Transfer files from Kali to the target machine
Tranfer files to the target machine is particularly useful when we have already had a reverse shell on Windows. Windows does not have convenient commands to download files such as wget in Linux. If PHP...
View ArticleLFI and RFI
LFI happens when an PHP page explicitly calls include function to embed another PHP page, which can be controlled by the attacker. For example, addguestbook.php below include another PHP page that can...
View ArticleFrida cheat sheet
Frida is particularly useful for dynamic analysis on Android/iOS/Windows applications. It allows us to set up hooks on the target functions so that we can inspect/modify the parameters and return...
View ArticleUseful Magisk modules
MagiskHide Props Config Even on a rooted Android phones, you won’t be able to debug your apps if they are built as non-debuggable. In order to work around that, you need to somehow change the...
View ArticleHandy Android code snippets
This blog post is a memo of handy Android code snippets that I found particularly useful in programming and hacking. Execute a shell command as root Reference:...
View ArticleInstall a trusted CA in Android N
It’s very trivial to install a user-trusted certificate on Android. Under Settings -> Security you can install new trusted certificates. However, this creates a permanent “Your network could be...
View ArticleRB App Checker
This tiny yet powerful app lets us check the iOS application for the certificates, requirements and entitlements, embedded provisioning profiles, auxiliary executables and frameworks, cross-check all...
View ArticleDoS Wechat with an emoji
This DoS bug was reported to Tencent, but they decided not to fix because it’s not critical. The Common Vulnerabilities and Exposures (CVE) Program has assigned the ID CVE-2019-11419 to this issue....
View ArticleHow a double-free bug in WhatsApp turns to RCE
In this blog post, I’m going to share about a double-free vulnerability that I discovered in WhatsApp for Android, and how I turned it into an RCE. I informed this to Facebook. Facebook acknowledged...
View Article