Posts

Android-x86 and Frida with VirtualBox on Linux(amd64)

Install Android-x86 with VirtualBox on Ubuntu 22.04 References: https://www.android-x86.org/documentation/virtualbox.html Download an ISO image (https://sourceforge.net/projects/android-x86/files/Release%209.0/ ) android-x86_64-9.0-r2.iso , in my case. Create a new VirtualBox VM Type: Linux, Version: Linux 2.6/3.x/4.x/5.x (64-bit) Hardware: Assign 4GB RAM Hard Disk: Create a Virtual Hard Disk Now Give 8GB HDD VDI (do not check Pre-allocate Full Size) Run VM and Boot with the downloaded .iso file from the Boot menu, Choose “Installation” Install Select “Create/Modify partitions” by pressing ‘C’ Decline GPT Create a New, Primary partition that uses the entire space Choose New, Choose Primary Leave it (the maximum space Size is displayed) Set it Bootable (The Flags are marked as ‘Boot’) Write (yes) Quit Choose the just created partition format ’ext4’ (for sure) Install GRUB Yes to install /system directory read-write Run Android-x86 Remove the .

Cheatsheet

A forensic cheet sheet get hash from a file - Windows `PS> get-filehash -algorithm sha1 <filename>` - Linux `md5sum|sha256sum <filename>` - Malware hashes - https://virustotal.com/ - https://hash.cymru.com/ Search search a file name: find <DIR> -name <filename> search a string: grep -r <search_string> <targetFILES> ([--include '*.conf'] or find . -type f -print | xargs grep -i "search_string" /dev/null or find . -name '*.ext' | xargs grep -r --color=auto -n 2>dev/null 'search_string' (search and color them) search a string from a binary: $ strings <binary_file> | grep <search_string>

Install OWAS ASST

ref https://owasp.org/ASST/ install XAMPP -> FAIL https://sourceforge.net/projects/xampp/ -> cannot install on LinuxVM on Apple silicon M2 (since XAMPP for Linux is only available for x64) Install Necessaries Apache2 $ sudo apt install apache2 mariadb-server MariaDB $ sudo systemctl enable --now mariadb $ systemctl status mariadb PHP $ sudo apt install php Perl $ sudo apt install perl Node.js $ sudo apt install -y nodejs npm Set a specific version of Node.

Web Proxies

=========== Tip: common to burp suite, mitmproxy, and proxify When a DVWM instance is running on a local machine and accessed by 127.0.0.1:PORT, local proxy cannot intercept HTTP request correctly. After a series of trial and error, the solution found was accessing the instance using a name, like: add a line to the hosts file: 127.0.0.1 DVWA visit DVWA:PORT instead of 127.0.0.1:PORT ================= mitmproxy install KALI: mitmproxy is already installed on Kali.

DVWA Walkthrough

DVWA Walkthrough (Low level) Low: XSS (DOM) Vulnerablility URL: http://127.0.0.1:42001/vulnerabilities/xss_d/ How to test: https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/01-Testing_for_DOM-based_Cross_Site_Scripting.html Observation 1 Pick any language from the dropdown list, then press the Select button. If the selected language is “English” then, the address will be changed to http://127.0.0.1:42001/vulnerabilities/xss_d/?default=English Modify the address to http://127.0.0.1:42001/vulnerabilities/xss_d/?default=Assyrian , then Assyrian will be appeared in the dropdown list. page source <div class="vulnerable_code_area"> <p>Please choose a language:</p> <form name="XSS" method="GET"> <select name="default"> <script> if (document.

Install OpenVAS(GVM) on Kali

GVM? (or OpenVAS?) Greenbone Vulnerability Manager(GVM, a.k.a OpenVAS). OpenVAS is a fork of Nessus. Install GVM How to install OpenVAS on Kali: sudo apt install openvas tried gvm-setup, but Error occured: $ sudo gvm-setup [>] Starting PostgreSQL service [-] ERROR: The default PostgreSQL version (15) is not 16 that is required by libgvmd [-] ERROR: Use pg_upgradecluster to update your PostgreSQL cluster solve the problem $ psql --version psql (PostgreSQL) 16.

peda and gdb

install peda Clone PEDA git clone https://github.com/longld/peda.git ~/peda set gdbinit $ vi ~/.gdbinit define init-peda source ~/peda/peda.py end document init-peda Init PEDA end Activate peda $ gdb (gdb) init-peda gdb-peda$

Testing Websockets 1

Intro Websocket enables a browser to be capable of synchronous communication using TCP Python/Java: Websocket / C#: signalR / nodejs: socket.io(long polling) [Traditional] Only when a browser sends a request -> A web server responses back to the request <- (asynchronous, unidirectional) [Websocket] After a connection is established between a browser and a webserver, whichever part can send messages any time via the connection (connection-oriented, bidirectional) included in HTML5 standards, supported by most browsers A simple websocket echo: a python server and an HTML client A Server in Python Prep.

Installing Cobalt Strike

Cobalt strike References Cobalt Strike’s profile: https://blog.zsec.uk/cobalt-strike-profiles/ Hashs of various Coblat Strike versions: https://verify.cobaltstrike.com/ Craked versions (Chinese) https://www.cnblogs.com/ssooking/p/12535998.html?from=timeline https://www.ddosi.org/cobaltstrike-4-5-cracked/ https://github.com/Snowming04/CobaltStrike4.0_related https://breached.vc/Thread-Cobalt-Strike-4-4-Crack-Tool https://breached.vc/Thread-Cobalt-Strike-4-7 https://breached.vc/Thread-Cobalt-Strike-4-6-1-7-Brute-Ratel Raphael Mudge(the creator of Cobalt Strike)’s channel: https://www.youtube.com/@DashnineMedia “Cobalt Strike User Guide” by FORTRA, https://hstechdocs.helpsystems.com/manuals/cobaltstrike/current/userguide/content/topics/welcome_main.htm# Notes Well-known groups that use Cobalt Strike (https://attack.mitre.org/software/S0154/): FIN6, Iranian{CopyKittens}, NorthKorean{APT37}, Russian{Wizard Spider, Indrik Spider, APT29}, Vietnamese{APT32}, Chinese{Aquatic Panda, Chimera, Leviathan, Threat Group-3390, APT19, meenuPass, APT41, Mustang Panda, Earth Lusca}, DarkHydrus, FIN7, Cobalt Group Preparing VMs Team Server @ Xubuntu 22.

Run DVWA on a Kali VM

=========== CAUTION - DO NOT be bothered by manually installing DVWA (Hightly possibly, it will fail). =========== Installing VMs Tip: VMWare-Tools for Ubuntu/Kali VM on VMWare Fusion Installing VMWare-Tools $ sudo apt install open-vm-tools when shared folder doesn’t work even after the vmware-tools are installed $ sudo umount /mnt/hgfs $ sudo mount -t fuse.vmhgfs-fuse .host:/ /mnt/hgfs -o allow_other Install Kali (.iso) on VMWare Fusion on Apple silicon(M2) Download Kali .iso for Apple silicon: https://cdimage.