Once It's Ready

Security matters

Get WPA handshake from a big CAP file

To extract WPA handshakes from the CAP files it is possible to use tshark or wireshark.

Apply this filter and save displayed only packets.

eapol || wlan.fc.type_subtype == 0x04 || wlan.fc.type_subtype == 0x08

For Wireshark then do File -> Export Specified Packets and select to export displayed only

For Tshark the …

Getting process ID without netstat on BusyBox

Busybox used in embedded software, has limited Linux tools on board. And some of them are also limited.

I faced with an issue getting a process which listens a port 1232 on the device. netstat didn’t have -p key.

However, there is a workaround to get this information:

Getting …

eCos ROMFS unpacking

The Embedded Configurable Operating System (eCos) is a real-time operating system intended for embedded systems and applications which need only one process with multiple threads.

The one part of this OS is the ROMFS file system. Don’t be confused with much more common romfs which is used in linux …

Binary comparison script for more than two files

If you work with binary data sometimes you need to find repeatable patterns in more than two files. This simple tool may help.

import sys, os

def checkEqual(iterator):
   return len(set(iterator)) <= 1

def cInt(a):
    return int.from_bytes(a, byteorder="little")

if __name__ == "__main__":
    filenames = sys.argv[1 …

Skype IP disclosure and its practical application

I have been using Skype for around 5 years. I remember, when the last time I looked on it through Wireshark, I found that there was not direct connection between me and the other side.

It seems some time back things changed.

Now Skype creates P2P connections when calling, so …

Hijacking Windows hotkeys with .lnk file or Old horse raids

How often you use hotkeys such as ctrl+c, ctrl+v, ctrl+s, etc?

What if one day your favorite combo will do something you not expect like launching a trojan horse or dumping all passwords to the network?

Well, it is possible without special software, I have to say …

Embedding reverse shell in .lnk file or Old horse attacks

Many years back .lnk files used for causing problems. It was the one from working horses that days. Then Microsoft had released a patch, and the .lnk was forgotten. But sometimes even old horses can bite.

Generally, it is too phishy to send a .ps1 file to someone asking him …

Modification APK with apktool

Some companies have their own internal applications for android devices. Plenty of these applications never leave company’s servers and installs manually on devices. Well, very tasty target.

Modification procedure is simple with apktool.

Preparations on Debian:

sudo apt-get install apktool aapt

At least for my version of apktool Apktool …

Cross-browser manipulation in social engineering

Social engineering is a real problem. There is a way of how you can be hacked just opened a link you got on your email.

Let’s say you use your corporate web mail agent. You got an email with a link. There is a very easy way to fool …

Zoho's ManageEngine XSS zero-day

For my own surprise I can publish an information of zero-day I revealed almost half of the year back again.

Now there is “Zoho’s ADmanager plus, build version before 6281”. A reflected-XSS vulnerability can be found in adsearch.cc script. Vulnerable parameter is searchType.

Proof of Concept

An exploit would be like …