Davinder Tutorials

This blog is all about Cyber Security and IT

Sunday, April 17, 2022

My Life First Seminar at University Level on Cyber Security

  April 17, 2022    

 We all learn from our University but few students actually want to this thing in life . For me ...This thing means to motivate others and help them to get started in the Field of Cyber Security.

I feel so proud when my Teacher contacted me for doing an Expert Talk live in Chitkara University. As usual as I am always ready to go on the stage . This was the time I have to proof myself. Also I am always ready to guide students.

I contacted one of the recently passed student name Harinder . He also done his graduation from Chitkara University and he was the first student of Chitkara University to whom I am able to help them getting placed. He is a great Bug Hunter. I also want students to get motivated from him.

So In this session, I covered lot of things . I hope this video will motivate you as well specially of you are from BCA or MCA student. Please watch the whole video and if you like it.. Please do comment below.



  No Comments

Online Seminar - Getting started with Cyber Security and Real Bug Hunting

  April 17, 2022    

 Hey guys, This seminar was conducted by University and more than 200 students joined this seminar.

Mostly enrolled students are from BCA, MCA and BTECH and want to get knowledge about  how to get into the field of hacking and Cyber Security.

I am ex Alumni of Chitkara University and I feel so blessed when students and teacher praise me . So I always feel lucky when I get chance of something to do for students. So I always try my level best to help them.

This time I showed how to hunt real bugs and how to report that. How much bounty you will get.

So why not you also watch my video. This will help you to better understand.. Lets get started 




  No Comments

Thursday, April 14, 2022

How to get Entry Level Job in Cyber Security

  April 14, 2022    

 

This video is for all those students who want to get a Job in Cyber Security feild but don't know from where to start. So tried to explain the whole concept in a simple manner. If you don't know what to study and what are the things required to learn . You are at the right destination. Cyber Security is a booming career in India and is having lot of Opportunities. So here at davidertutorials you will get all the relevant stuff related to Cyber Security and IT
For More videos


   / / / /

  No Comments

Wednesday, March 3, 2021

E-mail MFA mode allows bypassing MFA from victim’s device when the device trust is not expired

  March 03, 2021    

While reading challenges to bypass 2FA , I came to see how l1nkworld submitted a report to Grammarly.


Aug 2nd (2 years ago)

Summary:
It is possible bypass MFA without the need to have the phone code.

Description:
When we turn on the MFA and we have the user and password of the user, it is possible bypass the MFA only changing some values the endpoint POST auth.grammarly.com//v3/api/login

Steps To Reproduce:

Note:

  • Use burp suite or another tool to intercept the requests
  1. Turn on and configure your MFA
  2. Login with your email and password
  3. The page of MFA is going to appear
  4. Enter any random number
  5. when you press the button "sign in securely" intercept the request POST auth.grammarly.com/v3/api/login and in the POST message change the fields:
    • "mode":"sms" by "mode":"email"
    • "secureLogin":true by "secureLogin":false
    • send the modification and check, you are in your account! It was not necessary to enter the phone code.

Impact

The attacker can bypass the experimental MFA, If the attacker has the email and password, the attacker can login in the account without the need of the phone code.

  No Comments

Saturday, February 27, 2021

Misconfigured CORS Exploitation (Cross Origin Resource Sharing)

  February 27, 2021    

 

Hello Friends!

few days before noticed a blog post for exploiting Facebook chat and reading all the chats of users so that made me to interested to know about the issues, and basically it was misconfigured CORS configuration where null origin is allowed with credentials true,  it was not something heard for the 1st time, @albinowax from the portswigger explained it very well in his blog post, so after reading that messenger blog post I went to test for the same issue for some targets where I allowed to test it.

but before that here are some tips about CORS where it can be exploitable from the attacker’s point of view:

  • POORLY IMPLEMENTED, BEST CASE FOR ATTACK:

Access-Control-Allow-Origin: https://attacker.com

Access-Control-Allow-Credentials: true

  • POORLY IMPLEMENTED, EXPLOITABLE:

Access-Control-Allow-Origin: null

Access-Control-Allow-Credentials: true

  • BAD IMPLEMENTATION BUT NOT EXPLOITABLE:

Access-Control-Allow-Origin: *

Access-Control-Allow-Credentials: true

or just

Access-Control-Allow-Origin: *

even this is not good from the development point of view but due to its own rules of CORS if Access-Control-Allow-Origin set to * we don’t get benefit Access-Control-Allow-Credentials: true means no cookie access of the victim.

When you can’t exploit even if above misconfigurations are present:

  • Presence of any custom header in the request which is getting used to authenticate the user.
  • Presence of any unique/authentication/key in the request URI 

  No Comments

Saturday, August 29, 2020

Buffer Overflow - Simply Explained with real world Example

  August 29, 2020    

A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer. In this case, a buffer is a sequential section of memory allocated to contain anything from a character string to an array of integers. Writing outside the bounds of a block of allocated memory can corrupt data, crash the program, or cause the execution of malicious code.

For better reference:


https://www.hackingtutorials.org/exploit-tutorials/buffer-overflow-explained-basics/

Lets say , we visit a signup page of a website and we entered email and password and click on signup . But before clicking sign up , I am capturing request in the Burp Suite . So when i captured the request , I changed email to some long string , like if email is "davinder@gmail.com" , i changed that to "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa@gmail.com" or even more in size

If i am able to proceed further without any restriction and or boundation, that this vulnerability exists.

Another example of code

buffer overflow strcpy code



Steps to resolve:

Restrict size limit on input parameter.

Impact

Category:Availability: Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop.
Access control (instruction processing): Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program’s implicit security policy.
Other: When the consequence is arbitrary code execution, this can often be used to subvert any other security service.

  • 1 attachment:

   /

  No Comments

Friday, August 28, 2020

List of Top Wireless hacking Tools for bug hunting

  August 28, 2020    

http://www.aircrack-ng.org/

http://www.stumbler.net/

http://www.kismetwireless.net/

http://sourceforge.net/projects/airsnort/

http://www.oxid.it/cain.html

http://wepattack.sourceforge.net/

http://www.inssider.com/

http://sourceforge.net/projects/airjack/

http://sourceforge.net/projects/cowpatty/

https://www.cloudcracker.com/

http://www.wildpackets.com/products/distributed_network_analysis/omnipeek_network_analyzer

https://github.com/esc0rtd3w/wifi-hacker

https://github.com/philcryer/wpa2own

https://github.com/hash3liZer/WiFiBroot

https://github.com/kennyn510/wpa2-wordlists

https://github.com/chunkingz/linsetmv1-2

https://github.com/DominikStyp/WPA-Attack

https://github.com/wifiphisher/wifiphisher

https://github.com/krtzer/WPA2-Wireless-Network-LabVIEW-FPGA-Testing

https://github.com/soxrok2212/PSKracker

https://github.com/r-a-w/DriveShake

https://github.com/wi-fi-analyzer/eaphammer

https://github.com/Hackndo/krack-poc

https://github.com/jgamblin/hackAPie

https://github.com/derv82/wifite

   /

  No Comments

Bypassing Android SSL Pinning

  August 28, 2020    

Portswigger.net will give you detailed video for burp setup , But to hunt bugs on Android , Below are some important steps in order to unpin Apps for testing . To do so you need to install below apps

1. Dowload genymotion - This is Your Andoid Emulater

2. Download super su v2.46 or latest

3. Download xposed installer apk

4. download xposed sdk

5. Download ssl unpinning


first root your android fone

than download xposed apk in that fone

than install xposed sdk (Note sdk version must be same as your fone apk version)

than ssl unpinning

After all steps , Restart android phone. 


After Restarting the phone , Open SSL pinning App, Select the app you want to test and click on upin.

After that capture the requests on the Burp and have fun.







   / / /

  No Comments

Subscribe to: Posts (Atom)