In today’s hyper-connected world, our mobile phones are more than just communication tools—they’re personal vaults that store everything from banking details to intimate conversations. But ever wondered, how mobile phones get hacked ? In this article, we will be looking into how we hack any Android Phone. Why Android ? Android is the most popular […]
In this article, we will look into Steganography, which is the “art of hiding” information in plain sight. But, lets understand steganography first. What is Stegnography ? Steganography is a fascinating technique that involves hiding secret messages within other forms of media, such as images, audio files, or videos. Imagine writing a note in invisible
In today’s digital landscape, the quest for anonymity has become a critical aspect of hacking culture. As Hackers navigate an increasingly monitored online environment, they employ a variety of sophisticated tools and techniques to conceal their identities and evade detection. Working of Proxies and TOR: One of the them is the use of proxies. A
In July 2024, Reputed Cybersecurity blog Bleeping Computer reported that how the latest version of WhatsApp for Windows lets Python and PHP scripts to execute without any warning. The similar issue was also found in Telegram in April which was later patched, where attackers can execute malicious python file with .pyz extension to get access
In recent weeks, cybersecurity researchers at various companies spotted a new type of phishing attack involving those pesky re-captchas. Originally, reCAPTCHA is a security tool designed to differentiate between human users and automated bots on websites. However, hackers in the wild were using them to social engineer the victim and run malicious powershell scripts on the target systems. Let’s see
In this walk through, we will be going through the Sync room from Vulnlab. This room is rated as Easy on the platform and it consist of abuse of rsync service to download site.db database which reveals hash of user triss that have to be made compatible for cracking for hashcat. Cracking it reveals the
In this walk through, we will be going through the Media room from Vulnlab. This room is rated as Medium on the platform and it consist of abusing of file upload functionality by creating documents to capture user NTLM hash, cracking it will give us initial access to the target. For Privilege Escalation, abuse of
In this walk through, we will be going through the Hybrid (Chain) room from Vulnlab. This room is rated as Easy on the platform and it consist of exploitation of RoundCube Webmail Markasjunk filter plugin via a known POC to get the initial shell on the target. Post that, lateral movement have to be done
In this walk through, we will be going through the Feedback room from Vulnlab. This room is rated as Easy on the platform and it consist of exploitation of Log4shell vulnerability to get initial access on the target. For privilege escalation, used the admin password found in tomcat-users.xml file to get root. So, let’s get
In this walk through, we will be going through the Data room from Vulnlab. This room is rated as Easy on the platform and it consist of dumping of grafana DB using CVE-2021-43798 which reveals the hash password of user boris that have to crack using hashcat to get initial access on the target. For
