Part of my 2017 goals is to read more, and not to make the common mistake not to be specific about my goals, I decided to precisely set to read 20 pages per day.
|–+ [ Everyday Cryptography [done][review]
|–+ [ The Hacker Playbook: Practical Guide To Penetration Testing [current]
|–+ [ The Hacker Playbook 2: Practical Guide To Penetration Testing [next]
As part of any post exploitation in a security auditing or testing engagement you will want to gather as much info as you want about the victim to be able to target your next victim in the chain.
Having said that sometimes you stumble upon strange files, encrypted data, and network traffic that you don’t know what to do with it. One of these was an .sdf file related to hmailserver. The last is an open source mail server, you can read more about it here.
When gaining access to this server you will want to read this file:
|
1 |
C:\Program Files\hMailServer\Bin\hMailServer.ini |
A sample output would look something like this:
|
1 2 3 4 5 6 7 8 9 |
Recently I needed to move my file from my One Plus (yes – I’m back to iOS). For this move I needed to transfer my previous images / files from the android phone to my computer.
The only thing is each time I tried to use Android File Transfer, it stalls in the middle of the progress after copying few files. I thoguht ok, let’s go back to CLI, so ADB was an obvious backup plan; however the last did not sustain as well. The phone keeps disconnecting and I got frustrated with this buggy design of both. (@Google – Why is this OK?)
Turns out that CLI is indeed a life saver especially for a linux user like me. What I did is really simple and effective.
The idea:
Run scp in adb shell connect back to your mac / linux box (Windows users you will find a way too – SFTP server?)
The implementation:
...Read MoreWhile I was coding the ‘Twitter Short Handles Finder‘ I needed an efficient Alpha-Numeric Strings generator in Python. I coded this from scratch:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
def lastCase (lst): for i in range(0, len(lst)): if ( lst[i] != '_' ): return False return True l = [''] * 4 #change size here if needed. I used 4 here l[0] = '0' index = 0 while ( not lastCase(l) ): if ( ord(l[index]) > ord('_') ): l[index] = '0' index += 1 while( l[index] == '_' ): l[index] = '0' index += 1 if (l[index] == ''): l[index] = '0' #print or process generated string print(''.join(l)) l[index] = chr(ord(l[index]) +1) if ( ord(l[index]) > ord('9') and ord(l[index]) < ord('A') ): l[index] = 'A' elif ( ord(l[index]) > ord('Z') and ord(l[index]) < ord('_') ): l[index] = '_' index = 0 print (''.join(l)) |
I was astonished by the fact that both Ooredoo and Vodafone the only telecom operators in Qatar still do not use HTTPS by default leaving user credentials to be easy targets for hackers.
To make a change I just pushed a Github commit to the famous HTTPS Everywhere Browsers Extension for both operators websites:
You can also contribute to this project by adding rules and tweak the code on Github.
Read MoreIf you face a website with lot of checkboxes to check but they did not implement a ‘check all’ button. You can copy and past this code into your browser’s URL address:
|
1 |
javascript:function check_all_in_document(doc){var c=new Array();c=doc.getElementsByTagName('input');for(var i=0;i<c.length;i++){if(c[i].type=='checkbox'){c[i].checked=true;}}}check_all_in_document(window.document);for(var j=0;j<window.frames.length;j++){check_all_in_document(window.frames[j].document);} |
Note that sometimes your browsers (Chrome in my case) scizes the ‘javascript:‘ part from such addresses. You need to type ‘Javascript:‘ manually
Challenge: Write a function, that delivers following output: "1 2 3 4 5 4 3 2 1".
Rules:
print("123454321")
STOP and think about a solution.
First of all let’s clear thing up:
Finding the longest path of a graph algorithm is NOT the inverse of Dijkstra’s algorithm of finding the shortest path. In fact finding the longest path of a graph in NP-Hard problem.
In our case, the graph is a tree-shaped graph, more like a triangle.
|
1 2 3 4 5 6 7 |
8 / \ 1 4 / \ / \ 4 2 0 / \ / \ / \ 9 1 9 4 |
|
1 2 3 4 5 |
/* you're given a double linked list .. reverse it and then print it. * don't use STL's list - use your own implementation. * this is a typical coding interview question! don't say it is simple :) * @auth: AK / AddaxSoft.com */ |
Read More
Intro:
Hacking is not only for computer, software, or websites. Any device can be hacked. I lately started having interests in Software Defined Radio where I was able to ‘sniff’ data of signals around me. One particularly interesting signal was the short distances devices. These include:
Some of these systems are known to have security flaws in them. Some have no security mechanisms. It is worth reading how these stuff work before going deeper into hacking them.
Requirements:
Connections:
to-be-updated
Coding:
to-...
Recent Comments