___  ____ ____ _  _ ____ ____    _  _ ____ _  _ ____ ____    ____ ____ ____ ___ ____ ____ _   _ 
|__] |  | |  | |\/| |___ |__/ __ |\/| |__| |_/  |___ |__/    |___ |__| |     |  |  | |__/  \_/  
|__] |__| |__| |  | |___ |  \    |  | |  | | \_ |___ |  \    |    |  | |___  |  |__| |  \   |  
                                                                                                
 

Intercepting webpage elements via terminal emulator

Yes,its possible. Terminal can also these kind of stuffs. It can also intercept webpage elements. Same as like a browser could do in a PC.There are also  some other easy way to get those. Simply by going to validate.w3.org



An other alternative way is by downloading apps like 'VT Source Viewer'.

But think about the terminal window with that cheeky green window. I just love to have it.


We are using 'wget' command. And if you are unaware of wget command. Just open terminal and type


'Wget -h'      Without quotes




In this demonstration I am taking




www.amazon.in    
which doesn't have HTTPS at current moment.

Amazon. In is a popular online shopping platform. And I'm still laughing by seeing that 'Amazon.in' doesn't have  SSL.

Alright now, just open terminal. You don't need any root  access to do this stuff. And which is good.

Now type

Wget -qO- http://www.amazon.in/gp/aw/h.html/259-9514595-1626805?ie=UTF8&pc_redir=1496144718




The -q means 'quiet'


And -O means 'save the file'. Also the 'O' should be a big letter 'O'

Here we need these both.

After this command,  
 Wget -qO- http://www.amazon.in/gp/aw/h.html/259-9514595-1626805?ie=UTF8&pc_redir=1496144718

You will get the complete source code of a website with nothing to hide ;-)



Also try this one

http://www.amazon.in/Raspberry-Pi-100437-Model-B/dp/B00LPESRUK


But let's have a look of
 Wget -qO- https://www.facebook.com




"you don't have the permission to get into this directory ,Access denied."




And what you got?

"Connection rest by peers". And if you notice the output very clearly, you could see something like SSL helper connection reset by the peers.
Which I already mentioned about it. In this case, the server has sent you a RST packet, which indicates an immediate dropping of the connection, rather than the usual handshake. 

But this problem is specific for BusyBox version of Android. You could use Wget in Your Termux by

pkg install wget -y
And Start intercepting elements as I said above. Most BusyBox version modules seems bit outdated. That's the reason. 

Happy hacking!

Hacking into android platform by exploiting sqlite database

I had already told you how to access SQLite databases on Android in my previous article. Here in this article, we will have a look how we can exploit those databases to gather more sensitive informations.

I felt very interesting by playing around with SQLite databases in Android and it also gives me some knowledge about how android handles databases.



Among these databases, there are some highly sensitive information such like

Lockscreen.db

 Browser session ,

browser histories,

 images loaded by the browser and more.




We can also penetrate into apps that are installed on our device to change its value and some legitimate informations too.

For example: I know some guys who where using apps like 'GameGuardian'  to hack   game scores.

We doesn't need those apps to change game values if we have access to SQLite databases. But need Root Privilege.

We can just go into the databases and change things like how game Guardian does in games.

We can change every single information in that game more than any other game hacking application does.

Now let's get into the matter.
Assuming you all read previous post.

Now,Go-to

/data/system/users/0/accounts.db

Go here to read​ it.

 Here we could notice the cryptographic versions of your E-Mail/G-Mail app password.

This is because I already told you every  information of an application if stored by Android In it's library.


But, the interesting part is, if you are navigating by using Android version 2.3
You can see the, the account password are stored in a plain text without properly encrypting it in cipher text.

[See the screenshot below]



But I couldn't find this vulnerability in latest versions​ of Android.

This vulnerability becomes very dangerous if your device is rooted. If someone got physical access to your device ,he can just go to your root directory and he can pull out your passwords easily. Because of the reason that it is in plain text mode.

My next target is the internet browsers those are installed on our device.



/data/data/com.exapmple.browser/databases/example.db



Here you could find all informations regarding your browser. This includes history ,bookmarks, images that you had loaded , images that you have downloaded, web searches, browser updates, saved passwords, web sessions , cookies and lot more.

Here you can see an example of sessionID of a browser in my device.



But realistically we have no use with someone's session sometimes . Because session ID is not always meant to be a permanent one . It keeps changing all the time when you logged out from your account. Also each time when you disconnect your Internet connection as well.

Yes but sometimes it does the job. If someone compromise your web browser and steal the session,also if you are still not logged out from your account, your session is still active in the server. There is a specific expire  time for each sessionID. So the someone can easily use those session to make a login to your account.



Our method will be helpful for you if your friend's device is rooted. If you got physical access to that device, you can grab those session ID for a making a successful login.


Notice:_)

I will not support these kind of malicious activities in someone's account.  This is really a punishable offence and the rest of your life would end up in jail.  So be aware of the consequences!



Did you ever got thinking like, where are your Google profile photos and other photos that you had uploaded to your account stored in local device as cached?



Let's take an example of Gmail apps in your Android device when you're looking at your email account you can see your profile photo on on that Gmail app and this photo is stored on Google server. 



The URL of your photo is stored on your Gmail app's database folder. Which is not a really big deal. Because, every app does this thing in the same way itself.

That is what you can see in the below  screenshot. Those are my email accounts. And straight to it, we can also see my profile photos URL. I just explained this thing just to make you understand how an app handles the file source.

Let's now talk about password.key file which is stored in

/data/system/password.key
This is a mixture of  SHA-1 and Message Digest5 (md5)  to ensure integrity.
Because of this ,the salted form of password. key can be found in password_salt.key.
Take a look at the following code to understand perfectly.



The password_salt.key is stored in

/data/system/com.android.Providers.Settings/databases/settings.db



Open settings.Db to find password_salt.Key

See below to understand how to provides integrity. 👇

-----------++----------+++--------+++-- -----------++----------+++--------+++-- -----------++----------+++--------+++--


public byte[] passwordToHash(String password) {
        if (password == null) {
            return null;
        }
        String algo = null;
        byte[] hashed = null;
        try {
            byte[] saltedPassword = (password + getSalt()).getBytes();
            byte[] sha1 = MessageDigest.getInstance(algo = "SHA-1").digest(saltedPassword);
            byte[] md5 = MessageDigest.getInstance(algo = "MD5").digest(saltedPassword);
            hashed = (toHex(sha1) + toHex(md5)).getBytes();
        } catch (NoSuchAlgorithmException e) {
            Log.w(TAG, "Failed to encode string because of missing algorithm: " + algo);
        }
        return hashed;


-----------++----------+++--------+++-- -----------++----------+++--------+++-- -----------++----------+++--------+++--

data/system/com.android.Providers.Settings/databases/settings.db ☝



Video Tutorial:- 👉 https://youtu.be/QQUX7brNECo


I am not explaining how you can crack those files. It's not our subject here!


So let me conclude this article I hope you got how our Android handles databases.

There are still many portions to complete but I am concluding with this. You can learn in deep about Android databases from other sources.
Happy Hacking;-)


A way to access sqlite databases of Android​ platform

Lets have a small look at Android internal structure.


Android comes with a different  architecture.

Android library consist of

*surfaces manager
*ssl
*sql

And more.

But the way that android stores an application's data is through sqlite database. It executes through dvm  and essential application's data are stored in the form of sqlite.

NOTE: We are not  deeply diving into exploit SQL databases. This is just a tutorial on how you can access the databases.Anyway,I will prepare a new article on how to exploit SQL Lite databases on Android.

just download  'sqlitemanager' app for android.

https://play.google.com/store/apps/details?id=dk.andsen.asqlitemanager&hl=en


You can find these database files in this directory.

/data/data/com.example.apk/databases

Or you can also access it via

/data/system/user/0/com.example.apk/databases


Before getting any further, there is a prerequisite. You need proper root access to do this stuff. Else you should find some other various methods for getting into those databases. You could also do it by decompiling in a PC.

 For this procedure, we are using our android device.



Now, open the app and allow root access. Then;
Navigate to the database folder that i had already mentioned. You can only open the files which have the extension .db



For eg: db.database, password.db

And from there,open and edit those sqlite datas and save it. By this way, you can hack some datas of applications. Specifically,game scores and more. Anyway I am making an article regarding that.

For more, follow this post.  I'll soon post the updated version of this post. 
Happy Hacking;-)

Create an awesome Navigation Bar using Html & Css

Welcome to yet another coding section of 'pro coding'.


On this article,we are showing you 'how you can create a 'Navigation Bar' using 'HTML & CSS'
I think you all guys are aware about a navigation bar on a website.
When we are getting one to our website,you can notice some categories at the main top (header) which contains options like 'DISCLAIMER,PRIVACY & POLICY' and so more. 



So here, we are making a navigation bar using HTML & CSS,.
So follow my steps carefully to complete the tutorial.
Now, I will explain the whole code and describe it step by step :-)

The following is for making the navigation bar in row format.

















After the HTML files, you might notice a tag 'Ul' before opening the the open brace.
Well, this 'ul' tag denotes the un-odered list.
For example,

  • unordered list
  • disposed
  • bin mailbox
  • menu list


This code contains 'ul' tag will make the following result

*unordered list
*Disposed
*Bin mailbox
*Menu list

So these functions are made using this ul tag. 
I hope you understood why I put 'ul' tag above.
The 'li' tag is mainly using for line breaks.

The second property is ' list-style-type: none;'
Well,we can say this is a useful property to avoid unwanted letters with a dark dot.

If you remove this line. You could  see a black dot in the option 'home'
So for avoiding this ,we use 'list-style-type' as none.

The margin and padding is 0;
Because,we are planning the navigation bar at the top.
So set the margin=0 and padding=0;

When coming to the next section,you are able to see
'Float'. Well,this float decides the position of our elements. If it is a text,image,video or whatever it is. If you set float="left"; or right. The position changes.

*Display:block;
This tag has the ability to give shape to our navbar rows.

This will make the options as a section of blocks very clean. For putting our stuffs in a block,we are using 'block'.

*    text-decoration: none;

To avoid underline  on the letters we type ,we must use 'text-decoration'.
Probably, its a must line to learn. In this case ,if you type a name without declaring
text-decoration: none;
The letter you enter will be shown as underlined.

Now, we can move to next line.
View the below code.

active {
    background-color: #4CAF50;

Here we are making a navigation bar contains some options like 'home,News,contact..,'
So if you wanna make a button or a function (home, contact..) as active. It will the active and default option. In case ^ here, 'Home' is our active function.

For making that function active,we normally declare

Active {

The colour code #4CAF50 represents 'GREEN' color.
You could also  declare the color in alphabet instead of color code by removing the # tag before declaration. In normal , color code is used as well.



Now we have successfully declared the properties of the functions. And now we can declare the needed tags to apply this function to it.

So,close the tags you opened. Now it's the time to give preferd link to the functions.

  • Contact


  • href="#"

    In place of the # symbol, you can give your link. And that's all. Give links as you like and finally close everything.

    Atlast, save the code in .html format and open it with a browser.
    And there you will notice a beautiful navigating bar at the top. You definitely gonna love this.

    If you have any questions regarding this, you can comment below.


    Setup ApkTool environment on android for apk reverse engineering

    Apktool is a utility available on android for compile/decompile android applications.

    It can extract dex (dalvik executable codes into) codes into smali (human readable form of dex code)

    For viewing dex/smali codes. You need to open those files with 920 text editor. It's my personal editor and I love it.


    Download 920 text editor here

    https://play.google.com/store/apps/details?id=com.jecelyin.editor.v2&hl=en




     Anyway, I'm thanking the developer of this app. You can meet him on xda.


    For setting apktool,there is a prerequisite.
     You can only configure this app only by allowing Root access. And this is one of the main benefits of having root previlage :-)
    If you already have it,just skip this words.


    So lets start by downloading Apktool. You can download it from here.


    https://code.google.com/archive/p/apktool/downloads?_e_pi_=7%2CPAGE_ID10%2C4820948118

    This is a zip file,so extract  it in your root directory of your default  storage.

    For eg:

    In your android,goto storage option and check which is the 'default writing disk'. Normally it is phone storage /mnt/phonestorage /apktool would be the folder location if your writing disk is phone.

    And /mnt/sdcard/apktool would be the storage folder location if the storage is sdcard.

    So extract it in root of the storage,not in any sub folders as I already mentioned.

    Now Inside the folder,there is an application called 'Apktool.apk '

    Install it!

    Then open the app and allow root permission.

    This time,goto any filemanger which can navigate through system files. I personally recommend 'ES File Explorer '.



    NOTE:You should enable root explorer on the filemanger by going through the settings.

    Now goto /system/framework/framework.Apk

    Now,just copy framework.apk  and paste it on your Apktool folder that you had created.




    After pasting it,open Apktool and just tap on framework.apk.  Then you will see an option  'import as framework'.

    Select that option.

    You are almost done now.

    The last step is about to paste an apk to your working . Done! Now you can just tap on the app and select the option 'decompile all'.

    Now,a folder will be newly created. Basically, it is the folder associated with the decompiled apk.




    Now you can just browse on to the folder and make changes.

    After making proper changes,tap on the decompiled folder and select 'Recompile All'.

    Before, installing our modified application, we need to sign the apk.

    For this,just tap on the recompiled apk and press 'sign apk'.

    After signing it,you could see a new apk named as 'example.apk_src_sign apk'.
    Install  this file. That's it.  You have now your app work station in your android.

    Doubts ? Comment below!

    [Solution] Couldn't sign in to Google account on android





    Past  week,one of my friends assisted me for fixing an error in his phone.
    The problem was about, he wasn't able to connect to Playstore or Gmail on his android phone.



    Also,There was a pop up saying ''connection problem,try later ''.
    But after sometime I figured out the solution. And I'm really glad to share it. 


    can't connect to google,or cant sign in'.
    Why is it so?




    Well, there are few reasons for this trouble. First reason would be because you might have removed Google Play Service for some reason.

    Second reason would be because your Google Play Service might be outdated.  Try upgrading it.



    And If you're are having any system cleaner, make sure Play Service is in the white list itself. 

    Root HTC desire 526G/G+ Kikat version

    Warning:Rooting your android device might cause several issues.This will scramble your android device's inbuilt security .Also you will not get any further OTA update from officials.Do at your own risk!




    Requirements for Rooting htc 526G/G+

    *)Battery above 10% ;-D

    *)Good internet connection


    :And more Likely,Patience ;-)

    Lets start by downloading 'KingoRoot' app.

    NOTE:THIS IS 'KINGOROOT' APP.WE ARE NOT USING 'KINGROOT'.

    Download KINGOROOT APP from here

    https://www.kingoapp.com


    Now enable your internet.
    Simply open the app. And hit ROOT NOW!

    This time,you might probably see a popup showing,

     "There is no root files available for your device"

    But,
    We don't have to care that popup. Just hit 'continue anyway'



    Note:This process will take more than a time of minimum 10Minutes!




    Don't minimize this task or don't interrupt this. Keep the screen turned ON if possible.



    After sometimes you will see the successful notice saying "Rooted Successfully"



    Now go reboot your device.This step is mandatory.



    After the reboot ,you could see the 'Super user' app.


    Which means you have successfully gained super user access.


    That's it! ATB!
     
     

    About Me | Sub to RSS | E-Mail | Podcasts

    Copyright © techcraft.tk a.k.a blog.bensh4.tk
    Twitter
    GitHub
    CyberHunk