hacking, mobile

It’s Finally Here!!! Intro To Android Security VM v2

In my previous post I described how I started working on v2 of Intro TO Android Security VM.

To view that post, click HERE.

Anyway, I can finally say… I AM DONE WITH THE VM!

What’s different between version 1.1.2 to version 2. Well… keep reading

In version 2 I added more dynamic analysis tools such as MARA, PIDCat, QARK. In the pentesting section, I added Metasploit. I also added MobSF (a one stop shop with dynamic scanning for android applications) in a docker container. In version 1.1.2 I tried to upgrade my python version to 3.7.5 and broke my Linux build (could not update the distro).

After speaking with Anant (owner/creator of @AndroidTamer) we decided to put MobSF into a docker container to keep it contained and not break our build.

I also created the virtual machine from a vagrant machine, as I realized with version 1, I severely underestimated the storage I needed to include all the programs I wanted. I also included insecure android apps to test in the Documents folder.

Interested in learning more – download/use the virtual machine at the following location:

SourceForge –> IntroAndroidSecurity download | SourceForge.net, click on External Link

Finally, make sure to read the README.md file as most issues can be solved in that file!

Hope everyone enjoy the virtual machine. If you have any questions or want to see an application added – let me know!

hacking, mobile

Get Excited! Version 2 of IntroToAndroidHacking Virtual Machine Is On The Way!

As the title suggests, I am working on the second version of the virtual machine I created in 2019.

I put myself out there and decided to create a training on Mobile Security and Bug Bounties – something I wanted to learn and am still interested in.

I noticed there was a virtual machine titled – Android Tamer, score! Well… not really. At the time, Android Tamer was SUPER out of date. Speaking with the creator, Anant Shrivastava about my dilemma needing a virtual machine for my training. Anant told me that it would be easier to create my own virtual machine as opposed to fixing the current version of Android Tamer.

Creating my own virtual machine? I’ve never done that before. Challenge accepted!

Anant, was SUPER helpful with all of my questions and guided me on creating the virtual machine. In about a month the first version was created. Yay!

After the training, I asked for feedback and decided I needed to revamp the virtual machine to make it more accessible/user friendly.

I added and updated out of date software in the virtual machine.

Then I noticed – I was running out of memory when trying to do my upgrades.

I realized at that moment, I totally underestimated the size of the virtual machine.

So, at this time I am revamping the virtual machine and starting with a barebone version of Ubuntu 18.04 (this is the OS the first version was built on) from Vagrant. Again, Anant gave me this advice when creating the first version. I didn’t go down that path as I never heard of Vagrant.

Speaking of Vagrant – shameless plug – I created a course through Cybrary on Intro to Vagrant. The course can be found here.

I started on the quest to version 2 yesterday (Sunday February 7, 2021), and I must say it was trying, yet fun.

Once I created the vagrantfile and started the vagrant box I realized I was dealing with the command prompt. I knew this wasn’t going to work and I needed to add a user interface. Looking on the internet, I found the lightdm and tried installing it. Once I rebooted my virtual machine, I encountered the error “could not log into session.” The login did not work.

Putting my research hat, I found the following link on how to remediate the no session login. Hmm, the ligthdm is using an older version of the unity framework that needs to be removed.

Rebooting the machine – it was a…

Somewhat success.

I had a user interface, but I didn’t like it. See tweets below

I wanted the user interface to have the same feel as the 18.04 Bionic Beaver operating system.

Doing even more research I found that 18.04 Bionic Beaver is using the MATE desktop.

Back to Google I go. I found a great site on how to install MATE onto a Linux operating system.

Somewhat score? The user interface is getting close, but not there.

Going back to the site above, I noticed that I installed the wrong version of the MATE desktop. I installed just the MATE desktop without the bells and whistles.

Looking at the bottom for the Ubuntu section it states – “

Alternatively you may choose to install Ubuntu MATE Remix.

Ubuntu MATE is a more comprehensive option that offers a slightly tweaked
layout, configuration, and themes to integrate into Ubuntu in a more seamless
fashion. This will install the complete MATE Desktop Environment as well as
LightDM and numerous other applications to provide a full and well rounded
desktop.

Once I installed the Remixed version – I finally found success!

Now that I have the interface I wanted – it’s time to add the tools and insecure apps.

Yes, that’s what set my virtual machine apart – I have insecure android apps installed in the virtual machine for students to learn mobile and android hacking as well as the common programs needed to perform mobile and android hacking.

Now, the fun part… Adding the software. I’ve added Metasploit, Burp and Zap proxies, etc.

I can’t wait to show the final product!

I hope everyone likes it…

capture the flag, hacking, web application security

New Info Sec Website Alert! – White Hat Academy

Hello All,

It’s been a LONG time since I have blogged. What can I say? Life happens.

Anyway, I have enrolled into a program called White Hat Academy.

This website is great for n00bs as there are lessons to learn about different topics such as bash scripting, stenography, forensics, and mobile.

After completing the lessons there is a Capture the Flag (CTF) challenge that will incorporate what you have learned.

Check it out (https://whitehat.academy/) and enroll today!

hacking, owasp, web application security

OverTheWire: Natas Level 7 – #appsec #webapp #websecurity #wargames

Another day, another challenge…

In today’s blog post we will solve level 7 from the Natas wargame challenge.

Let’s begin.

Going to the following link, and entering username “natas7” and password “7z3hEENjQtflzgnT29q7wAvMNfZdh0i9” we see the following:

Natas7_WarGame_1

Natas7_WarGame_2

Hmm… we see a Home and About links. Let’s click the links and see what happens.

Natas7_WarGame_3

Natas7_WarGame_4

After clicking the links we see there’s not much that’s showing on the screen.

Let’s view the source and see if there are any hints there.

Doing a right click, view page source we see:

Natas7_WarGame_5

Hmm… we see a comment that says, “password for webuser natas8 is in /etc/natas_webpass/natas8”

How can we use this information?

Looking at the above screenshots of Home and About – we notice that at the end of the URL it’s referencing a page. For instance for the home page it’s “page=Home” and for About it’s “page=About”. Let’s try to change the page name to the hint that was provided to us.

Changing the URL to: http://natas7.natas.labs.overthewire.org/index.php?page=/etc/natas_webpass/natas8, we see…

Natas7_WarGame_6

the flag!

Uncategorized

PicoCTF 2017 – A Thing Called A Stack #ctf #picoctf #appsec #infosec #reverseengineering

Another day, another challenge.

In today’s blog post we’re going to solve the “A Thing Called A Stack” challenge from PicoCTF.

Let’s get started.

Clicking on the challenge, we see the following:

PicoCTF_A_Thing_Called_A_Stack_1

OK, so we’re given a file, and we need to determine the difference between the value of esp at the end of the code, and the location of the saved return address.

Looking at the hints we see the following:

PicoCTF_A_Thing_Called_A_Stack_2

We’ve encountered two different questions. Where is the return address saved, and what commands actually affect the stack.

DISCLAIMER: I haven’t worked with assembly in probably 8 years. So, what did I do? Go to YouTube.

Entering – “Assembly tutorial” I found a GREAT crash course on explaining assembly.

I have linked the video here.

Opening the file (Notepad++ is great!)

We see the following:

PicoCTF_A_Thing_Called_A_Stack_3

Using the YouTube tutorial, let’s decode the assembly code.

First we’re pushing the ebp (base pointer) onto the stack.

Next, we move the esp (stack pointer) to be at the same location to the base pointer.

Next, we push edi, esi, and ebx onto the stack. Note these instructions don’t change the stack. This solves question #2 in the hints section.

Next, we add 180 (0xb4 hex) to the stack to hold local variables.

Next, we’re going to store the local variable x = 0, to address 180 + 4 = 184

Next, we’re going to store the local variable y = 1, Β to address 184 + 4 = 188

Next, we’re going to store the local variable z = 2, to address 188 + 4 = 192

Next, we’re going to store the local variable a = 3, to address 192 + 4 = 196

So now the esp (stack pointer) is now at 196.

Let’s convert 196 to hexadecimal.

Doing this we get the following: 0xc4

Entering this into the challenge, we see that solved the challenge and acquired 60 points!

capture the flag, hacking

PicoCTF 2017 – Special Agent User #appsec #infosec #forensics

Another day, another challenge.

Today’s blog post we will solving the “Special Agent User” challenge in the PicoCTF.

Let’s get started.

Clicking on the challenge we see:

PicoCTF_Special_Agent_1

We have another pcap (packet capture file) and we need to find the User Agent. OK. Sounds plausible. Let’s look at the hints.

PicoCTF_Special_Agent_2

There’s a link that discuss more about user-agents. Let’s go to that link.

Opening that link we see the following:

PicoCTF_Special_Agent_3

The web page explains the different components of the User-String. This will be useful.

Opening the packet capture file we notice the usual stuff UDP, and ICMP packets. And like with the first “Digital Camouflage” challenge we can ignore this.

User-Agent strings are found in HTTP requests. We need to look at packet captures for just HTTP requests.

Doing this we see a packet that’s piqued our interest…

PicoCTF_Special_Agent_4

On packet 80 (GET / HTTP/1.1) we’ll do a right click, Follow, HTTP stream.

Doing this we have the following:

PicoCTF_Special_Agent_5

Looking at the last entry in the user agent, we can see that the packet is using Firefox 25. Entering that as the flag, we’ve acquired 50 points!

capture the flag, hacking

PicoCTF 2017 – computeAES #infosec #appsec #crypto #ctf

Another day, another challenge.

Today’s blog post will explore solving the “computeAES” challenge in PicoCTF.

Let’s get started.

Clicking on the challenge we see the following:

PicoCTF_computeAES_1

Clicking on the clue link we see the following:

PicoCTF_computeAES_2

Going back to the challenge and clicking the hints we see:

PicoCTF_computeAES_3

Let’s use the hint of using online tools to solve this challenge.

Doing a Google search for “convert base64 to hex” we get the following link.

Going to this link we put in our base64 input to get the hex equivalent.

Doing this for the key and the input we get the following:

Key = 4f9b95cd8b6e04dbfabf08e886c955e3

Input = b75874a9b70e851405e44e3a6ec34b8a67db708e9e82b28fe0b1ed291de54f851d5a386cb0cf11412053ed2ffcadc472

Doing another Google search for “AES calc hex” we get the following link.

Entering the hex value of the key and input we get the following:

PicoCTF_computeAES_4

We found the flag! Copying the flag and removing the extra space we’ve acquired 50 points!

capture the flag, hacking

PicoCTF 2017 – Yarn #appsec #infosec #ctf

Another day, another challenge…

Today’s blog post we will solve the, “Yarn” challenge from PicoCTF.

Let’s get started.

Clicking on the challenge we see:

PicoCTF_Yarn_1

OK, we need to find a flag inside of a file, but we do not know what the file is.

Let’s look at the hints and see if that provides any clues.

PicoCTF_Yarn_2

Looking at the hints we’re provided with two questions. Possibly answering these questions will leads us to the flag.

Answer question #1 – “what does the string command use to determine if something is a string?” We decide to do a Google search to answer just that.

Doing this Google search we’re provided with the following link.

Reading the article we determine that the strings command prints the printable characters from a file.

Doing that we’re provided with the following screenshot:

PicoCTF_Yarn_3

We’ve answered question #1. Let’s answer question #2.

Question #2 – is there a way to change the length that the strings command look for?

Going back to the link we see that there is a way we can specify that there is a way to determine the length of strings we want to print.

How do we use this?

By adding the “-n <length you want to use>”

Doing this we get the following:

PicoCTF_Yarn_4

Scrolling down we see:

PicoCTF_Yarn_5

Hmm… I think we found the flag! “Submit_me_for_I_am_the_flag”

Putting this string as the flag we have acquired 55 points!

capture the flag, hacking

PicoCTF 2017 – Hash101

Another day, another challenge.

Today’s blog post will be solving the “Hash101” challenge from the PicoCTF.

Let’s get started.

Clicking on the challenge we see…

PicoCTF_Hash101_1

OK we need to hashes to claim our flag. Let’s see what the hints say.

PicoCTF_Hash101_2

Looking at the hints Google will be our friend πŸ™‚

Connecting to the server we see:

PicoCTF_Hash101_3

We need to convert the binary to ASCII text.

Doing a Google search of, “binary to ASCII text converter” search we get the following website.

Going there, we see:

PicoCTF_Hash101_7

Changing the binary to the binary in the challenge we get:

PicoCTF_Hash101_8

The text we’re looking for is “peace” entering this in we are now in the second level of the challenge.

PicoCTF_Hash101_11

We need to find the hex value of our word, peace. Going back to the link referenced above, we see that the hex is referenced.

PicoCTF_Hash101_12

Entering that we now need to enter the decimal equivalent. For this, going back to Google and entering “hex to decimal converter” we get the following link.

Clicking the link we see:

PicoCTF_Hash101_9

Entering the hex value we get the following decimal value.

PicoCTF_Hash101_10

Entering that into the challenge we get the following:

PicoCTF_Hash101_13

Going to the third level we see:

PicoCTF_Hash101_14

Reading the description one might ask, what are we looking for?

Remember from the first level of the challenge where we need to find the ASCII text?

Doing a Google search of, “ASCII table” we find the following link.

Opening the link we see the ASCII equivalent of the letters.

We need to find a string that when doing the modulo of base 16 we get a number of 10.

One might wonder… what is modulo?

The modulo is the remainder of a division equation.

We know that we are dividing by 16 and the modulo (remainder) needs to be 10.

One way to achieve this is to find any multiple of 16 and add 10.

Why multiple of 16? Doing a multiple of 16 if we did a modulo of that the modulo would be 0 (as there is no remainder).

Doing this I was able to do the following:

PicoCTF_Hash101_5

Entering 4, we had a module of 4 and not 10.

Entering the string of “:” we were able to complete the level. Why? “:” in ASCII is 58. How did we get 58? 16 * 3  = 48 + 10 = 58. We’re adding 10 because we know we need a remainder of 10.

Moving to level 4 we see:

PicoCTF_Hash101_15

Doing another Google search of, “MD5 decrypter” we get the following link.

Clicking the link and entering the md5 hash, we get the following:

PicoCTF_Hash101_16

Entering this the level we see:

PicoCTF_Hash101_17

Entering this flag into the input box we’ve acquired 50 points!