Hello everyone, today we will be learning how to setup an android simulator on your own computer. We will be constantly update this post if we have change anything or have modify our installation process. Software we will be using is (for now): Genymotion Desktop Virtualization we are using is Virtual Box in Windows OSContinue reading “Steps to set-up Android Simulator for Pen-test”
Author Archives: bsderek
Exploiting the xmlrpc.php
What is XML-RPC? XML-RPC is an API that warps the information or data into XML file and sends it to the mobile app or remote software. This was introduced as in the olden days, internet speed is not fast, instead of writing it online. Users writes their content offline and publish all together using theContinue reading “Exploiting the xmlrpc.php”
Hacker101 – H1 Thermostat
Hi guys hope you are having a nice day. This CTF we will be doing is an android apk, thus we have to decompile it to analyze the source code. Overview: H1 Thermostat Level: Easy Total Flags: 2 After de-compiling the apk, first look at the AndroidManifest.xml, this xml file will tell you what packagesContinue reading “Hacker101 – H1 Thermostat”
Hacker101 – Ticketastic
Onto another CTF in Hacker101, Ticketastic:Live Instance. I will go straight to the point, so after playing around with the demo instances, I found out the website is vulnerable XSS attack while submitting as XSS script via the ‘Submit a Ticket’ page. And since, the hint given to us is “This level and the TicketasticContinue reading “Hacker101 – Ticketastic”
Hacker101 – Intentional Exercise
Hi guys, a brand new day means a brand new CTF for us to do 🙂 For today, we will looking through the Android APK. Same as ‘Hello World!’ CTF, in order to know how the application worked, we have to decompile it and look through the source code. I decompile the android apk, unzipContinue reading “Hacker101 – Intentional Exercise”
Hacker101 – TempImage
I will be doing TempImage CTF on Hacker101 today, enjoy. Hints given: File uploads can be hard to pin down What happens to your filename when you see an uploaded file? What if you make a small change to the path? As usual check the source page first. Just mess around with the site toContinue reading “Hacker101 – TempImage”
Hacker101 – “Hello World!”
Hi guys!!! Happy 2020 to you all. Hope you have a new year resolution to solve CTF ahahahah (just joking). Today, we will be doing Hacker101 CTF “Hello World!”. So based on the website, there is a input box ‘STDIN’ and a link to download a vulnerable binary program. The first hint given for thisContinue reading “Hacker101 – “Hello World!””
Hacker101 – BugDB v3
We have now arrived at the last version of BugDB, version 3. At this post/stage, if you are reading it, you should have a bit of understanding how the queries worked, and explore the schema in the GraphiQL client browser. Leggo!!!! BugDBv3!!!! The given hint is “What new functionality was added?”. This brought me toContinue reading “Hacker101 – BugDB v3”
Hacker101 – BugDB v2
Alright let’s get starting with BugDBv2, similar to the first BugDBv1, it is on GraphiQL. So for this BugDBv2, there is additional ‘Root’ type called ‘mutation’. You can find it under the tab button called ‘Docs’. Click on ‘MyMutattions’ and it will show you a field structure. I searched up, what is ‘Mutation’ in GraphiQL,Continue reading “Hacker101 – BugDB v2”
Hacker101 – Cody’s first blog
Today, I will be doing Cody’s First Blog from Hacker101. This challenge is on Moderate level and has 3 Flags to be discovered. Flag 0: Found As the information given, we know that the blog is written in PHP and PHP function include() is some what useful for us. Then, we have this comment boxContinue reading “Hacker101 – Cody’s first blog”
Bs&Derek 