2) and walk you through the demonstration of how we can use the same for our benefits. This was also demonstrated in Null Mumbai  meetups on 09-June-2018 ( Slides ). Please note this post is only educational purpose. What is Slack ? Slack is a cloud-based set of proprietary team collaboration tools and services. It has a features of creating workspace which allows to create team and use it as a communication channel for the team. It supports group messaging, personal messaging, file sharing etc. Many organizations use slack for their communications and to have multiple groups based on the departments / task. It also support the integration with multiple applications like Gdrive, Jira, Dropbox etc. What is Command & Control Server (C&C / C2) ? In simple word the C&C servers are the centralized systems which issues dir

Android Root Detection Bypass

Image
Hi All Introduction T​he purpose of this post is to understand how I bypassed root detection while pen-testing an android apps. They were using rootbeer libraries to protect the application to run on rooted device. In this post we will look at simple technique to bypass root detection. There are many module which are available for bypassing root detection. I used xposed module to bypass the root detection but it failed so I decided to try manually. What is root detection? Root Detection is an techniques which allow developer to control application  to work only on Non rooted devise. Many Application does not run on rooted devise for security reason. What is xposed module ? Xposed is an framework which work on rooted devices. It provide various module which allow user to control the android devices.There are also few module which help to evade root detection logic which is been written in the application. Step by Step approach to bypass root detection in the android app