Sahmara Info

This blog post is aimed to express and explain my surprise about Signal being more secure than I thought (due to receipt acknowledgments). I hope you find it interesting, too. Signal, and especially its state update protocol, the Double Ratchet algorithm, are widely known for significantly increasing security for instant messaging. While most users first see the end-to-end security induced by employing Signal in messaging apps, the properties achieved due to ratcheting go far beyond protecting communication against (active) attackers on the wire. Due to updating the local device secrets via the Double Ratchet algorithm, the protocol ensures that attackers, who temporarily obtain a device's local storage (on which Signal runs), only compromise confidentiality of parts of the communications with this device. Thus, the leakage of local secrets from a device only affects security of a short frame of communication. The exact duration of compromise depends on the messaging pattern among...

Do you know what is happening in the background whe n you buy something in an online shop using PayPal ? In this post we will tackle the following problems: How can PayPal's API be tested? How does PayPal's Express Checkout work? You can find the detailed report here . How can we debit more money than authorized? How PayPal's API can be tested? PayPal's Sandbox API PayPal offers a feature called PayPal Sandbox Accounts , which mimics the production API. The basic idea is that a normal user/shop can test the API and make transactions without actually transferring money. This is the perfect tool for developers to test their API integration. Access to all messages The next question is how to get access to all messages. All browser-related messages can be inspected, intercepted, and modified via BurpSuite. The main problem here is how to get access to the server-to-server exchanged messages: the messages exchanged between PayPal and a shop. In order to solve this pro...

About Router-Exploit-Shovel    Router-Exploit-Shovel is an a utomated application generation for Stack Overflow types on Wireless Routers.    Router exploits shovel is an automated application generation tool for stack overflow types on wireless routers. The tool implements the key functions of exploits, it can adapt to the length of the data padding on the stack, generate the ROP chain, generate the encoded shellcode, and finally assemble them into a complete attack code. The user only needs to attach the attack code to the overflow location of the POC to complete the Exploit of the remote code execution.    The tool supports MIPSel and MIPSeb.Run on Ubuntu 16.04 64bit. Router-Exploit-Shovel's Installation    Open your Terminal and enter these commands: Usage    Example:  python3 Router_Exploit_Shovel.py -b test_binaries/mipseb-httpd -l test_binaries/libuClibc-0.9.30.so -o 0x00478584 Router-Exploit-Shovel's screenshot Code str...

This Video is absolutely for Educational Purposes only, please don't do any illegal activity. If you do then I'm not responsible for your illegal activity. The purpose of this video is to show you How hackers can hack your social media by using their own local servers. Basically these type of attacks  known as Social Engineering attacks or Phishing. Attacker just send the duplicate vulnerable HTML page to the victim, when victim enters any type of information to that vulnerable page it'll automatically received by the attacker. Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels. The attacker uses phishing emails to distribute malicious links or attachments that can perform a variety of functions, including the extraction of login credentials or account information from victims. How phishing works  Phishing attacks typically rely on social networking techniques applied to email or other ...

In this concise article we will learn some basics of how to use Linux Command line, so lets get started. Requirements: 1. An open Terminal in your Linux Box. I'm using Kali Linux 2.0 or you can check out this amazing website Webminal Command:   ls Syntax:          ls [flag(s)] Function:       ls is short for list. ls command is used to list the contents of a directory these contents include files, folders, and links. ls has many optional flags as well, some of them are described below Flags:     -a this flag is used to view hidden files that is those files whose names are preceded                      by a '.'(dot)                -l  this flag is used to view file permissions, owner of the file, group of the owner, the                        file size, the modif...

This post is about PKCE [ RFC7636 ], a protection mechanism for  OAuth and OpenIDConnect designed for public clients to detect the  authorization code interception attack. At the beginning of our research, we wrongly believed that PKCE protects mobile and native apps from the so called „App Impersonation" attacks. Considering our ideas and after a short discussion with the authors of the PKCE specification, we found out that PKCE does not address this issue. In other words, the protection of PKCE can be bypassed on public clients (mobile and native apps) by using a maliciously acting app. OAuth Code Flow In Figure 1, we briefly introduce how the OAuth flow works on mobile apps and show show the reason why we do need PKCE. In our example the user has two apps installed on the mobile phone: an Honest App and an Evil App . We assume that the Evil App is able to register the same handler as the Honest App and thus intercept messages sent to the Honest App. If you are m...

     Top 10 powerful Hacking  Tools in 2019.        If hacking is performed to identify the potential threats to a computer or network then it will be an ethical hacking. Ethical hacking is also called penetration testing, intrusion testing, and red teaming. Hacking is the process of gaining access to a computer system with the intention of fraud, data stealing, and privacy invasion etc., by identifying its weaknesses. Ethical Hackers: A person who performs the hacking activities is called a hacker. There are six types of hackers: The Ethical Hacker (White hat) Cracker Grey hat Script kiddies Hacktivist Phreaker A security professional who uses his/her hacking skills for defensive purposes is called an ethical hacker. To strengthen the security, ethical hackers use their skills to find vulnerabilities, document them, and suggest the ways to rectify them. Companies that provide online services or those which are connected to the internet, must perf...