Jump to content
×
×
  • Create New...

Mr.Shell

Owner
  • Posts

    39
  • Joined

  • Last visited

  • Days Won

    19

Mr.Shell last won the day on November 16 2021

Mr.Shell had the most liked content!

6 Followers

About Mr.Shell

  • Birthday 01/20/2000

Recent Profile Visitors

1,029 profile views

Mr.Shell's Achievements

Enthusiast

Enthusiast (6/14)

  • One Month Later
  • Reacting Well
  • Collaborator Rare
  • First Post
  • Week One Done

Recent Badges

81

Reputation

  1. Edit all your topics that you have posted and comment out the syntax so that community members can understand well and pls do that asap. 😄💯 @schmeckmo
  2. Pls @schmeckmo could you comment out your scripts that you have posted so that other community members can understand well. 💯💯
  3. How much Python is important for Bug-Hunting, Pentesting & Scripting. Watch this video to know more about it. 🤙💯🆒 Credit - @Pentest With Rohit
  4. AWS PENETRATION TESTING PART 1. S3 BUCKETS - Amazon Web Services (AWS) provides some of the most powerful and robust infrastructure for modern web applications. As with all new functionality on the web, new security considerations inevitably arise. For penetration testers, a number of AWS services can pose obscure challenges at times. In this series of blog posts, we will discuss AWS services in detail, common vulnerabilities and misconfigurations associated with them, and how to conduct sufficient security tests for each service with the aid of automated tools. This article is intended to be used by penetration testers with our AWS BurpSuite extension to easily assess the security of AWS S3 buckets. We’ve released our BurpSuite plugin AWS Extender which can identify and assess buckets discovered from proxy traffic. It also has been extended to identify identity pools, and Google Cloud and Microsoft Azure services as well. Download: The AWS Extender Burp Plugin Download: The AWS Extender CLI AMAZON SIMPLE STORAGE SERVICE (S3)- Amazon S3 is an extremely popular object storage service that provides scalable storage infrastructure. And despite the possibility of hosting static websites, S3 by itself does not support code execution or any programmatic behavior. It only provides storage through the REST, SOAP, and BitTorrent web interfaces to read, upload, and delete static files. Amazon provides different mechanisms of access control for S3 buckets. That includes access control lists (ACLs), bucket policies, as well as IAM policies. By default, an S3 bucket is assigned a default ACL upon creation that grants the bucket owner full control over the bucket. S3 PENETRATION TESTING BASICS - There’s a few key concepts that any web application penetration tester should be aware of: All S3 buckets share a global naming scheme. Bucket enumeration is not avoidable. All S3 buckets have a DNS entry: [bucketname].s3.amazonaws.com It’s generally easiest to access a bucket over it’s HTTP interface (https://[bucketname].s3.amazonaws.com) or to use the more powerful AWS CLI: apt-get install awscli aws s3 ls s3://mybucket S3 COMMON VULNERABILITIES - If you’re new to AWS or S3, there are a few common vulnerabilities you should be aware of: Unauthenticated Bucket Access – As the name implies, an S3 bucket can be configured to allow anonymous users to list, read, and or write to a bucket. Semi-public Bucket Access – An S3 bucket is configured to allow access to “authenticated users”. This unfortunately means anyone authenticated to AWS. A valid AWS access key and secret is required to test for this condition. Improper ACL Permissions – The ACL of the bucket has it’s own permissions which are often found to be world readable. This does not necessarily imply a misconfiguration of the bucket itself, however it may reveal which users have what type of access. ACCESS CONTROL LISTS (ACLS) - S3 access control lists can be applied at the bucket level as well as at the object level. They generally support the following set of permissions: READ At the bucket level, this allows the grantee to list the objects in a bucket. At the object level, this allows the grantee to read the contents as well as the metadata of an object. WRITE At the bucket level, this allows the grantee to create, overwrite, and delete objects in a bucket. READ_ACP At the bucket level, this allows the grantee to read the bucket’s access control list. At the object level, this allows the grantee to read the object’s access control list. WRITE_ACP At the bucket level, this allows the grantee to set an ACL for a bucket. At the object level, this allows the grantee to set an ACL for an object. FULL_CONTROL At the bucket level, this is equivalent to granting the “READ”, “WRITE”, “READ_ACP”, and “WRITE_ACP” permissions to a grantee. At the object level, this is equivalent to granting the “READ”, “READ_ACP”, and “WRITE_ACP” permissions to a grantee. A grantee can be an individual AWS user referenced by his canonical user ID or email address or one of the following predefined groups: The Authenticated Users Group Represents all AWS users and is referenced by the URI “http://acs.amazonaws.com/groups/global/AuthenticatedUsers“. The All Users Group Represents all users (including anonymous ones) and is referenced by the URI “http://acs.amazonaws.com/groups/global/AllUsers”. The Log Delivery Group Relevant only for access logging and is referenced by the URI “http://acs.amazonaws.com/groups/s3/LogDelivery”. The following is a sample ACL: <?xml version="1.0" encoding="UTF-8"?> <AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/"> <Owner> <ID>*** Owner-Canonical-User-ID ***</ID> <DisplayName>owner-display-name</DisplayName> </Owner> <AccessControlList> <Grant> <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Canonical User"> <ID>*** Owner-Canonical-User-ID ***</ID> <DisplayName>display-name</DisplayName> </Grantee> <Permission>FULL_CONTROL</Permission> </Grant> </AccessControlList> </AccessControlPolicy> All of the aforementioned permissions are currently covered by the AWS Extender Burp extension. Namely, the following tests are performed once an S3 bucket is identified: The extension attempts to list objects hosted in the bucket (READ). The extension attempts to upload a “test.txt” file to the bucket (WRITE). The extension attempts to retrieve the access control list of the bucket (READ_ACP). The extension attempts to set the access control list of the bucket (WRITE_ACP) without actually changing it. Note: Similar tests are conducted for every identified S3 object. BUCKET POLICIES - Using a bucket policy, a bucket owner can specify what a principal can perform on a specific resource. Where a principal can be any AWS user/group or all users including anonymous ones, an action can be any predefined permission supported by bucket policies, and a resource can be the entire bucket or a specific object. The following is a sample bucket policy expressed in the JSON format: { "Version":"2012-10-17", "Statement": [ { "Effect":"Allow", "Principal": "*", "Action":["s3:GetObject"], "Resource":["arn:aws:s3:::examplebucket/*"] } ] } This policy allows the “s3:GetObject” action on the resource “arn:aws:s3:::examplebucket/” for a wildcard principal “”. This is effectively equivalent to granting the “READ” permission to the All Users group on the “examplebucket” S3 bucket using an access control list (ACL). The following permissions are currently covered by the AWS Extender Burp extension: s3:ListBucket s3:ListMultipartUploadParts s3:GetBucketAcl s3:PutBucketAcl s3:PutObject s3:GetBucketNotification s3:PutBucketNotification s3:GetBucketPolicy s3:PutBucketPolicy s3:GetBucketTagging s3:PutBucketTagging s3:GetBucketWebsite s3:PutBucketWebsite s3:GetBucketCORS s3:PutBucketCORS s3:GetLifecycleConfiguration s3:PutLifecycleConfiguration 3:PutBucketLogging Part 2 of the AWS series will cover more on S3 permissions including IAM and access tokens, as well as considerations for EC2, Cognito authentication and more. So,this is a little discription how to check S3 Bucket Misconfigeration Vulnerability in a Cloud System based Application. And I know it's a bit tricky but ya eventually you will start getting as soon as you take interest in reading. So,this is the end and furthur we will be looking on many such Cloud Pentesting Techniques. Read,React,Comment & Share.
  5. An Awsome CyberSecurity Research Based internship is out by an organisation named The Computer Noob. Below here are all the respective documents that completely elaborate's the need and things an intern have to do throughout the internship duration. So do check out!! Internship Website Link For Details - https://thecomputernoob.com/research-internship/ Google Form For Internship application- https://docs.google.com/forms/d/e/1FAIpQLSdiZMLX34tcNYakz8s7WEYuyhAxtjL2vkssFKqpamrmt8uE0g/viewform So check out and thank me later. 😎😉
  6. Hello Club Members of Open Source Contributions today I gonna provide you guys with one of the initial thing / most important tool for any open source contributor out there that is some Git Cheat Sheet that every open source contributor should be familiar with. So let's deep dive into it. First of all what is Git for any general audience - Git is a distributed version control system that helps developers collaborate on projects of any scale. Git helps many developers accross the nations to collaborate/contribute on a particular project irrespective of their time differences helps in speeding up the feature addition,bug management and many more things on to that project. What is a Distributed Version Control System? A distributed version control system is a system that helps you keep track of changes you've made to files in your project.Git makes collaboration easy. Everyone on the team can keep a full backup of the repositories they're working on on their local machine. Then, thanks to an external server like BitBucket, GitHub or GitLab, they can safely store the repository in a single place. Git has many different commands you can use. And I've found that these fifty are the ones I use the most often (and are therefore the most helpful to remember). Downlaod Git for your desired system for here - [Hidden Content] and for setup refer this official documenation from Github link is - [Hidden Content] And if there is any difficulty in seting up Git then do reply down in this topic and I will post a seperate topic for Git installation. GIT CHEATSHEET/COMMANDS - How to check your Git configuration: The command below returns a list of information about your git configuration including user name and email: git config -l How to setup your Git username: With the command below you can configure your user name: git config --global user.name "Flicker" ("your desired name") How to setup your Git user email: This command lets you setup the user email address you'll use in your commits. git config --global user.email "[email protected]" ("your desired email/gmail") How to cache your login credentials in Git: You can store login credentials in the cache so you don't have to type them in each time. Just use this command: git config --global credential.helper cache How to initialize a Git repo: Everything starts from here. The first step is to initialize a new Git repo locally in your project root. You can do so with the command below: git init How to add a file to the staging area in Git: The command below will add a file to the staging area. Just replace filename_here with the name of the file you want to add to the staging area. git add filename_here How to add all files in the staging area in Git: If you want to add all files in your project to the staging area, you can use a wildcard . and every file will be added for you. git add . How to add only certain files to the staging area in Git: With the asterisk in the command below, you can add all files starting with 'fil' in the staging area. git add fil* How to check a repository's status in Git: This command will show the status of the current repository including staged, unstaged, and untracked files. git status How to commit changes in the editor in Git: This command will open a text editor in the terminal where you can write a full commit message.A commit message is made up of a short summary of changes, an empty line, and a full description of the changes after it. git commit How to commit changes with a message in Git: You can add a commit message without opening the editor. This command lets you only specify a short summary for your commit message. git commit -m "your commit message here" How to commit changes (and skip the staging area) in Git: You can add and commit tracked files with a single command by using the -a and -m options. git commit -a -m "your commit message here" How to see your commit history in Git: This command shows the commit history for the current repository: git log How to see your commit history including changes in Git: This command shows the commit's history including all files and their changes. git log -p How to see a specific commit in Git: This command shows a specific commit. Replace commit-id with the id of the commit that you find in the commit log after the word commit. git show commit-id How to see log stats in Git: This command will cause the Git log to show some statistics about the changes in each commit, including line(s) changed and file names. git log --stat How to see changes made before committing them using "diff" in Git: You can pass a file as a parameter to only see changes on a specific file.Git diff shows only unstaged changes by default.We can call diff with the --staged flag to see any staged changes. git diff git diff all_checks.py git diff --staged How to see changes using "git add -p": This command opens a prompt and asks if you want to stage changes or not, and includes other options. git add -p How to remove tracked files from the current working tree in Git: This command expects a commit message to explain why the file was deleted. git rm filename How to rename files in Git: This command stages the changes, then it expects a commit message. git mv oldfile newfile How to ignore files in Git: Create a .gitignore file and commit it. How to revert unstaged changes in Git: You can use the -p option flag to specify the changes you want to reset. git reset HEAD filename git reset HEAD -p How to amend the most recent commit in Git: git commit --amend allows you to modify and add changes to the most recent commit. git commit --amend !!Note!!: fixing up a local commit with amend is great and you can push it to a shared repository after you've fixed it. But you should avoid amending commits that have already been made public. How to rollback the last commit in Git: Git revert will create a new commit that is the opposite of everything in the given commit.We can revert the latest commit by using the head alias like this: git revert HEAD How to rollback an old commit in Git: You can revert an old commit using its commit id. This opens the editor so you can add a commit message. git revert comit_id_here How to create a new branch in Git: By default, you have one branch, the main branch. With this command, you can create a new branch. Git won't switch to it automatically – you will need to do it manually with the next command. git branch branch_name How to switch to a newly created branch in Git: When you want to use a different or a newly created branch you can use this command: git checkout branch_name How to list branches in Git: You can view all created branches using the git branch command. It will show a list of all branches and mark the current branch with an asterisk and highlight it in green. git branch How to create a branch in Git and switch to it immediately: In a single command, you can create and switch to a new branch right away. git checkout -b branch_name How to delete a branch in Git: When you are done working with a branch and have merged it, you can delete it using the command below: git branch -d branch_name How to merge two branches in Git: To merge the history of the branch you are currently in with the branch_name, you will need to use the command below: git merge branch_name How to show the commit log as a graph in Git: We can use --graph to get the commit log to show as a graph. Also, --oneline will limit commit messages to a single line. git log --graph --oneline How to show the commit log as a graph of all branches in Git: Does the same as the command above, but for all branches. git log --graph --oneline --all How to abort a conflicting merge in Git: If you want to throw a merge away and start over, you can run the following command: git merge --abort How to add a remote repository in Git: This command adds a remote repository to your local repository (just replace [Hidden Content] with your remote repo URL). git add remote [Hidden Content] How to see remote URLs in Git: You can see all remote repositories for your local repository with this command: git remote -v How to get more info about a remote repo in Git: Just replace origin with the name of the remote obtained by running the git remote -v command. git remote show origin How to push changes to a remote repo in Git: When all your work is ready to be saved on a remote repository, you can push all changes using the command below: git push How to pull changes from a remote repo in Git: If other team members are working on your repository, you can retrieve the latest changes made to the remote repository with the command below: git pull How to check remote branches that Git is tracking: This command shows the name of all remote branches that Git is tracking for the current repository: git branch -r How to fetch remote repo changes in Git: This command will download the changes from a remote repo but will not perform a merge on your local branch (as git pull does that instead). git fetch How to check the current commits log of a remote repo in Git: Commit after commit, Git builds up a log. You can find out the remote repository log by using this command: git log origin/main How to merge a remote repo with your local repo in Git: If the remote repository has changes you want to merge with your local, then this command will do that for you: git merge origin/main How to get the contents of remote branches in Git without automatically merging: This lets you update the remote without merging any content into the local branches. You can call git merge or git checkout to do the merge. git remote update How to push a new branch to a remote repo in Git: If you want to push a branch to a remote repository you can use the command below. Just remember to add -u to create the branch upstream: git push -u origin branch_name How to remove a remote branch in Git: If you no longer need a remote branch you can remove it using the command below: git push --delete origin branch_name_here How to use Git rebase: You can transfer completed work from one branch to another using git rebase. git rebase branch_name_here Git Rebase can get really messy if you don't do it properly. Before using this command I suggest that you re-read the official documentation here . How to run rebase interactively in Git: You can run git rebase interactively using the -i flag. It will open the editor and present a set of commands you can use. git rebase -i master # p, pick = use commit # r, reword = use commit, but edit the commit message # e, edit = use commit, but stop for amending # s, squash = use commit, but meld into previous commit # f, fixup = like "squash", but discard this commit's log message # x, exec = run command (the rest of the line) using shell # d, drop = remove commit How to force a push request in Git: This command will force a push request. This is usually fine for pull request branches because nobody else should have cloned them.But this isn't something that you want to do with public repos. git push -f So here are top git commands used by open source developers most of the functionality are covered here go through it or save this topic post link so that u can refer it at any time. Hope you learnt something new from this cheat sheet. Stay Learning Stay Contributing. Happy Open Source Development!! 🤙💯
  7. Guys Check Out the clubs section and join according to your interest.

    https://forum.shellcrew.org/clubs/ 🤙🤙

  8. Sry guys for letting the forum be little inactive but our team is working towards certain changes and after that a hell lot of unique contents will be provided here on the forum. Till then be patient and stick with us guys. 🙏🏼🙏🏼

    Thank You!!

  9. Refer to the update that is being displayed on the top of the forum that is the official walkthrough of Shell_Crew Platforms.
  10. Project name :- Filp a coin So let's start Credit- @AS Hacker Source Code mainactivity.java package com.mycompany.myapp6; import android.app.*; import android.content.*; import android.os.*; import android.view.*; import android.widget.*; import java.util.*; //import androidx.appcompat.app.AppCompatActivity; //import android.widget.videoview; public class MainActivity extends Activity { @Override protected void onCreate(Bundle savedInstanceState) { VideoView vv; Button filp = null; Random rand = new Random(); //instance of random class int upperbound = 2; int int_random = rand.nextInt(upperbound); Context context = getApplicationContext(); super.onCreate(savedInstanceState); setContentView(R.layout.main); vv=findViewById((R.id.vv)); if (int_random==0){ CharSequence text = "Head"; int duration = Toast.LENGTH_SHORT; Toast toast = Toast.makeText(context, text, duration); vv.setVideoPath("android.resource://"+ getPackageName() + "/" +R.raw.h); MediaController med=new MediaController(this); //vv.setMediaController(med); med.setAnchorView(vv); vv.start(); //toast.show(); } else if (int_random==1){ CharSequence text = "Tail"; int duration = Toast.LENGTH_SHORT; Toast toast = Toast.makeText(context, text, duration); vv.setVideoPath("android.resource://"+ getPackageName() + "/" +R.raw.t); MediaController med=new MediaController(this); //vv.setMediaController(med); med.setAnchorView(vv); vv.start(); //toast.show(); } } } main.xml <LinearLayout xmlns:android="http://schemas.android.com/apk/res/android" xmlns:app="http://schemas.android.com/apk/res-auto" xmlns:tools="http://schemas.android.com/tools" android:layout_height="match_parent" android:layout_width="match_parent" android:orientation="vertical"> <VideoView android:layout_height="500dp" android:layout_width="500dp" android:layout_marginLeft="35dp" android:gravity="center|center_vertical|center_horizontal" android:id="@+id/vv"/> </LinearLayout> So lets check out the output - output_wtnp64BJ_cClk.mp4
  11. Bro I will rather suggest you to join our chat platform and ask this question over there chat portal link is https://chat.shellcrew.org this is a topic or aticle posting section of this category. 🙏🏼🙏🏼
  12. ➡️ ⚠️Note that some of these may be very advanced, but that's good for learning goals as you will see stuff as Blue Team that you never saw before too! Always run these tests in an isolated virtual machine that has no connection to the internet as a minimum safety precaution. ⚠️⚠️ 1) https://lnkd.in/e6V8Q7-d - Very useful for basic understanding of Splunk; you'll need this for some of the labs. >>> SIEM Case Investigation: 2) https://lnkd.in/eVJyr5D4 - Splunk's Boss of the SOC v1 3) https://lnkd.in/efvf_XkM - Splunk's Boss of the SOC v2 4) https://lnkd.in/e6Ru2uGN - Splunk's Boss of the SOC v3 5) https://lnkd.in/eGv7-Zx9 GittheGate - Kibana/ELK SIEM >>> Basic Traffic Analysis: A great website for challenges on PCAP analysis is: https://lnkd.in/eRCJ2fSd ⚠️You can do all the PCAP challenges/tasks there but be aware that some of the PCAPs do contain active malware. Use at your own risk! ⚠️ Advanced Threat Hunting The following seven challenges are designed around the yearly competition by FireEye. These are HARD and you have no clear hints. Exercises such as these are great to prepare for a forensics role; as they will challenge you very much so. https://lnkd.in/dPyyUEV - FireEye's Flare-on v1 https://lnkd.in/eAEWqDyK - FireEye's Flare-on v2 https://lnkd.in/eXCtjbmC - FireEye's Flare-on v3 https://lnkd.in/eSd2Yb32 - FireEye's Flare-on v4 https://lnkd.in/eM7PST6V - FireEye's Flare-on v5 https://lnkd.in/eArgxc9n - FireEye's Flare-on v6 https://lnkd.in/drDQFk7 - FireEye's Flare-on v7 Other https://lnkd.in/dcNmX2g - HireMe - Windows Disk Image Forensics
  13. ADB stands for (Android Debugging Bridge) which is an essential tool for both android developers and pentesters because ADB is a command line tool that lets you communicate with an Android device that is connected over USB, or with an emulator. It allows you to pull data from the device such as application log files, memory usage data, and push and pull applications. In Android Application Ctf's adb plays a very vital role in obtaining the flags present inside it. So here is complete cheat sheet of adb commands and their uses. So let's start. == Adb Server adb kill-server adb start-server == Adb Reboot adb reboot adb reboot recovery adb reboot-bootloader adb root //restarts adb with root permissions == Shell adb shell // Open or run commands in a terminal on the host Android device. == Devices adb usb adb devices //show devices attached adb devices -l //devices (product/model) adb connect ip_address_of_device == Get device android version adb shell getprop ro.build.version.release == LogCat adb logcat adb logcat -c // clear // The parameter -c will clear the current logs on the device. adb logcat -d > [path_to_file] // Save the logcat output to a file on the local system. adb bugreport > [path_to_file] // Will dump the whole device information like dumpstate, dumpsys and logcat output. == Files adb push [source] [destination] // Copy files from your computer to your phone. adb pull [device file location] [local file location] // Copy files from your phone to your computer. == App install adb -e install path/to/app.apk -d - directs command to the only connected USB device... -e - directs command to the only running emulator... -s <serial number> ... -p <product name or path> ... The flag you decide to use has to come before the actual adb command: adb devices | tail -n +2 | cut -sf 1 | xargs -IX adb -s X install -r com.myAppPackage // Install the given app on all connected devices. == Uninstalling app from device adb uninstall com.myAppPackage adb uninstall <app .apk name> adb uninstall -k <app .apk name> -> "Uninstall .apk withour deleting data" adb shell pm uninstall com.example.MyApp adb shell pm clear [package] // Deletes all data associated with a package. adb devices | tail -n +2 | cut -sf 1 | xargs -IX adb -s X uninstall com.myAppPackage //Uninstall the given app from all connected devices == Update app adb install -r yourApp.apk // -r means re-install the app and keep its data on the device. adb install –k <.apk file path on computer> == Home button adb shell am start -W -c android.intent.category.HOME -a android.intent.action.MAIN == Activity Manager adb shell am start -a android.intent.action.VIEW adb shell am broadcast -a 'my_action' adb shell am start -a android.intent.action.CALL -d tel:+972527300294 // Make a call // Open send sms screen with phone number and the message: adb shell am start -a android.intent.action.SENDTO -d sms:+972527300294 --es sms_body "Test --ez exit_on_sent false // Reset permissions adb shell pm reset-permissions -p your.app.package adb shell pm grant [packageName] [ Permission] // Grant a permission to an app. adb shell pm revoke [packageName] [ Permission] // Revoke a permission from an app. // Emulate device adb shell wm size 2048x1536 adb shell wm density 288 // And reset to default adb shell wm size reset adb shell wm density reset == Print text adb shell input text 'Wow, it so cool feature' == Screenshot adb shell screencap -p /sdcard/screenshot.png $ adb shell [email protected] $ screencap /sdcard/screen.png [email protected] $ exit $ adb pull /sdcard/screen.png --- adb shell screenrecord /sdcard/NotAbleToLogin.mp4 $ adb shell [email protected] $ screenrecord --verbose /sdcard/demo.mp4 (press Control + C to stop) [email protected] $ exit $ adb pull /sdcard/demo.mp4 == Key event adb shell input keyevent 3 // Home btn adb shell input keyevent 4 // Back btn adb shell input keyevent 5 // Call adb shell input keyevent 6 // End call adb shell input keyevent 26 // Turn Android device ON and OFF. It will toggle device to on/off status. adb shell input keyevent 27 // Camera adb shell input keyevent 64 // Open browser adb shell input keyevent 66 // Enter adb shell input keyevent 67 // Delete (backspace) adb shell input keyevent 207 // Contacts adb shell input keyevent 220 / 221 // Brightness down/up adb shell input keyevent 277 / 278 /279 // Cut/Copy/Paste 0 --> "KEYCODE_0" 1 --> "KEYCODE_SOFT_LEFT" 2 --> "KEYCODE_SOFT_RIGHT" 3 --> "KEYCODE_HOME" 4 --> "KEYCODE_BACK" 5 --> "KEYCODE_CALL" 6 --> "KEYCODE_ENDCALL" 7 --> "KEYCODE_0" 8 --> "KEYCODE_1" 9 --> "KEYCODE_2" 10 --> "KEYCODE_3" 11 --> "KEYCODE_4" 12 --> "KEYCODE_5" 13 --> "KEYCODE_6" 14 --> "KEYCODE_7" 15 --> "KEYCODE_8" 16 --> "KEYCODE_9" 17 --> "KEYCODE_STAR" 18 --> "KEYCODE_POUND" 19 --> "KEYCODE_DPAD_UP" 20 --> "KEYCODE_DPAD_DOWN" 21 --> "KEYCODE_DPAD_LEFT" 22 --> "KEYCODE_DPAD_RIGHT" 23 --> "KEYCODE_DPAD_CENTER" 24 --> "KEYCODE_VOLUME_UP" 25 --> "KEYCODE_VOLUME_DOWN" 26 --> "KEYCODE_POWER" 27 --> "KEYCODE_CAMERA" 28 --> "KEYCODE_CLEAR" 29 --> "KEYCODE_A" 30 --> "KEYCODE_B" 31 --> "KEYCODE_C" 32 --> "KEYCODE_D" 33 --> "KEYCODE_E" 34 --> "KEYCODE_F" 35 --> "KEYCODE_G" 36 --> "KEYCODE_H" 37 --> "KEYCODE_I" 38 --> "KEYCODE_J" 39 --> "KEYCODE_K" 40 --> "KEYCODE_L" 41 --> "KEYCODE_M" 42 --> "KEYCODE_N" 43 --> "KEYCODE_O" 44 --> "KEYCODE_P" 45 --> "KEYCODE_Q" 46 --> "KEYCODE_R" 47 --> "KEYCODE_S" 48 --> "KEYCODE_T" 49 --> "KEYCODE_U" 50 --> "KEYCODE_V" 51 --> "KEYCODE_W" 52 --> "KEYCODE_X" 53 --> "KEYCODE_Y" 54 --> "KEYCODE_Z" 55 --> "KEYCODE_COMMA" 56 --> "KEYCODE_PERIOD" 57 --> "KEYCODE_ALT_LEFT" 58 --> "KEYCODE_ALT_RIGHT" 59 --> "KEYCODE_SHIFT_LEFT" 60 --> "KEYCODE_SHIFT_RIGHT" 61 --> "KEYCODE_TAB" 62 --> "KEYCODE_SPACE" 63 --> "KEYCODE_SYM" 64 --> "KEYCODE_EXPLORER" 65 --> "KEYCODE_ENVELOPE" 66 --> "KEYCODE_ENTER" 67 --> "KEYCODE_DEL" 68 --> "KEYCODE_GRAVE" 69 --> "KEYCODE_MINUS" 70 --> "KEYCODE_EQUALS" 71 --> "KEYCODE_LEFT_BRACKET" 72 --> "KEYCODE_RIGHT_BRACKET" 73 --> "KEYCODE_BACKSLASH" 74 --> "KEYCODE_SEMICOLON" 75 --> "KEYCODE_APOSTROPHE" 76 --> "KEYCODE_SLASH" 77 --> "KEYCODE_AT" 78 --> "KEYCODE_NUM" 79 --> "KEYCODE_HEADSETHOOK" 80 --> "KEYCODE_FOCUS" 81 --> "KEYCODE_PLUS" 82 --> "KEYCODE_MENU" 83 --> "KEYCODE_NOTIFICATION" 84 --> "KEYCODE_SEARCH" 85 --> "KEYCODE_MEDIA_PLAY_PAUSE" 86 --> "KEYCODE_MEDIA_STOP" 87 --> "KEYCODE_MEDIA_NEXT" 88 --> "KEYCODE_MEDIA_PREVIOUS" 89 --> "KEYCODE_MEDIA_REWIND" 90 --> "KEYCODE_MEDIA_FAST_FORWARD" 91 --> "KEYCODE_MUTE" 92 --> "KEYCODE_PAGE_UP" 93 --> "KEYCODE_PAGE_DOWN" 94 --> "KEYCODE_PICTSYMBOLS" ... 122 --> "KEYCODE_MOVE_HOME" 123 --> "KEYCODE_MOVE_END" // https://developer.android.com/reference/android/view/KeyEvent.html == ShPref # replace org.example.app with your application id # Add a value to default shared preferences. adb shell 'am broadcast -a org.example.app.sp.PUT --es key key_name --es value "hello world!"' # Remove a value to default shared preferences. adb shell 'am broadcast -a org.example.app.sp.REMOVE --es key key_name' # Clear all default shared preferences. adb shell 'am broadcast -a org.example.app.sp.CLEAR --es key key_name' # It's also possible to specify shared preferences file. adb shell 'am broadcast -a org.example.app.sp.PUT --es name Game --es key level --ei value 10' # Data types adb shell 'am broadcast -a org.example.app.sp.PUT --es key string --es value "hello world!"' adb shell 'am broadcast -a org.example.app.sp.PUT --es key boolean --ez value true' adb shell 'am broadcast -a org.example.app.sp.PUT --es key float --ef value 3.14159' adb shell 'am broadcast -a org.example.app.sp.PUT --es key int --ei value 2015' adb shell 'am broadcast -a org.example.app.sp.PUT --es key long --el value 9223372036854775807' # Restart application process after making changes adb shell 'am broadcast -a org.example.app.sp.CLEAR --ez restart true' == Monkey adb shell monkey -p com.myAppPackage -v 10000 -s 100 // monkey tool is generating 10.000 random events on the real device == Paths /data/data/<package>/databases (app databases) /data/data/<package>/shared_prefs/ (shared preferences) /data/app (apk installed by user) /system/app (pre-installed APK files) /mmt/asec (encrypted apps) (App2SD) /mmt/emmc (internal SD Card) /mmt/adcard (external/Internal SD Card) /mmt/adcard/external_sd (external SD Card) adb shell ls (list directory contents) adb shell ls -s (print size of each file) adb shell ls -R (list subdirectories recursively) == Device onformation adb get-statе (print device state) adb get-serialno (get the serial number) adb shell dumpsys iphonesybinfo (get the IMEI) adb shell netstat (list TCP connectivity) adb shell pwd (print current working directory) adb shell dumpsys battery (battery status) adb shell pm list features (list phone features) adb shell service list (list all services) adb shell dumpsys activity <package>/<activity> (activity info) adb shell ps (print process status) adb shell wm size (displays the current screen resolution) dumpsys window windows | grep -E 'mCurrentFocus|mFocusedApp' (print current app's opened activity) == Package info adb shell list packages (list package names) adb shell list packages -r (list package name + path to apks) adb shell list packages -3 (list third party package names) adb shell list packages -s (list only system packages) adb shell list packages -u (list package names + uninstalled) adb shell dumpsys package packages (list info on all apps) adb shell dump <name> (list info on one package) adb shell path <package> (path to the apk file) ==Configure Settings Commands adb shell dumpsys battery set level <n> (change the level from 0 to 100) adb shell dumpsys battery set status<n> (change the level to unknown, charging, discharging, not charging or full) adb shell dumpsys battery reset (reset the battery) adb shell dumpsys battery set usb <n> (change the status of USB connection. ON or OFF) adb shell wm size WxH (sets the resolution to WxH) == Device Related Commands adb reboot-recovery (reboot device into recovery mode) adb reboot fastboot (reboot device into recovery mode) adb shell screencap -p "/path/to/screenshot.png" (capture screenshot) adb shell screenrecord "/path/to/record.mp4" (record device screen) adb backup -apk -all -f backup.ab (backup settings and apps) adb backup -apk -shared -all -f backup.ab (backup settings, apps and shared storage) adb backup -apk -nosystem -all -f backup.ab (backup only non-system apps) adb restore backup.ab (restore a previous backup) adb shell am start|startservice|broadcast <INTENT>[<COMPONENT>] -a <ACTION> e.g. android.intent.action.VIEW -c <CATEGORY> e.g. android.intent.category.LAUNCHER (start activity intent) adb shell am start -a android.intent.action.VIEW -d URL (open URL) adb shell am start -t image/* -a android.intent.action.VIEW (opens gallery) == Logs adb logcat [options] [filter] [filter] (view device log) adb bugreport (print bug reports) == Other adb backup // Create a full backup of your phone and save to the computer. adb restore // Restore a backup to your phone. adb sideload // Push and flash custom ROMs and zips from your computer. fastboot devices // Check connection and get basic information about devices connected to the computer. // This is essentially the same command as adb devices from earlier. //However, it works in the bootloader, which ADB does not. Handy for ensuring that you have properly established a connection. -------------------------------------------------------------------------------- # replace org.example.app with your application id # Add a value to default shared preferences. adb shell 'am broadcast -a org.example.app.sp.PUT --es key key_name --es value "hello world!"' # Remove a value to default shared preferences. adb shell 'am broadcast -a org.example.app.sp.REMOVE --es key key_name' # Clear all default shared preferences. adb shell 'am broadcast -a org.example.app.sp.CLEAR --es key key_name' # It's also possible to specify shared preferences file. adb shell 'am broadcast -a org.example.app.sp.PUT --es name Game --es key level --ei value 10' # Data types adb shell 'am broadcast -a org.example.app.sp.PUT --es key string --es value "hello world!"' adb shell 'am broadcast -a org.example.app.sp.PUT --es key boolean --ez value true' adb shell 'am broadcast -a org.example.app.sp.PUT --es key float --ef value 3.14159' adb shell 'am broadcast -a org.example.app.sp.PUT --es key int --ei value 2015' adb shell 'am broadcast -a org.example.app.sp.PUT --es key long --el value 9223372036854775807' # Restart application process after making changes adb shell 'am broadcast -a org.example.app.sp.CLEAR --ez restart true' -------------------------------------------------------------------------------- I guess this must be more than enough this almost covers all the adb approaches required while you are working on any type of application. Hope you like it and do react on the posts so that I get more motivated and more such contents soon.
  14. Think once if you are able to see internal api requests that have been made in an application to the server while accessing it, so how easily we can monitor internal apis and can get complete info about it. So how much fun that will be so let's start One such continous proxy interception tool that can help us to achieve this task and that too mine personal favourite is MITM PROXY. Steps to setup it is explained below. Go through it well. MITM PROXY helps in to Intercept iOS/Android Network Calls of an Android/IOS application. How MITM Proxy Works is explained well using the image attached below 3. Setting up MITM in your Android Phone. For Android, you’ll have to navigate to Settings → WiFi. Long press on network name and tap on Modify network.(Depends upon the device you are using) Next step is to change the Proxy Settings. Tap on Show Advance options / Manual Proxy and you’ll find Host Name, Port. Use the command ipconfig/ifconfig to determine your system ip so that you can use it in your proxy configeration. Under Hostname add your system ip and make the port value 8080 because mitm proxy uses port 8080 by default. Open your favorite browser(Chrome) on your Android and address bar type address http://mitm.it . You will see something like this when you visit it. Click on the desired platform where you wanna install its certificate (CA file) and the platform you are using that is I will do it in my android device. Open the certificate, as a security measure Android OS prompts you to set up a pin/pattern if not set before. Refer to screenshot. You might want to save it with a name. In my case, i saved it with mitm. Now you should now be able to see traffic starting to appear in your terminal once you are using any of the desired app that's traffic you wanna intercept. So this is the way you will be able to intercept internal traffic of an application. Few Pointers : If you hit ENTER on any request, you can see more information such as request and response headers. You can use TAB to switch between Request, Response and Detail tabs. Hit q to go back to the request list. So this is a quick explaination of how important mitm proxy is to view internal traffic of an application so that if there is any private api used in an application you can view it and can play with it's endpoints in POSTMAN. So, that's for it in next topic I will Debug a very popular application and will explore some hidden things. Till then support us and stay tuned.
  15. Open Source Softwares are boon to mankind and it also paves the way for an buzzing enthusiast developer to contribute on it and also helps to gain an industry level experience right from the comfort of their homes. Isn't that super cool? So, in this post, I'll be sharing with you some of the Open Source Programs which you can apply as a student to gain some experience, work with some of the smartest and friendliest minds in the world from the comfort of your home and of course earn a generous stipend as well. Disclaimer: The application period for some programs from the list may had been closed but do consider reading it in order to make yourself well prepared with their application process in advance as some of them need prior contributions into the projects Thanks!! Google Summer Of Code (GSOC) - Google Summer Of Code is a mentorship program started by Google back in 2006 in order to bring more people especially the students into the open source communities by acting as a bridge between the two. The program usually starts in the month of January in which Open Source Organizations apply to participate in the program and the results for the selected organizations got announced 40 days after the initial application process. Now it's time for the Student's application process as soon as the Organizations results are announced the application process for the students starts after approx. 20 days. and lasts only 15 days. After the application period is over the organizations reviews the student's applications and selects them based on their proposals. As soon as you got selected into the program your official GSOC journey begins. Stipend is based on the Purchasing Power Parity of the country you live. More at [Hidden Content] . Major League Hacking (MLH) Fellowship - The MLH Fellowship is a remote internship alternative for aspiring technologists. Spend 12 weeks building your skills by collaborating on real-world projects. There's also an optional stipend given to the students given based on their circumstances. Website: [Hidden Content] Outreachy Internships - Outreachy is a diversity initiative that provides paid, remote internships to people subject to systemic bias and impacted by underrepresentation in the technical industry where they are living. Outreachy provides internships to work on open source. Key highlights of the internships are: 💵 Paid - $6,000 USD total internship stipend 🌍 Remote - both interns and mentors work remotely 🕰 3 months - internships run May to August, or December to March Yes they runs the program twice a year Website: [Hidden Content] The X.Org Endless Vacation of Code (EVoC) - This is the X.org's own program similar to the Google Summer Of Code. Interested participants can send their proposal to the Org and the application process is moreover similar to the GSOC. One of the best thing of this program is that you can send your application anytime throughout the year. Website: [Hidden Content] Julia Seasons of Contributions - The Julia Seasons of Contributions (JSoC) are the seasonal programs for funding and/or mentoring students and other developers to contribute to the open source ecosystem. Click on the below link in order to know more about the programs in which they participates and accepts the students applications. Website: [Hidden Content] Google Season Of Docs - Season of Docs provides support for open source projects to improve their documentation and gives professional technical (Don't worry students can also apply) writers an opportunity to gain experience in open source. Together you'll help to the raise awareness of open source, of docs, and of technical writing. Website: [Hidden Content] Open Source Promotion Plan - Open Source Promotion Plan encourages everyone to pay close attention to open source software and open source community, aiming to cultivate and explore more outstanding developers. The Program for the year 2021 is over but you can bookmark this article as of now and can apply the next year. Website: [Hidden Content] Redox OS Summer of Code - The Redox OS Summer of Code is the primary use of donations to the Redox OS project. Students are selected who have already demonstrated a desire and ability to contribute to Redox OS. If you are interested, you must join the Redox OS chat and contribute to Redox OS projects. Website: [Hidden Content] Hyperledger Mentorship Program - The Hyperledger mentorship program is aimed at creating a structured hands-on learning opportunity for new developers who may otherwise lack the opportunity to gain exposure to Hyperledger open source development and entry to the technical community. It also provides a more defined path for Hyperledger to connect with the next generation of student developers to inject more talent into its development community. Benefits for Student Interns - Mentees gain exposure to real-world software development by working closely with active developers in the community. Mentees get introduced to open source development infrastructure, tooling, and culture. Mentees have the hands-on opportunity to do work related to their academic and professional interests and to further the pursuit of those interests. Mentees develop close working relationships with open source professionals and industry business leaders to expand their professional network. Website: [Hidden Content] 10. Linux Kernel Mentorship Program - The Linux Kernel Mentorship Program offers a structured remote learning opportunity to aspiring Linux Kernel developers. Experienced Linux Kernel developers and maintainers mentor volunteer mentees and help them become contributors to the Linux Kernel. The Linux Kernel Mentorship Program includes three 12-week, full-time volunteer mentee positions, and two 24-week part-time volunteer mentee positions each year. Website: [Hidden Content] So,these are some famous world wide open source events in which students can too apply and enjoy being associated to a corporate domain. Discover your area of interest on the basis of which stack or tech you love and then start contributing in this open source domain. Thanks For Reading!!