Posts

WIFI Hacking!

Image
Hello Hackers!
In this blog I am going to show you the basic things about WIFI hacking.Special thanks to Akshay for  well written content :)




################## KEY WORDS ###################
MAC - Media Access Control BSSID - Basic Service Set Identifier ESSID - Extended Service Set Identifier SNR - Signal to Noise Ratio PSK - Pre Shared Key WPA - WiFi Protected Access WEP - Wired Equivalent Privacy WPS - Wi-fi Protected Setup



Test points: ------------- # Is the AP running the latest firmware and security patches? # Has the factory default ESSID been changed? # Has the default administrative login/password been changed? # Is the administrative password easily cracked? # Are stronger authentication options available ? # Are there any unnecessary ports open (e.g., Telnet, HTTP, SNMP,)? # Are those open ports vulnerable to known exploits? # Are encrypted administrative interfaces available (e.g., SSH, HTTPS)? # Have security alerts or logs been enabled ? # Are its security parameters consistent with defined po…

Some of my Achievements!

Image

Recon is the Key Part-1

Image
Hello Hackers!

My todays topic is all about enumeration. As reconnaissance is the most important step in hacking. So lets begin!

1. Whois lookup
This is the very basic step which we need to do for every domain which we want to test.
Things which we need to check are as follows: 1. Name servers 2. Check whether website is hosted on shared hosting or dedicated server.

site: http://whois.domaintools.com


2. DIG (Domain Information Groper) Command

The command dig is a tool for querying DNS nameservers for information about host addresses, mail exchanges, nameservers, and related information.

3. Dirsearch
Dirsearch is a simple command line tool designed to brute force directories and files in websites.
Command:
python3 dirsearch.py -u 'http://evil.com/' -e php,asp,aspx,jsp,db,config,xls,ini,pdf,txt


4. Dirbuster
DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.





5.  lazys3
A Ruby script to bruteforce for AWS s3 buckets using…

About Me.

Image
I am a security enthusiast in the areas of web-applications, network engineering & mobile applications, programming is also a part of my interests (Python lover :p).Also work as an individual web-application security engineer with broad experience in all aspects of security management and implementation. I am looking forward towards hardening skills in various security standards. As a part of my core interest, always prefer consuming my leisure's in performing individual security audits and vulnerability assessments or source code analysis. I am also a bug bounty hunter. I participated in all major bug bounty programs organised by internet giants like Google, Microsoft,Apple, Bugcrowd,…..etc I have 3+ years of expertise in both black box as well as white box penetration testing.

Follow me :

Twitter

Facebook


Hack the Planet :)

Image
Hello Hackers!

Today I am going to disclose my recent finding where I was able to takeover the user's account. So the target was planet.com as initially I was looking for some of the bugs in Google acquisitions :p

After Whois lookup and gathering some information from Crunchbase and Wiki, I came to know that it wasn't Google's acquisition but I still looked for vulnerabilities and found ACCOUNT TAKEOVER :)

Basically there was an IDOR vulnerability on their reset password link.

Check out the POC:



Youtube URL:  https://www.youtube.com/watch?v=CmM-NjJPJAo