Posts

Showing posts from 2018

Capturing the Naughty app Traffic in Burpsuit

Image
While performing the pen-testing of one of banking apps we came across challenge of capturing the traffic in the burp. App being naughty was bypassing burp proxy and we were not able to capture the requests/responses. Reversing the app we came to know it was built on  Xamarain. To proceed with the pentest it was important to capture the requests in the burp proxy. Then we came across following link (Big thanks for this): https://gist.github.com/gameFace22/3afedd1309960249fa7fcb1360e40fd3 And it did work ! Just for my notes keeping the steps. Step 1: Switch off the wifi of the macbook and connect it to your phone hotspot. Connect it either by using cable to by bluetooth. Not by wifi ! Step 2: Go to System preferences-->Sharing-->On the internet sharing. See the pic. The internet which macbook gets from hotspot is shared by macbook. Macbook will start it's own hotspot ! Step 3: Now some command need to run to tell the macbook to route the tra...

HackIM 2018 Walkthrough OSINT 1 to 4

Image
OSINT 1 The challenge was pretty clear. One of our systems has been infected by a ransomware.The message says My username is your password. Wait for further instructions. We have been able to identify the JS file used to download the ransomware. Here is the MD5: '151af957b92d1a210537be7b1061dca6'. Can you help us to unlock the machine? A quick search in virus total revealed that the md5 belongs to a malicious js file called as  DSAdaDSDA.js : Also the challenge says " My username is your password" After learning more about   DSAdaDSDA.js I came across this link: https://www.hybrid-analysis.com/sample/611f55dc3d7b88d8000aa54bb571752f9b14889d913805ae5824187c1cc73371?environmentId=100 And found the username there in the analysis of this js. The flag was : hackim18{' n923wUc'} OSINT 2 The challenge said : Annual audits have flagged an employee who is sharing data outside the company in some secret manner. A quick OS...