GitBook: [#3086] No subject

2024-11-15 01:17:36 +00:00 · 2022-04-05 21:52:22 +00:00 · 2022-04-05 21:52:22 +00:00 · 8481723d04
commit 8481723d04
parent 47cc34f54c
4 changed files with 106 additions and 2 deletions
--- a/brute-force.md
+++ b/brute-force.md
@ -578,6 +578,8 @@ zip -r file.xls .
 ```bash
 # From https://github.com/Ridter/p12tool
 ./p12tool crack -c staff.pfx -f /usr/share/wordlists/rockyou.txt
+# From https://github.com/crackpkcs12/crackpkcs12
+crackpkcs12 -d /usr/share/wordlists/rockyou.txt ./cert.pfx
 ```

 ## Tools
--- a/cloud-security/concourse/concourse-lab-creation.md
+++ b/cloud-security/concourse/concourse-lab-creation.md
@ -27,7 +27,7 @@ helm install concourse-release concourse/concourse
 # After the installation you will find the indications to connect to it in the console

 # If you need to delete it
-helm delete my-release
+helm delete concourse-release
 ```

 After generating the concourse env, you could generate a secret and give a access to the SA running in concourse web to access K8s secrets:
--- a/mobile-apps-pentesting/ios-pentesting/README.md
+++ b/mobile-apps-pentesting/ios-pentesting/README.md
@ -47,6 +47,94 @@ Read the [Basic iOS Testing Operations](basic-ios-testing-operations.md) page to

 It's recommended to use the tool [**MobSF**](https://github.com/MobSF/Mobile-Security-Framework-MobSF) to perform an automatic Static Analysis to the IPA file.

+Identification of **protections are present in the binary**:
+
+*   **PIE (Position Independent Executable)**: When enabled, the application loads into a random memory address every-time it launches, making it harder to predict its initial memory address.
+
+    ```
+    otool -hv <app-binary> | grep PIE   # It should include the PIE flag
+    ```
+*   **Stack Canaries**: To validate the integrity of the stack, a ‘canary’ value is placed on the stack before calling a function and is validated again once the function ends.
+
+    ```
+    otool -I -v <app-binary> | grep stack_chk   # It should include the symbols: stack_chk_guard and stack_chk_fail
+    ```
+*   **ARC (Automatic Reference Counting)**: To prevent common memory corruption flaws
+
+    ```
+    otool -I -v <app-binary> | grep objc_release   # It should include the _objc_release symbol 
+    ```
+*   **Encrypted Binary**: The binary should be encrypted
+
+    ```
+    otool -arch all -Vl <app-binary> | grep -A5 LC_ENCRYPT   # The cryptid should be 1
+    ```
+
+#### **Identification of Sensitive/Insecure Funcions**
+
+*   **Weak Hashing Algorithms**
+
+    ```
+    # On the iOS device
+    otool -Iv <app> | grep -w "_CC_MD5"
+    otool -Iv <app> | grep -w "_CC_SHA1"
+
+    # On linux
+    grep -iER "_CC_MD5"
+    grep -iER "_CC_SHA1"
+    ```
+*   **Insecure Random Functions**
+
+    ```
+    # On the iOS device
+    otool -Iv <app> | grep -w "_random"
+    otool -Iv <app> | grep -w "_srand"
+    otool -Iv <app> | grep -w "_rand"
+
+    # On linux
+    grep -iER "_random"
+    grep -iER "_srand"
+    grep -iER "_rand"
+    ```
+*   **Insecure ‘Malloc’ Function**
+
+    ```
+    # On the iOS device
+    otool -Iv <app> | grep -w "_malloc"
+
+    # On linux
+    grep -iER "_malloc"
+    ```
+*   **Insecure and Vulnerable Functions**
+
+    ```
+    # On the iOS device
+    otool -Iv <app> | grep -w "_gets"
+    otool -Iv <app> | grep -w "_memcpy"
+    otool -Iv <app> | grep -w "_strncpy"
+    otool -Iv <app> | grep -w "_strlen"
+    otool -Iv <app> | grep -w "_vsnprintf"
+    otool -Iv <app> | grep -w "_sscanf"
+    otool -Iv <app> | grep -w "_strtok"
+    otool -Iv <app> | grep -w "_alloca"
+    otool -Iv <app> | grep -w "_sprintf"
+    otool -Iv <app> | grep -w "_printf"
+    otool -Iv <app> | grep -w "_vsprintf"
+
+    # On linux
+    grep -R "_gets"
+    grep -iER "_memcpy"
+    grep -iER "_strncpy"
+    grep -iER "_strlen"
+    grep -iER "_vsnprintf"
+    grep -iER "_sscanf"
+    grep -iER "_strtok"
+    grep -iER "_alloca"
+    grep -iER "_sprintf"
+    grep -iER "_printf"
+    grep -iER "_vsprintf"
+    ```
+
 ### Basic Dynamic Analysis

 Check out the dynamic analysis that [**MobSF**](https://github.com/MobSF/Mobile-Security-Framework-MobSF) perform. You will need to navigate through the different views and interact with them but it will be hooking several classes on doing other things and will prepare a report once you are done.
@ -605,7 +693,16 @@ Use the following keywords to check the app's source code for predefined and cus

 #### Monitoring System Logs

-Many apps log informative (and potentially sensitive) messages to the console log. The log also contains crash reports and other useful information. You can collect console logs through the Xcode **Devices** window as follows:
+Many apps log informative (and potentially sensitive) messages to the console log. The log also contains crash reports and other useful information.
+
+You can use these tools:
+
+```bash
+idevice_id --list   # To find the device ID
+idevicesyslog -u <id> (| grep <app>)   # To get the device logs
+```
+
+You can collect console logs through the Xcode **Devices** window as follows:

 1. Launch Xcode.
 2. Connect your device to your host computer.
--- a/mobile-apps-pentesting/ios-pentesting/ios-testing-environment.md
+++ b/mobile-apps-pentesting/ios-pentesting/ios-testing-environment.md
@ -136,3 +136,8 @@ A jailbroken device allows users to **install unapproved apps** and leverage **m
 **More information about how to detect jailbreaking** [**here**](https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/jailbreak-detection-methods/)**.**

 You can try to avoid this detections using **objection's** `ios jailbreak disable`
+
+## **Jailbreak Detection Bypass**
+
+* You can try to avoid this detections using **objection's** `ios jailbreak disable`
+* You could also install the tool **Liberty Lite** (https://ryleyangus.com/repo/). Once the repo is added, the app should appear in the ‘Search’ tab