Aug 28, 2014

Videos: Passwordscon 2014 Videos

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Videos: TakeDownCon Rocket City 2014 Videos

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

HowTo: Debug Android APKs with Eclipse and DDMS


1. Download apktool
git clone git://
find . -name "apktool-cli.jar"
cp ./brut.apktool/apktool-cli/build/libs/apktool-cli.jar /tmp  

2.  Dump APK
java -jar /tmp/apktool-cli.jar d -d FakeBanker.apk -o source

3. Make Application to debug mode
If you want to do it manually open the AndroidManifest.xml file and search for the application tag. Then insert new attribute android:debuggable='true' like I did:

4. Build new app
# java -jar /tmp/apktool-cli.jar b -d source FakeBanker.Debug.apk 

5. Unzip debug application and make jar file
unzip FakeBanker.Debug.apk -d unpacked
cd unpacked
# dex2jar classes.dex -> classes-dex2jar.jar 
6.  Using jd-gui for save all source of jar

7. Sign the application
git clone
# java -jar sign/dist/signapk.jar sign/testkey.x509.pem sign/testkey.pk8 FakeBanker.Debug.apk FakeBanker.Debug.Signed.apk           

8. Install Application to your mobile
# adb devices -l 
# adb install FakeBanker.Debug.Signed.apk 

For add some source into app
# mkdir source/src
# unzip -d source/src
Debug Settings
Go to Device Settings -> Select debug app. Also make sure you have Wait for debugger

Create new Java project in Eclipse

1.  create a new Java project and use source as the location of the project

2. Add src folder to build path

3. Check project properties

4. Set breakpoints

5. And run (Switching to debug mode).




If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Aug 26, 2014

Tools: XSScrapy - XSS Testing and Crawing Tool

Unsatisfied with the current crop of XSS-finding tools, I wrote one myself and am very pleased with the results. I have tested this script against other spidering tools like ZAP, Burp, XSSer, XSSsniper, and others and it has found more vulnerabilities in every case. This tool has scored me dozens of responsible disclosures in major websites including an Alexa Top 10 homepage, major financial institutes, and large security firms’ pages. Even the site of the Certified Ethical Hacker certificate progenitors fell victim although that shouldn’t impress you much if you actually know anything about EC-Council :). For the record they did not offer me a discounted CEH. Shame, but thankfully this script has rained rewards upon my head like Bush/Cheney on Halliburton; hundreds of dollars, loot, and Halls of Fame in just a few weeks of bug bounty hunting.
I think I’ve had my fill of fun with it so I’d like to publicly release it now. Technically I publicly released it the first day I started on it since it’s been on my github the whole time but judging by the Github traffic graph it’s not exactly the Bieber of security tools. Hopefully more people will find some use for it after this article which will outline it’s logic, usage, and shortcomings.


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: PHP Secure Configuration Checker script

Among the most tedious tasks of PHP security testing is the check for insecure PHP configuration. As a successor of our PHP Security Poster, we have created a script to help system administrators as well as security professionals to assess the state of php.ini and related topics as quickly and as thoroughly as possible. For later reference, the script is called "PHP Secure Configuration Checker" , or pcc.

  • One single file for easy distribution: In respect to an update process and access restrictions, a single file can be handled easier than a whole web application monster.
  • Simple tests for each security related ini entry: Testing php.ini on a live system is the main aspect of this project. Each entry is supposed to be checked or otherwise actively ignored.
  • A few other tests: pcc is not restricted to php.ini checks. Other ideas can be implemented as well.
  • Compatibility: PHP 5.4 is supposed to work. Older PHP versions are not supposed to be used in the wild anyway.
  • NO complicated/overengineered code, e.g. no classes/interfaces, test-frameworks, libraries, ...: In most cases, a recommendation is based on a simple boolean decision, e.g. is it 1 or is it 0. The corresponding code is supposed to reflect this simplicity. Also, simple code leads to fewer programming errors.
  • Novice factor: The result is supposed to help secure the PHP environment. There is no need to obfuscate, encrypt or hide the code. Even unexperienced developers or system administrators may take a glance at the code - free of charge.
  • NO (or very few) dependencies: pcc is supposed to run in the most simplistic (yet still realistically sane) PHP environment. Writing files and loading bloated library code should be avoided.
  • Safeguards: In order to prevent information disclosure, IP restrictions are implemented, as well as a lock-out mechanism based on the script's modification time.
  • Suhosin: pcc checks the correct configuration of the Suhosin extension.


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: ParanoiDF - Crack PDF Password tool

ParanoiDF is a PDF Analysis Suite based on PeePDF by Jose Miguel Esparza. The tools/features that have been added are – Password cracking, redaction recovery, DRM removal, malicious JavaScript extraction, and more.


These are only the newly added features, not the original peepdf features which can be found here.

crackpw – 

This executes Nacho Barrientos Arias’s PDFCrack tool by performing an OS call. The command allows the user to input a custom dictionary, perform a benchmark or continue from a saved state file. If no custom dictionary is input, this command will attempt to brute force a password using a modifiable charset text file in directory “ParanoiDF/pdfcrack”.

decrypt – This uses an OS call to Jay Berkenbilt’s “QPDF” which decrypts the PDF document and outputs the decrypted file. This requires the user-password.
encrypt – Encrypts an input PDF document with any password you specify. Uses 128-bit RC4 encryption.

embedf – Create a blank PDF document with an embedded file. This is for research purposes to show how files can be embedded in PDFs. This command imports Didier Stevens script as a module.

embedjs – Similiar to “embedf”, but embeds custom JavaScript file inside a new blank PDF document. If no custom JavaScript file is input, a default app.alert messagebox is embedded.

extractJS – This attempts to extract any embedded JavaScript in a PDF document. It does this by importing Blake Hartstein’s Jsunpackn’s “” JavaScript tool as a module, then executing it on the file.

redact – Generate a list of words that will fit inside a redaction box in a PDF document. The words (with a custom sentence) can then be parsed in a grammar parser and a custom amount can be displayed depending on their score. This command requires a tutorial to use. Please read “redactTutorial.pdf” in directory “ParanoiDF/docs”.

removeDRM – Remove DRM (editing, copying etc.) restrictions from PDF document and output to a new file. This does not need the owner-password and there is a possibility the document will lose some formatting. This command works by calling Kovid Goyal’s Calibre’s “ebook-convert” tool.


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Aug 25, 2014

Tools: dos_ssh - BIOS ram hacks to make a SSH server

Use BIOS ram hacks to make a SSH server out of any INT 10 13h app (MS-DOS is one of those)


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.