https://www.vishalmishra.in/ Recent content on Vishal Mishra Hugo -- gohugo.io en © 2019 Vishal (aLt) Sun, 15 Dec 2019 00:00:00 +0000 https://www.vishalmishra.in/about/ Fri, 01 Dec 2017 17:17:35 +0530 https://www.vishalmishra.in/about/ Name Vishal Mishra Occupation: Security Reseacher Education: M.E. Information Security Contact: vishal_mishra@live.com Hi, I'm Vishal Mishra from India. I am a Security Reseacher by profession. This is my personal tech blog, where I write about topics like security testing, reverse engineering and mobile security. OldBlogs: { Infosec: http://infosec.vishalmishra.in/ System Programming in C: http://icoder.vishalmishra.in/ Cracking & Reversing: http://r0x0r. https://www.vishalmishra.in/post/cloud-silverticket/ Sun, 15 Dec 2019 00:00:00 +0000 https://www.vishalmishra.in/post/cloud-silverticket/ Cloudiness in Web With advent of new PAAS and FAAS servcies the scalability, development and deployment of web application has become easier as compared to traditional approach. Function as a service has been the talk of the town from quite some time. Deployment has never been easier for a web app/api. With FAAS and microservice concept the goto production time has been cut to minimum. Just like every other platform technology, FAAS security is the end customer/consumer's responsibility. https://www.vishalmishra.in/post/websecuritytesting-automation/ Wed, 23 May 2018 00:00:00 +0000 https://www.vishalmishra.in/post/websecuritytesting-automation/ Agile Web Security Automation Automation of application security scans are becoming very common these days. With the advent of devops security and appsec pipeline tools, it has made easy to manage, maintain and scale activities like job scheduling, report generalization from different tool, and SDL integration. Such pipelines once developed requires minimum intervention until the reports are ready and triage needs to be done after that only. In order to maintain a good balance of unique applications and result quality of scanners it is very import to run automations setup and their health check following agile methodolgy. https://www.vishalmishra.in/post/automate-manual-static-code-analysis/ Tue, 08 May 2018 00:00:00 +0000 https://www.vishalmishra.in/post/automate-manual-static-code-analysis/ Antlr: Automate Manual SAST Activity I came across this wonderful which can understand any grammar and can be very helpful for people who do lot of manual source code analysis. This unlike the common grepping allows you to find specifics by programming it in many languages. Just to showcase the power of tool, I will be using antlr in python to find uninitialized varaibles in java code base. So before I get started you need to download the latest copy of antlr jar and install python library. https://www.vishalmishra.in/post/ctf-cracking-rsa-encryption/ Mon, 07 May 2018 00:00:00 +0000 https://www.vishalmishra.in/post/ctf-cracking-rsa-encryption/ Crypt: Crack Poor RSA **Challenge:** N = 58900433780152059829684181006276669633073820320761216330291745734792546625247 C = 56191946659070299323432594589209132754159316947267240359739328886944131258862 e = 65537 Reverse encrypted text C to plain text Below is my code to crack RSA with given N, C & e. {works on py2+} from Crypto.PublicKey import RSA import gmpy2 def int2Text(number, size): text = "".join([chr((number >> j) & 0xff) for j in reversed(range(0, size << 3, 8))]) return text.lstrip("\x00") N = 58900433780152059829684181006276669633073820320761216330291745734792546625247 C = 56191946659070299323432594589209132754159316947267240359739328886944131258862 e = 65537L #http://factordb. https://www.vishalmishra.in/post/ctf-crypt-back-in-time/ Mon, 16 Apr 2018 00:00:00 +0000 https://www.vishalmishra.in/post/ctf-crypt-back-in-time/ Crypt: Back in Time **Challenge:** I always hated history class. I thought history would never come in handy. With challenge there are two files: 1: encrypt.py 2: cipheretext.txt Below is the content of encrypt.py file import random alpha = "abcdefghijklmnopqrstuvwxyz" key = ''.join(random.sample(alpha,len(alpha))) print key assert(len(alpha) == 26) plaintext = open("plaintext.txt").read() ciphertext = "" sub_dict = {} for i in range(len(alpha)): sub_dict[alpha[i]] = key[i] for i in range(len(plaintext)): if plaintext[i] in alpha: ciphertext += sub_dict[plaintext[i]] else: ciphertext += plaintext[i] open("ciphertext. https://www.vishalmishra.in/post/exploiting-cve-2017-14385/ Fri, 09 Mar 2018 00:00:00 +0000 https://www.vishalmishra.in/post/exploiting-cve-2017-14385/ Attack An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1; and EMC Data Domain Virtual Edition 3.1 family, versions prior to 3. https://www.vishalmishra.in/post/spectre-attack/ Fri, 05 Jan 2018 00:00:00 +0000 https://www.vishalmishra.in/post/spectre-attack/ Spectre Attack POC Video: Spectre Attack POC on Intel i7-6820HQ References: Spectre Attack Github https://www.vishalmishra.in/post/stack-smashing/ Thu, 04 Jan 2018 00:00:00 +0000 https://www.vishalmishra.in/post/stack-smashing/ Fuzzing Command Line Utilities Following up from one of my previous article, I will be fuzzing CLI params using JAFFY fuzzer and try to smash the stack on a vulnerable program. Jaffy can fuzz binaries that you run on the command line. It takes a simple XML as input to specify the arguments details and you are ready to go. In order to run jaffy you need to install this python3 module: https://www.vishalmishra.in/post/cli-security-testing/ Tue, 26 Dec 2017 00:00:00 +0000 https://www.vishalmishra.in/post/cli-security-testing/ Command Line Interface Security Testing CLIs (Command Line Interface/Utility) offer a lot of commands to make system information easily available & manageable. Many of these commands offer various arguments (functionalities). These command line utilities and their arguments should be programmed in such a way that they should not be vulnerable or contain any logical flaw that can allow malicious user of CLI to escalate privilege, access unauthorized info, bypass ACL etc. https://www.vishalmishra.in/post/nodejs-mutation-based-fuzzer/ Thu, 21 Dec 2017 00:00:00 +0000 https://www.vishalmishra.in/post/nodejs-mutation-based-fuzzer/ Mutation Fuzzers (AKA Dumb Fuzzers 😉) Mutation Fuzzers are all about mutating the existing input values (blindly). That’s why it is known as “dumb” fuzzers, as it lacks understanding of the complete format/structure of the data. One example of data mutation can be just replacing/appending a random section of data. Some methods used by mutation fuzzers to generate the data are: Bit flipping Random postfix Random prefix encoding disruption We will be looking at one of the mutation based fuzzer written in NodeJS today. https://www.vishalmishra.in/post/mutation-testing/ Mon, 18 Dec 2017 00:00:00 +0000 https://www.vishalmishra.in/post/mutation-testing/ Mutation Test The Mutation Test is a technique that was proposed by De-Millo and it consists on creating a set of faulty versions of the test program called mutants. The goal for the tester is then to write a series of tests that can distinguish the original program from all its mutants. This technique not only help in generate very good data set for testing but also help in uncovering dark corners of software. https://www.vishalmishra.in/post/embed-powershell-scripts-in-png/ Fri, 15 Dec 2017 00:00:00 +0000 https://www.vishalmishra.in/post/embed-powershell-scripts-in-png/ Attack Invoke-PSImage takes a PowerShell script and embeds the bytes of the script into the pixels of a PNG image. It generates a oneliner for executing either from file locally or from web. This script can be very handy while targetting an memory attack, moving payloads & compromising the system. Antivirus on which I tested failed to recognize the PNG as a malcious file. Exploit Malicious PNG Generation References: GitHub https://www.vishalmishra.in/post/exploiting-cve-2017-16665/ Fri, 08 Dec 2017 00:00:00 +0000 https://www.vishalmishra.in/post/exploiting-cve-2017-16665/ Attack RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a reflected Cross Site Scripting (XSS) attack via the service parameter to the /soap URI, triggering an invalid attempt to generate WSDL. RemObjects Remoting SDK Clients are applications that talk to your servers, and Remoting SDK allows you to add client functionality to apps written in just about any modern programming tool, and for all current platforms: Cocoa developers can use our native Cocoa frameworks from Swift, Objective-C, Oxygene or RemObjects C# https://www.vishalmishra.in/post/hacking-json-web-token/ Wed, 06 Dec 2017 00:00:00 +0000 https://www.vishalmishra.in/post/hacking-json-web-token/ Attack JWT is a URL safe, stateless protocol for transferring claims. A JWT token looks something like this: Header.UserStateInformation.Signature Sample: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9. eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9. TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ The information in token are separated by dots. The first and second part can be easily converted to ascii as they are base64 encoding of plain text. That being said lets dig in to these three parts of JWT token, header contain information about the algo used to encrypt (correct term would be hash generation :P). https://www.vishalmishra.in/post/xml-quadratic-blowup-attack/ Mon, 04 Dec 2017 00:00:00 +0000 https://www.vishalmishra.in/post/xml-quadratic-blowup-attack/ Attack An XML quadratic blowup attack is similar to a Billion Laughs attack. Essentially, it exploits the use of entity expansion. Instead of deferring to the use of nested entities, it replicates one large entity using a couple thousand characters repeatedly. These attacks exists becasue applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. https://www.vishalmishra.in/post/bypass-csrf-protection/ Fri, 01 Dec 2017 00:00:00 +0000 https://www.vishalmishra.in/post/bypass-csrf-protection/ Attack Cross Site Request Forgery (CSRF) is an attack where a malicious entity tricks a victim into performing actions on behalf of the attacker. The impact of the attack would depend on the level of authorization that the victim who is being exploited is having into the system. The most popular implementation to prevent Cross-site Request Forgery (CSRF), is to make use of a nonce that is associated with a particular user and it's current view model of the web page.