Posts

Showing posts from December, 2022

Janus Vulnerability Exploitation

Image
  Janus Vulnerability(Exploitation) In brief, Applications that are signed only with v1 when installed on devices having an android version(5.0–8.0) are vulnerable to Janus Vulnerability. Step 1: Use the  apksigner tool and verify the signature v1 is only true , Hence it's highly possible to exploit the Janus vulnerability in the android application. CMD: apksigner verify -verbose h5.apk(Victim app) Before that we need to make sure that this application can be made to run on vulnerable Android versions  5.x, 6.x, 7.x & 8.0 (i.e., api level 21–26). Step 2:  Now let's check with min android version running on the application use apktool . CMD: apktool -s d H5.apk && cat H5/apktool.yml | grep minSdk The below application can be run on API Level 15(Android 4.0.4 Ice Cream Sandwich), so we can choose any device from  5.x, 6.x, 7.x & 8.0  to exploit it. A serious vulnerability in Android allows attackers to inject a DEX file into an APK file without affecting the sig
Post a Comment
Read more

Task_7 - Google Dorks | Shahul Hameed

 What is Google Dorks A Google dork query, sometimes just referred to as a dork, is  a search string or custom query that uses advanced search operators to find information not readily available on a website . Google dorking, also known as Google hacking, can return information difficult to locate through simple search queries. Commands: allintext: filetype: intitle: allinurl: link: site: email lists: log files: inurl: intitle: GHDB: https://www.exploit-db.com/ Practice Tutorial for Google Dorks https://www.tutorialspoint.com/google_hacking_tests.htm
Post a Comment
Read more

WPScan - Web Pentest Tool | Shahul Hameed

Image
  Download WPScan using Docker in Kali Tool Description: It is used  to scan WordPress websites for known vulnerabilities both in WordPress and commonly used WordPress plugins and themes . The code base for WPScan is licensed under GPLv3. WPScan is a WordPress black box scanner. Step 1:      sudo apt install docker.io Step 2:     sudo  docker pull wpscanteam/wpscan Step 3:      sudo docker run -it --rm wpscanteam/wpscan --url https://domain.in --enumerate u1-100 --random-user-agent      u - Users Enumeration POC Note : If you are concerned with the API key register and get the free API key. Link in the below:      https://wpscan.com/
Post a Comment
Read more

The easiest way to Decompile your Android APK file | Shahul Hameed

Image
Tool Name: jadx-gui Step 1: Download the Jadx-Gui tool from the given below link. https://github.com/skylot/jadx/releases/tag/v1.4.5 Step 2: Extract the downloaded file(jadx-gui). Step 3: Open your appropriate .apk file in the application. Enjoy it… 😊 POC:
Post a Comment
Read more