Dino Hacks

Disclaimer: Opinions expressed are solely my own. None of the ideas expressed in this blog post are shared, supported, or endorsed in any manner by my employer. Introduction Python is high-level, dynamically typed, portable and interpreted language which is often used for scripting. Python 2 was discounted with version 2.7.18. Currently, Python 3 is used with version 3.10.5 being the latest.  When Python source code is executed, it is compiled to byte code which are often stored with .pyc extension. In case, it is not able to write to the machine, the byte code is generated in the memory and then discarded after the program exists.  Once the byte code is created, it is executed by Python Virtual Machine (PVM) which is technically a big loop that iterated through byte code instructions and executes it. PVM is runtime engine of python which is present in Python system.  It is important to note that byte code is Python-specific representation and is platform-independent. However, byte cod

  Disclaimer:  Opinions expressed are solely my own. N one of the ideas expressed in this blog post are shared, supported, or endorsed in any manner by my employer. In this blog, I will be taking a look at the initial GootLoader sample (MD5: 4dd369b5e028beebe3aa5c980960c502 , Sha256: c1029f0b5f4f6dfbe0fe656f075cbb5ccc2fc308087db21438d73394b75ea020).  Available  here:  https://bazaar.abuse.ch/sample/c1029f0b5f4f6dfbe0fe656f075cbb5ccc2fc308087db21438d73394b75ea020/   The sample is a javascript program which is meant to be executed in windows using wscript.exe.  Opening the sample in a text editor, it appears to look like jquery library 3.6.0 (screenshot below). Comparing the sample with jqeury 3.6.0 downloaded from  https://code.jquery.com/jquery-3.6.0.js, differences can be observed.  The following lines shows the code inserted to create the sample:  One important thing to mention about javascript: If a variable is declared without keywords such as var, it will be treated as global var

Collusion Attack is one of the ways to bypass android permissions and steal user's data. It requires the attacker or a rogue developer to create and install 2 android application in the user's phone. Both these apps can communicate with each other, share data and then sending it to the attacker.  There are 2 ways to communicate between 2 apps: overtly and covertly. An example of overt communication is to use intents to pass data between 2 apps. An example of covert communication is to use files. One app can write to a file in the internal storage and another app can read that file. An sophisticated way of covert communication would be to communicate by scheduling various events and calculating the time difference.  In this post, I am demonstrating the overt way of communications. I have 2 apps: Contact reader app (Phone reader App) and a Calculator App   A pictorial representation of the demo:  Code snippets: So, the contact reader app will have the permission to read your cont

Continuing the kioptrix series, we have Kipotrix level 3 walkthrough. This machine is not so simple like the last 2. It requires the pentester to poke around a bit. I found the ip address of the machine using netdiscover. I did a nmap scan on it. If you see, we have a website here. So, I decided to take at the website. I looked around the website and found this: LotusCMS looks interesting. Let's if there is any exploit for it. Looks like I need to use metasploit for this exploit.  Set the options in meterpreter and it will look like this:       Running this exploit and I got the shell. After getting the shell, I decide to just look around and see if I can find anything interesting. Checking out the gallery file, I found a config file. From that file, we got the root password. Now, since I have the root login and password, let's see if I can login into the phpmyadmin portal. The portal is located at kioptrix3.com/phpmyadmin and logging

Hi,everyone here all the following steps to install ns2-allinone package in ubuntu 18.04. Download the latest allinone patched for gcc-5 from this link    https://drive.google.com/file/d/0B7S255p3kFXNVVlxR0ZNRGVORjQ/view?usp=sharing You can automate the rest of the process by putting the downloaded file and this script in one folder. The link to the script:  https://pastebin.com/vqRsfYiD Copy paste the following commands: sudo echo "deb http://in.archive.ubuntu.com/ubuntu/ xenial main" >> /etc/apt/sources.list sudo echo "deb http://in.archive.ubuntu.com/ubuntu/ xenial universe" >> /etc/apt/sources.list sudo apt update sudo apt install gcc-4.8 g++-4.8  sudo apt install build-essential autoconf wget sudo apt install perl libxt-dev libx11-dev libxmu-dev extract the downloaded ns2-allinone package. I will be assuming that extracted files are in ~/ns-allinone-2.35  Copy paste the following commands: export CC=gcc-4.8 CXX=

Hi,Everyone! This post is about audi sqli labs lesson 1. Audi Sqli labs is a vulnerable web application which is designed for practicing various forms of sqli injection. You can download it from github: https://github.com/skyblueee/sqli-labs-php7 and follow this video: https://www.youtube.com/watch?v=Ri0e249x5PY for installation. Let's get started with lesson 1. Lesson 1: Let's add ?id=1 in the url. Well, this means that ?id=1 works. Now, let's try to break this query. You can try different values of id such as 10000000, asdwqe,@, ' etc. When you try ?id=1' , you will see an error message. Let's analyse the error. The important part is : ''1'' LIMIT 0,1'  Remove the first single quote: '1'' LIMIT 0,1 Remove "LIMIT 0,1" : '1'' This means that our given input is being enclosed in a single quote(').  You can fix the query while keeping the value of id as 1' by commenting out the