Court of Analysis and Testing

Ever since 2017, python programming language had a steady increased of popularity not just in the area of data analysis but in penetration testing. If you try to look into one of the famous websites for penetration testing, "exploit DB" you can sense that programming language that usually used to create ax exploit is either ruby, c or python. So in this post, I'm going to show you how you can implement python into your pentesting project. We are going to create your own password Linux cracker with python. Background: Before we go to the actual coding, let me explain it to you about some fundamental concepts: First, we need to know how Linux stored its password. Originally, Linux stored its own password in two different file one is located at "/etc/provides" which is contained the username (every user inside the operating system can see inside of the file ) and the other one which is located at "/etc/shadow" contained the actual password bu...

Hey guys its been a while since i update my blog about android security. I've been busy to take care university stuff. So because i have spare time it is time to solve some android crackme challenge from github. You can check it at: https://github.com/reoky/android-crackme-challenge if you check inside the github you notice the owner provided us with 8 challenges. In this post, i'm going to talk about first four challenge and the next part is going to be the rest NOTE: to solve this challenge i use androguard in docker environment Overview of the challenge: Challenge One : A file will be created within the application's sandbox boundaries. You must extract its contents. Challenge Two : Builds on challenge one, data gets dumped to Logcat, and may need search engine foo. Challenge Three : This app searches a webpage for a string. Go on your own network and insert the string with a man-in-the-middle attack.  Challenge Four : The app unlocks only wh...