Posts

Showing posts with the label hacking

Taking over Facebook Page Tabs

Image
In this post, I'm describing how I was able to take over 4 tabs on Facebook's own Pages.

1. Facebook India Ambassadors
I was browsing Facebook as usual and not in a mood to test anything. I then visited Facebook India's page to check is there any update from Facebook India and that's when I noticed a page tab Facebook India Ambassadors. I clicked on it to see Facebook India's Brand Ambassadors and the tab showed a heroku error page. I was surprised to see that there.It looked interesting to me so I decided to dig further. I found out that it loads a third party website in an iframe in main section.

The url was http://immense-atoll-4159.herokuapp.com/ and I visited the url directly to verify that the subdomain doesn't exist. Heroku shows a does not exist error page if the subdomain doesn't exist.





So I logged into my Heroku account and created a new project and give immense-atoll-4159 as project id. Then I created a simple NodeJS Script for PoC and deployed it to…

Awww!!! It's *Public* Service Commission.....

Image
In this post, I'd like to talk about multiple issues I found on a website owned by Kerala Public Service Commission. The issues here are otp bypass to achieve IDOR. For those who don't know what's IDOR, quoting from OWASP "Insecure Direct Object References occur when an application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources in the system directly".

The site url is `https://mailer.psc.kerala.gov.in/KPSCAptitudeTest/home`, which is a temporary site they've opened for the Aptitude Exam for engineering students.









How the site worksStudents can register for the aptitude exam by providing following details : College ID card number, Mobile Number, Email, Name, Address, College Name, Desired Center Name and the photographs of themself, signature and id card.
Question : This is for engineering students. What I'm doing there?




We're everywhere. In this case,…

Setting up your environment for Hacking - Part 1 : Tools

Image
Hello everyone,

In previous posts, I gave you introduction on XSS, one of the vulnerability. In case if you missed it, you can read it here

Introduction to XSS

Hands on | Google XSS Game




The above 2 posts are well reached and I got lots of mails and facebook messages asking "Can you teach me hacking".

Most of the people are noobs and they don't know how to hack or what is hacking. So, In this and the next few posts, I am going to tell you about setting up your environment for hacking (or) to learn hacking.

In this post, I am talking about the common tools used for hacking. Don't worry. They're open source and you can get it for free.

1. FireFox

Firefox is a web browser you must have to perform testing against websites and web applications. Firefox is not as interesting as chrome but it does have lots of add-ons which help us to test against a target. I'll tell about them later.

Visit Firefox Official Page  |  Download Firefox Web Installer





2. Python

Python is a programm…

Bug in Facebook OAuth. Convert facebook test account to real account in instagram/ oculus

Image
Facebook Provide you the ability to create test accounts for white hat testing. You can create it by visiting the url facebook.com/whitehat/accounts.

Facebook wants you to test for security issues using test accounts only and if you're unable to reproduce an issue with a test account, then it is okay to use a real account you own or you have to get permission from the account owner. Adding Facebook implemented certain limitations for the test accounts.

I stuck with the last one. Can't convert to a real user account. Ok let's try it.

I tried for about a day in different ways like using the fake email at account recovery system and so on but failed.

I was like






And then I thought that I might find a way abusing facebook oauth system with test accounts. Navigated to few sites which allows login with facebook.

But when I tried login with facebook, It shows an error. Oops!! again screwed.

Then I decided to stop there and went to bed because it was 3 AM at night. In the next day, …

Download Guarded Profile Picture From Facebook

Image
Facebook recently introduced a feature called Profile Picture Guard. It protect others from downloading your profile picture. If you want to know more about it, you can read it here Profile Picture Guard | Facebook Help.

When turning on Profile Picture Guard, Facebook assure you that no one else can download your profile picture. Really??? 😆😆😆 Never!!!

I worked some time on it to see how can I bypass this restriction. Tried calculating the url to cdn but it requires a signature to access the file. Tried to view image and change dimensions and the result is negative.

What's next?

Think out of the Box.





I think I should leave it and change my target first. Then I decided to test it from my another account to check is there a way to bypass it.

Opened the profile picture and copied the url. Then I opened incognito to login to other account. Went to the url that I copied earlier and I was about to type my username and password in the login form at the top of page. Suddenly a pop up ca…