Thursday, June 9, 2016

When sqlite3 is unavailable

Sometime we come across cases, where sqlite3 is not available on the android device and we are stuck with pull and push of sqlite3 from emulator or our client machine to the android device.
I saw a lot of articles around using adb to pull and push the sqlite3 binray. Nothing worked for me due to some reasons.
I tried to the following effective way:

1. Install SFTPserver app on your android device. Configure and run it.
2. Install some SFTP client at your client machine, I used Cyberduck at my Mac.
3. The twist was, even I was able to connect to the android device files and folders, was not able to read the Data folder where the SQLite database resides., including other folders. Then either you should install a SFTP server with root privileges, maybe that was the reason behind above.
4. So, in this case, I did an ssh to my android device, (use ssh server on the android device and run it).
5. Run the cat /data/data/package_name/.../example.db > /sdcard/example.db
6. Now access the db file using Cyberduck on your client machine (Mac).
7. Open the db file using any sqlite browser at Mac.

That's it.

Wednesday, June 8, 2016

Warning: Remote Host Identification Has Changed error and solution

Ok, let me admit, I trapped in this issue again. This time the old remedy of running ssh-keygen -R did not work. Phew!

I did this :
went to cd /Users/nilesh/.ssh/ at my client machine and removed the following files:

known_hosts and known_hosts.old


Ran the ssh command once again, it asked for new RSA keys, accept it and the client machine would be added into list of new hosts.

And you are done. Now ssh connects properly.

Sunday, May 29, 2016

Nice read about hacking with SWIFT

https://www.theguardian.com/technology/2016/apr/26/international-bank-transfer-system-hacked-swift-group-admits

Tuesday, April 19, 2016

Provision file installation error- ios security testing-0xe800801a

Sometimes we get provision file along with the original ipa file for installation and security testing of ios apps. Earlier during old versions of ios such as 4  or5 we used to have a tool called iphone configuration utility tool which was used to provision the file. Now Apple has deprecated the utility so we have to install both using itunes.
Recently I faced repeated errors while trying to install provision file. Very similar to this:



This happens when you get the provision file through emails, which gets corrupted due the mail server issues, which throws the above error when trying to install. So the solution is it to ask the project team to send it again in zipped format- this solved my error.



Tuesday, March 1, 2016

When you face error while installing Drozer

Finally after doing  a lot of research while getting while getting the following error while installing Drozer on OSx/ linux:

"The following error occurred while trying to add or remove files in the
installation directory:

    [Errno 13] Permission denied: '/Library/Python/2.7/site-packages/test-easy-install-3959.pth'

The installation directory you specified (via --install-dir, --prefix, or
the distutils default setting) was:

    /Library/Python/2.7/site-packages/

Perhaps your account does not have write access to this directory?  If the
installation directory is a system-owned directory, you may need to sign in
as the administrator or "root" account.  If you do not have administrative
access to this machine, you may wish to choose a different installation
directory, preferably one that is listed in your PYTHONPATH environment

variable................"

This happens due to the fact that you don't have root permissions or write privileges. So, to enable root privilege:

$ dsenableroot

And then ,

sudo easy_install

and you are done! Phew!! :)

Wednesday, February 24, 2016

Solving sshDroid warning

During one of the recent android pentest, I was required to install sshDroid, a very popular ssh server meant for Android device. For few hours it worked fine until the next day, I encountered the following nasty error: "Warning: Remote Host Identification Has Changed!......"

I know I had messed up it somehow so getting that message. So I found a way to do away with this:
Run the following command from your client terminal:
ssh-keygen -R

Once that is done, do an ssh again to the remote host:

ssh username@remotehost port (optional)

And we are done. Happy hacking!