Category: Academy

Penetration Testing Wiki

Cybersecurity Android Apps

Hacking Android apps in Windows with Frida (Part I)

Frida is a dynamic instrumentation toolkit to debug and analyze processes in multiple platforms (Windows, Linux, MacOS, Android, iOS, …). First thing before install frida-tools, you we’ll need python 3.x and pip tool. After that you can install easily Frida opening the Command Prompt as Administrator: That’s all you need in your laptop. As frida…
Read more

Fuzzing with Radamsa in BlackArch

Radamsa is a test case generator, it receives some input data and then it scrambles it to return some random data. Random is truly random, that means that you can even receive the same string 🙂 Unfortunatelly radamsa doesn’t come by default in BlackArch nor Kali Linux, so we have to build it and install…
Read more

Best Portswigger Burpsuite Pro plugins in 2021

protobuf decoding J2EEScan ParamMiner Upload Scanner Retire.js Msgpack Turbo Intruder More on

How to disguise a covert channel with netcat like a harmless command

One of the most important steps after the post-exploitation is to cover our activities and maintain access to the target. In Linux, BSD or Unix we can easily disguise a process name to hide our covert operations. We can abuse the C function execv() to show one command but execute one completely different. In the…
Read more

How to record your terminal💻 session on Linux🐧

Intro When writting an article about ethical hacking techniques I tried many ways to record my terminal and keep a good quality and resolution. If you record directly your screen with some screencast software the resolution for the letters of the terminal usually gets pixelated, so it’s not looking great. Then luckily I found terminalizer…
Read more

OpenSSL certificate from der to pem

To convert a DER certificate to PEM format, use the following openssl command:

How to intercept HTTPS Traffic from Android App

If you are interested in getting all traffic related to an specific app and you have a rooted phone, ProxyDroid is a good option: First thing before enabling the “Proxy Switch”, you have to point Proxydroid to the machine where you have BurpSuite running listening in the Wifi interface. In my case on…
Read more

How to setup a PHP file dropper without tools

After we have compromised a machine inside a network, we need to download tools for lateral movement, local exploits to escalate privileges, etc. Knowing how to setup a file dropper is crucial. When I was doing the OSCP 24-hour exam but also when doing the training in the labs, that was very useful as I…
Read more

Advanced buffer overflow exploit by Taeho Oh

Note: Transcription from the original article written by Taeho Oh. Internet cannot forget this legend! 1. Introduction Nowadays there are many buffer overflow exploit codes. The early buffer overflow exploit codes only spawned a shell (execute “/bin/sh”). However, nowadays some of the buffer overflow exploit codes have very powerful features.For example, passing through input filtering,…
Read more

Cracking passwords with John the Ripper

If we are cracking local accounts passwords in a Unix/Linux environment. First you will need to merge “/etc/passwd” and “/etc/shadow” system files into one: Then there are two possible techniques. Technique #1: Dictionary Attack This is useful when we have a long dictionary with common passwords, so we want to audit that no user is…
Read more