0x22bb
/
hacktricks
mirror of https://github.com/carlospolop/hacktricks.git
1
2
Fork 0
Code Releases Activity

GitBook: [#3086] No subject

This commit is contained in:
CPol 2022-04-05 21:52:22 +00:00 committed by gitbook-bot
parent 47cc34f54c
commit 8481723d04
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
4 changed files with 106 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
brute-force.md
View File

@ -578,6 +578,8 @@ zip -r file.xls .
```bash
# From https://github.com/Ridter/p12tool
./p12tool crack -c staff.pfx -f /usr/share/wordlists/rockyou.txt
# From https://github.com/crackpkcs12/crackpkcs12
crackpkcs12 -d /usr/share/wordlists/rockyou.txt ./cert.pfx
```
## Tools

2
cloud-security/concourse/concourse-lab-creation.md
View File

@ -27,7 +27,7 @@ helm install concourse-release concourse/concourse
# After the installation you will find the indications to connect to it in the console
# If you need to delete it
helm delete my-release
helm delete concourse-release
```
After generating the concourse env, you could generate a secret and give a access to the SA running in concourse web to access K8s secrets:

99
mobile-apps-pentesting/ios-pentesting/README.md
View File

@ -47,6 +47,94 @@ Read the [Basic iOS Testing Operations](basic-ios-testing-operations.md) page to
It's recommended to use the tool [**MobSF**](https://github.com/MobSF/Mobile-Security-Framework-MobSF) to perform an automatic Static Analysis to the IPA file.
Identification of **protections are present in the binary**:
* **PIE (Position Independent Executable)**: When enabled, the application loads into a random memory address every-time it launches, making it harder to predict its initial memory address.
```
otool -hv <app-binary> | grep PIE # It should include the PIE flag
```
* **Stack Canaries**: To validate the integrity of the stack, a canary value is placed on the stack before calling a function and is validated again once the function ends.
```
otool -I -v <app-binary> | grep stack_chk # It should include the symbols: stack_chk_guard and stack_chk_fail
```
* **ARC (Automatic Reference Counting)**: To prevent common memory corruption flaws
```
otool -I -v <app-binary> | grep objc_release # It should include the _objc_release symbol
```
* **Encrypted Binary**: The binary should be encrypted
```
otool -arch all -Vl <app-binary> | grep -A5 LC_ENCRYPT # The cryptid should be 1
```
#### **Identification of Sensitive/Insecure Funcions**
* **Weak Hashing Algorithms**
```
# On the iOS device
otool -Iv <app> | grep -w "_CC_MD5"
otool -Iv <app> | grep -w "_CC_SHA1"
# On linux
grep -iER "_CC_MD5"
grep -iER "_CC_SHA1"
```
* **Insecure Random Functions**
```
# On the iOS device
otool -Iv <app> | grep -w "_random"
otool -Iv <app> | grep -w "_srand"
otool -Iv <app> | grep -w "_rand"
# On linux
grep -iER "_random"
grep -iER "_srand"
grep -iER "_rand"
```
* **Insecure Malloc Function**
```
# On the iOS device
otool -Iv <app> | grep -w "_malloc"
# On linux
grep -iER "_malloc"
```
* **Insecure and Vulnerable Functions**
```
# On the iOS device
otool -Iv <app> | grep -w "_gets"
otool -Iv <app> | grep -w "_memcpy"
otool -Iv <app> | grep -w "_strncpy"
otool -Iv <app> | grep -w "_strlen"
otool -Iv <app> | grep -w "_vsnprintf"
otool -Iv <app> | grep -w "_sscanf"
otool -Iv <app> | grep -w "_strtok"
otool -Iv <app> | grep -w "_alloca"
otool -Iv <app> | grep -w "_sprintf"
otool -Iv <app> | grep -w "_printf"
otool -Iv <app> | grep -w "_vsprintf"
# On linux
grep -R "_gets"
grep -iER "_memcpy"
grep -iER "_strncpy"
grep -iER "_strlen"
grep -iER "_vsnprintf"
grep -iER "_sscanf"
grep -iER "_strtok"
grep -iER "_alloca"
grep -iER "_sprintf"
grep -iER "_printf"
grep -iER "_vsprintf"
```
### Basic Dynamic Analysis
Check out the dynamic analysis that [**MobSF**](https://github.com/MobSF/Mobile-Security-Framework-MobSF) perform. You will need to navigate through the different views and interact with them but it will be hooking several classes on doing other things and will prepare a report once you are done.
@ -605,7 +693,16 @@ Use the following keywords to check the app's source code for predefined and cus
#### Monitoring System Logs
Many apps log informative (and potentially sensitive) messages to the console log. The log also contains crash reports and other useful information. You can collect console logs through the Xcode **Devices** window as follows:
Many apps log informative (and potentially sensitive) messages to the console log. The log also contains crash reports and other useful information.
You can use these tools:
```bash
idevice_id --list # To find the device ID
idevicesyslog -u <id> (| grep <app>) # To get the device logs
```
You can collect console logs through the Xcode **Devices** window as follows:
1. Launch Xcode.
2. Connect your device to your host computer.

5
mobile-apps-pentesting/ios-pentesting/ios-testing-environment.md
View File

@ -136,3 +136,8 @@ A jailbroken device allows users to **install unapproved apps** and leverage **m
**More information about how to detect jailbreaking** [**here**](https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/jailbreak-detection-methods/)**.**
You can try to avoid this detections using **objection's** `ios jailbreak disable`
## **Jailbreak Detection Bypass**
* You can try to avoid this detections using **objection's** `ios jailbreak disable`
* You could also install the tool **Liberty Lite** (https://ryleyangus.com/repo/). Once the repo is added, the app should appear in the Search tab