-
Mobile Hacking Lab - Strings
Saturday, August 3, 2024
Mobile Hacking Lab Introduction Mobile Hacking Lab have created a series of free mobile hacking labs to go with their introductory course Android Application Security. This is a walk through of my learning experience and how I solved the first of their labs - Strings. Strings Brief Find a hidden flag in the application by investigating the app components and by using dynamic instrumentation. Outline The challenge will give you a clear idea of how intents and intent filters work on android also you will get a hands-on experience using Frida APIs.…
-
Painting With Hex
Sunday, April 5, 2020
Background As some of you may already know there is an old breakout technique where by creating a BMP in paint with particular colours can be used to dictate ascii commands into a file. Example: Open MSPaint.exe and create a canvas 5px by 1px and zoom all the way in. Now using the colour picker. Set the Red, Green, Blue values of pixels from left to right to be: (10,0,0) (13,10,13) (100,109,99) (120,101,46) (0,0,101) Save the image as a 24-bit Bitmap (.…
-
Cracking JBoss Passwords
Saturday, April 4, 2020
Introduction to Jboss EAP 6.7 Passwords Not too long ago I came across a Jboss Enterprise Application Platform (EAP) based application server. This is a Java based server used for building, deploying and hosting Java applications and Services. Having gained access to the server using another techniques I was performing some enumeration when I noted the presense of the application. A bit of research showed me that access to the web portal and command line is controlled by one of two files depending on whether the server is running in a standalone mode or domain.…