Author: jacobo

Penetration Testing Wiki

Cybersecurity Android Apps

Hacking Android apps in Windows with Frida (Part I)

Frida is a dynamic instrumentation toolkit to debug and analyze processes in multiple platforms (Windows, Linux, MacOS, Android, iOS, …). First thing before install frida-tools, you we’ll need python 3.x and pip tool. After that you can install easily Frida opening the Command Prompt as Administrator: That’s all you need in your laptop. As frida…
Read more

Fuzzing with Radamsa in BlackArch

Radamsa is a test case generator, it receives some input data and then it scrambles it to return some random data. Random is truly random, that means that you can even receive the same string 🙂 Unfortunatelly radamsa doesn’t come by default in BlackArch nor Kali Linux, so we have to build it and install…
Read more

Best Portswigger Burpsuite Pro plugins in 2021

protobuf decoding https://github.com/nccgroup/blackboxprotobuf J2EEScan https://portswigger.net/bappstore/7ec6d429fed04cdcb6243d8ba7358880 ParamMiner https://portswigger.net/bappstore/17d2949a985c4b7ca092728dba871943 Upload Scanner https://portswigger.net/bappstore/b2244cbb6953442cb3c82fa0a0d908fa Retire.js https://portswigger.net/bappstore/36238b534a78494db9bf2d03f112265c Msgpack https://portswigger.net/bappstore/c199ec3330864d548ff7d6bf761960ba Turbo Intruder https://portswigger.net/bappstore/9abaa233088242e8be252cd4ff534988 More on https://pentestwiki.org/tools-for-web-penetration-testing/

How to disguise a covert channel with netcat like a harmless command

One of the most important steps after the post-exploitation is to cover our activities and maintain access to the target. In Linux, BSD or Unix we can easily disguise a process name to hide our covert operations. We can abuse the C function execv() to show one command but execute one completely different. In the…
Read more

Google Dork

Google Dork is an advanced Google search query using special commands such as allinurl, allintitle, etc to leverage Google to find public information. Is also a good way to perform passive reconnaissance. Offensive Security has the major Google Dork database called GHDB: https://www.exploit-db.com/google-hacking-database

How to record your terminal💻 session on Linux🐧

Intro When writting an article about ethical hacking techniques I tried many ways to record my terminal and keep a good quality and resolution. If you record directly your screen with some screencast software the resolution for the letters of the terminal usually gets pixelated, so it’s not looking great. Then luckily I found terminalizer…
Read more

OpenSSL certificate from der to pem

To convert a DER certificate to PEM format, use the following openssl command:

How to intercept HTTPS Traffic from Android App

If you are interested in getting all traffic related to an specific app and you have a rooted phone, ProxyDroid is a good option: https://play.google.com/store/apps/details?id=org.proxydroid First thing before enabling the “Proxy Switch”, you have to point Proxydroid to the machine where you have BurpSuite running listening in the Wifi interface. In my case 192.168.1.134 on…
Read more

How to setup a PHP file dropper without tools

After we have compromised a machine inside a network, we need to download tools for lateral movement, local exploits to escalate privileges, etc. Knowing how to setup a file dropper is crucial. When I was doing the OSCP 24-hour exam but also when doing the training in the labs, that was very useful as I…
Read more

Advanced buffer overflow exploit by Taeho Oh

Note: Transcription from the original article written by Taeho Oh. Internet cannot forget this legend! 1. Introduction Nowadays there are many buffer overflow exploit codes. The early buffer overflow exploit codes only spawned a shell (execute “/bin/sh”). However, nowadays some of the buffer overflow exploit codes have very powerful features.For example, passing through input filtering,…
Read more