• Home
  • About
Subscribe

Another post about erasing files/directories from git history

Another post about erasing files/directories from git history

~ brew install git-filter-repo ~ git filter-repo --invert-paths --path 'path-to-file-or-directory' ~ git remote remove origin ~ git remote add origin git@github.com:<path-to-repository>.git ~ git push origin --force 'refs/heads/*'Note that I'm using brew to install git-filter-repo, you may need to look for alternative installation methods, depending on your OS.

  • Inês Martins
Inês Martins Nov 15, 2022 • 1 min read
Exfiltrating data from Android applications via WebView Takeover (Open Redirect)

Exfiltrating data from Android applications via WebView Takeover (Open Redirect)

In this article, I go through the scenarios in which I've been able to exfiltrate data from real Android applications, after detecting a WebView takeover (aka "Open Redirect") vulnerability.

  • Inês Martins
Inês Martins Oct 6, 2022 • 2 min read
DataStore is the new SharedPreferences, old vulns still apply

DataStore is the new SharedPreferences, old vulns still apply

Neither DataStore nor SharedPreferences should be used to persist sensitive data ... but as we know, Insecure Data Storage is one of the most common vulnerabilities found in mobile applications.

  • Inês Martins
Inês Martins Sep 15, 2022 • 2 min read
HTB Write-up | Paper
wordpress

HTB Write-up | Paper

A quick initial scan discloses web services running on ports 80 and 443, as well as an SSH server running on port 22: ~ nmap 10.10.11.143 -F -Pn PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open httpsA closer look at these ports

  • Inês Martins
Inês Martins Jul 16, 2022 • 4 min read
Creating a very spammable endpoint with Oracle APEX Restful Services
oracle apex

Creating a very spammable endpoint with Oracle APEX Restful Services

I'm helping an organisation that has a very simple (and very static) corporate website. They were interested in adding a contact form, and wanted the data to be sent to their APEX-managed database. Building an entire back-end service for this purpose seemed like too much work,  so I decided to

  • Inês Martins
Inês Martins May 7, 2022 • 3 min read
How to import mySQL data into Oracle APEX (the hard way)

How to import mySQL data into Oracle APEX (the hard way)

Oracle Application Express (APEX) is a low-code development platform that enables you to build scalable, secure enterprise apps, with world-class features, that can be deployed anywhere.Recently I was asked to import a mySQL database into APEX. Although support for mySQL databases is on the roadmap, it seems like for

  • Inês Martins
Inês Martins Mar 18, 2022 • 2 min read
HTB Write-up | Previse

HTB Write-up | Previse

Retired machine can be found here. ScanningAs always, we start by mapping the previse.htb hostname to the given IP: ~ sudo nano /etc/hosts 10.10.11.104 previse.htbThe nmap scan is pretty boring, it seems there's a web server running on port 80 and an SSH server on

  • Inês Martins
Inês Martins Jan 21, 2022 • 7 min read
HTB Write-up | BountyHunter

HTB Write-up | BountyHunter

Retired machine can be found here. ScanningLike with most HTB machines, a quick scan only disclosed SSH running on port 22 and a web server running on port 80: ~ nmap 10.10.11.100 PORT STATE SERVICE 22/tcp open ssh 80/tcp open http ~ nmap 10.10.11.100

  • Inês Martins
Inês Martins Nov 29, 2021 • 7 min read
HTB Write-up | Explore
android

HTB Write-up | Explore

Retired machine can be found here. esketitLet's start with some basic scanning: ~ nmap -A 10.10.10.247 PORT STATE SERVICE VERSION 2222/tcp open ssh (protocol 2.0) | fingerprint-strings: | NULL: |_ SSH-2.0-SSH Server - Banana Studio | ssh-hostkey: |_ 2048 71:90:e3:a7:c9:5d:83:66:34:88:3d:

  • Inês Martins
Inês Martins Oct 30, 2021 • 3 min read
Exploiting Deep Links in Android - Part 5 (Testing)

Exploiting Deep Links in Android - Part 5 (Testing)

EnumerationEnumeration should always start with the App Manifest, which can be extracted from any .apk with a tool such as apktool, e.g.: ~ apktool d com.twitter.android_2021-10-22.apk I: Using Apktool 2.5.0 on com.twitter.android_2021-10-22.apk I: Loading resource table... I: Decoding AndroidManifest.xml

  • Inês Martins
Inês Martins Oct 30, 2021 • 4 min read
HTB Write-up | Monitors
htb

HTB Write-up | Monitors

Retired machine can be found here.ScanningLet's start the same as always, with a basic nmap scan: ~ nmap -sC -sV -A 10.10.10.238 Starting Nmap 7.91 ( https://nmap.org ) at 2021-05-01 11:15 WEST Nmap scan report for 10.10.10.238 Host is up (0.32s

  • Inês Martins
Inês Martins Oct 9, 2021 • 9 min read
Exploiting Deep Links in Android - Part 4 (Mitigation)
deep links

Exploiting Deep Links in Android - Part 4 (Mitigation)

Preventing Deep Link HijackingWhen it comes to preventing Deep Link Hijacking, the message is simple: stop using Scheme URLs and start using (properly verified) App Links or Intent URLs. [If you're lost maybe you should go back to Part 1] As of August 2021 only about 6% of Android devices

  • Inês Martins
Inês Martins Sep 23, 2021 • 3 min read
Exploiting Deep Links in Android - Part 3
android

Exploiting Deep Links in Android - Part 3

So .. what else can we do with deep links? Local File Inclusion (LFI)In part 2 we saw how to achieve LFI via the WebView.loadUrl method. In this part we'll explore an alternative that doesn't require the application to contain a WebView. Let's continue using the ABC Bank Android

  • Inês Martins
Inês Martins Sep 4, 2021 • 4 min read
MobSF "IPA Binary Analysis" | Step by Step
ipa

MobSF "IPA Binary Analysis" | Step by Step

MobSF is an open source static and dynamic analysis tool for Android and iOS, which can be used to quickly detect major issues on your mobile application. When scanning an .ipa, the "IPA Binary Analysis" section can report multiple issues that can be hard to interpret. Hopefully this article will

  • Inês Martins
Inês Martins Aug 21, 2021 • 9 min read
Exploiting Deep Links in Android - Part 2
android

Exploiting Deep Links in Android - Part 2

In this part, we're going to start to answer the question: "What can you do if you can trick a user into clicking a malicious deep link?" Let's go back to the ABC Bank example. ABC Bank has both a web and an Android application, and they use deep links

  • Inês Martins
Inês Martins Aug 15, 2021 • 3 min read
Exploiting Deep Links in Android - Part 1
android

Exploiting Deep Links in Android - Part 1

Deep links are an often overlooked way to exploit Android applications. In this series I hope to do a deep dive into their history, common vulnerabilities with real-life examples, possible mitigations, and testing techniques for pentesters and researchers. In this first part, we do a quick overview of the supported

  • Inês Martins
Inês Martins Aug 13, 2021 • 6 min read
Running a PHP application on Big Sur using Apache
php

Running a PHP application on Big Sur using Apache

If you have a PHP application and want a quick approach for running it on a mac with the latest OS version, then this tutorial might be useful. Testing and launching the Apache serverBig Sur already comes with Apache installed. You can check the current version by running: ~ httpd -v

  • Inês Martins
Inês Martins Jul 23, 2021 • 2 min read
USB Keyboard capture parser
tshark

USB Keyboard capture parser

During a recent CTF I had to extract keys from a USB Keyboard capture, and (as usual) decided to create a simple Python 3 script to parse the original keys. As shown on the Gist below, this script takes any .pcap file and optionally the path to the tshark executable,

  • Inês Martins
Inês Martins Jul 18, 2021 • 1 min read
Setting up Bloodhound on macOS
bloodhound

Setting up Bloodhound on macOS

On a recent CTF I needed to set up Bloodhound on macOS and came across some issues. Hope this helps someone in need. :) Installing a compatible Python versionBecause of the way in which Python 3.8 handles multiprocessing in macOS you need to downgrade to Python 3.7.3 to

  • Inês Martins
Inês Martins Jul 11, 2021 • 3 min read
Update: Simplest way to host your Ghost blog on GitHub Pages
ghost

Update: Simplest way to host your Ghost blog on GitHub Pages

Last year I created a post about how to get a Ghost blog up and running on Github Pages without much effort. This worked well, but after being forced to update ghost-cli to version 1.17.3 I ran into a few issues and had to rethink the entire process.

  • Inês Martins
Inês Martins Jun 13, 2021 • 1 min read
ØxOPOSɆC - HTTP2
oposec

ØxOPOSɆC - HTTP2

URL: https://20.56.49.147/ | Keep calm and get the flag :)When you enter the IP directly on the browser you see only an image sourced from Github and a hidden clue: "Lost? It's evolution, baby...": The image shows the evolution of the HTTP protocol, so it makes sense

  • Inês Martins
Inês Martins May 28, 2021 • 2 min read
Fixing keyboard type on Big Sur
macOS

Fixing keyboard type on Big Sur

It seems like Big Sur is randomly defaulting the keyboard type to ANSI and, for some weird reason, Apple has removed the ability to change this directly on the keyboard settings. What to do?Apparently, the only thing to do is to force the OS to re-configure the keyboard: Go

  • Inês Martins
Inês Martins May 15, 2021 • 1 min read
ØxOPOSɆC - Don Joe [Crypto]
crypto

ØxOPOSɆC - Don Joe [Crypto]

Don Joe insists his site is as secure as can be! Can you prove that the best web dev of all time is wrong?" URL: https://don-joes-blog.herokuapp.com/ There are two flagsDon Joe's Blog has a very simple interface and lists only 4 blog posts: Clicking on the articles

  • Inês Martins
Inês Martins May 1, 2021 • 4 min read
HTB Write-up | Time
htb

HTB Write-up | Time

Retired machine can be found here.ScanningIt seems like this machine is running OpenSSH on port 22 and an Apache web server on port 80: ~ nmap -sC -sV time.htb PORT STATE SERVICE VERSION PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.1 (Ubuntu Linux;

  • Inês Martins
Inês Martins Apr 3, 2021 • 3 min read
ØxOPOSɆC - Secrets [Crypto]
cryptography

ØxOPOSɆC - Secrets [Crypto]

We all have secrets! And sometimes we need to share them with our online friends, safely... That's easy! - Just implement a very secure, hackerproof™ secret sharing web application!" URL: https://secret.mbie.meWhen you access the website you see the following page: Entering random data on the input field

  • Inês Martins
Inês Martins Mar 24, 2021 • 3 min read
© 2023
Powered by Ghost