Category Security

quick writeup for Hacker0x1’s mini CTF: Capture The Flag: reversing the password

If you missed this one; please head to this link, and try it yourself before going to the solution.

Read More

automate a safe wordpress update through a cron job

I’m a great believer in automation; as one of my interviewers said to me once: If we do it twice; we automate it.
I adopted this style throughout my work; hence I wanted to show how would I upgrade/update the WordPress core and plugins using cron to keep all my blogs and sites secure and up to date with security patches.

1- get & install wp-cli (how/where)
2- write a script to use wp-cli to update WordPress [see attached code]

Read More

breaking out of a restricted shell – the offensive way

Recently I was working on one of the vulnhub vulnerable boxes and once I finally got a reverse shell it was a restricted one. What a bummer!
In this post I want to document how did I breakout of it in a simple way.

There many ways to break out of the restricted shell (aka /bin/rbash). One simple way for example is to use perl or python to call /bin/sh:

Perl/Python aren’t the only ways. You can STILL breakout if vim, vi, awk, gdb, more, less, etc. are allowed!

What I want to add here is a special case of a restricted bash, that’s when the rbash is called with an output redirection.
So might be able to use the earlier tricks to breakout but it’s no good as all the output is being r...

Read More

Everyday Cryptography by Keith Martin

Note: This post is part of the “20p Everyday” project.

I was fortunate enough to attend one of the best information security schools in the world. Yes that’s Royal Holloway University of London after a long academic journey, ups and downs of course..
I was even more fortunate to have the author of this book, Keith Martin, as one of my professor back in RHUL.
He taught me “Crypto 1”. I enjoyed his lecture very much. It was one of the most interesting lecture at times.

Personally I had some ideas about cryptology (the correct term btw.) since my computer security course I took with Fadi Aloul at the American University of Sharjah (AUS). I had an idea about
what is a public key what is a private key, and what’s PGP (pretty good privacy), thanks to Taha Landolsi and his course “Networks II” at...

Read More

add HSTS to Apache

We mentioned before how did we switch to SSL since 2017.

I want to add here how to set HSTS to prevent a wellknown SSL attack called SSL-Strip.

  • What is SSL Strip?

You can watch the full talk to understand in details how this works here.
Basically the attacker is somehow (we don’t care how) a MITM setting in between the victim and the authentic server.
The attacker in this case can do a downgrade attack on SSL and transfer all HTTPs connection to the normal plain text HTTP connections.
Now the attack can simply sniff all data being communicated between the victim and the server.
The attacker is also free now to change the data and execute other attacks such as injecting malware into the traffic.

  • What is HSTS

HSTS or HTTP Strict Transport Security allows web servers to declare that web b...

Read More

Thank you LetsEncrypt; we have gone HTTPS :)

In case you haven’t noticed. I’ve gone HTTPS with a green lock now 🙂

I also rate a “A” with Qualys’s SSL lab test. Check it here.

There is no more excuse not to be encrypting your traffic using TLS. A service like letsencrypt.org makes it so easy to switch to https you can finish the whole process in few mints (if not seconds!) using their certbot tool.
A quick guide to certbot can be found on youtube. If it doesn’t work by default, you will need to go the manual way. I might write a guide here when I have the time for it.

Keep encrypting!

Read More

Open .SDF file without SQL Server Management

As part of any post exploitation in a security auditing or testing engagement you will want to gather as much info as you want about the victim to be able to target your next victim in the chain.

Having said that sometimes you stumble upon strange files, encrypted data, and network traffic that you don’t know what to do with it. One of these was an .sdf file related to hmailserver. The last is an open source mail server, you can read more about it here.

When gaining access to this server you will want to read this file:

A sample output would look something like this:

Read More

Generate Alpha-Numeric Strings in Python (for BruteForce Attacks)

While I was coding the ‘Twitter Short Handles Finder‘ I needed an efficient Alpha-Numeric Strings generator in Python. I coded this from scratch:

Read More

Both of Qatar Telecoms: Ooredoo and Vodafone do NOT use HTTPS by Default

I was astonished by the fact that both Ooredoo and Vodafone the only telecom operators in Qatar still do not use HTTPS by default leaving user credentials to be easy targets for hackers.

To make a change I just pushed a Github commit to the famous HTTPS Everywhere Browsers Extension for both operators websites:

You can also contribute to this project by adding rules and tweak the code on Github.

Read More

Hacking short distance devices

Intro:
Hacking is not only for computer, software, or websites. Any device can be hacked. I lately started having interests in Software Defined Radio where I was able to ‘sniff’ data of signals around me. One particularly interesting signal was the short distances devices. These include:

  • Car remotes system. Also called: Remote Keyless System
  • Garage Remotes
  • Other home equipment remotes switches.

Some of these systems are known to have security flaws in them. Some have no security mechanisms. It is worth reading how these stuff work before going deeper into hacking them.

Requirements:

  • Programming skills in: C++ or Java or Python.
  • A micro-conotroller (Teensy, Aurdino) Raspberry Pi is ok too.
  • 315Mhz / 430Mhz Transceiver. I bough this one > XD-RD-5V.

Connections:

to-be-updated

Coding:
to-...

Read More