Anant Shrivastava : Techno Enthusiast

SVN Extractor for Web Pentesters

anantshri — Tue, 26 Mar 2013 11:16:41 +0000

Many a times web application pen-testers are encountered with the presence of .svn folders. For those not aware .svn folder is used by SVN version control system to perform its operations. For a blackbox pentester this folder contains huge amount of information. 1) Uncover hidden files and folder names 2) Access the source code of the files. 3) [...]

IronWasp on Linux

anantshri — Mon, 14 Jan 2013 19:32:57 +0000

This post discusses about a one click way to install and configure IronWasp on Linux

script kiddie blocker

anantshri — Thu, 16 Aug 2012 09:04:42 +0000

this post is in continutation to the thread here : http://www.garage4hackers.com/f11/script-kiddie-blocker-2581.html based on the details that i have gathered so far here … Here is a htaccess code which you can use. #Script kiddie blocker start #License: GPLv2 or later #License URI: http://www.gnu.org/licenses/gpl-2.0.html RewriteEngine On <IfModule mod_rewrite.c> RewriteCond %{HTTP_USER_AGENT} ^w3af.sourceforge.net [NC,OR] RewriteCond %{HTTP_USER_AGENT} dirbuster [...]

LSB new twist : text based Stegnograph

anantshri — Sun, 18 Mar 2012 11:21:10 +0000

Today i am going to discuss about a simple twist in existing Stegnography and text base data hiding techniques. While creating challenges for Preconference hacking challenge “HACKIM” for nullcon conference. we cameup with text based LSB hiding challenge as crypto challenge part 5. today i am releasing tools i used to encoding and decoding such [...]

Standalone Perl on Android

anantshri — Wed, 14 Mar 2012 18:30:39 +0000

In simmilar lines to standalone python this is the code that could be used for running standalone perl applications. This script again tries to address some very basic issues. 1) non availability of direct perl calling mechanism while using terminal emulator. 2) Environmental limitations. 3) you can’t pass command-line arguments. Script enclosed Here #License: GPLv2 [...]

DroidCAT – Android Application collection for Security professionals

anantshri — Tue, 13 Mar 2012 19:54:59 +0000

After a gap of 1 month finally releasing the droidcat application. DroidCAT application is developed as part of HaXdroiD project which is right now in closed tested status. Lets talk about DroidCat today. What is Cat-Droid? DroidCat is inspired by firecat and aims to be a one stop solution to finding all ethical hacking / [...]

Whitepaper : Security Issues in Android Custom ROM’s

anantshri — Sun, 16 Oct 2011 23:25:30 +0000

Today i am releasing the paper which i presented recently at C0C0N conference at ernakulam. this paper outlines where security misconfiguration that can lead to device compromise, data theft and so on. Hope this helps in secure development and deployment of custom ROM’s. http://anantshri.info/articles/android_cust_rom_security.html The link contains download for both my slidepack as well as [...]

Android File system Graphical View

anantshri — Wed, 12 Oct 2011 12:09:03 +0000

Today i am presenting a simple HTML page which everyone can use to visualize the file system layout of Android Phones. http://anantshri.info/andro/file_system.html I have tried to keep vendor specific stuff out of the list however if you think this needs correction feel free to point out and correct it out. Link : http://anantshri.info/andro/file_system.html

Android : Running Standalone Python

anantshri — Thu, 11 Aug 2011 18:19:24 +0000

This is not yet another post on android-scripting project or SL4A or python for android. This post is for a specific purpose to empower the terminal again and make users again feel the power of terminal. Current state we can run perl, python, PHP, ruby, beanshell in SL4A interface or as a standalone apk with [...]

MyLife : Hack : Yahoo Open HackDay 2011

anantshri — Sun, 31 Jul 2011 08:16:48 +0000

This was my first time attending Yahoo open hackday the event is all fun and a quick way to hacking onto the yahoo api’s. I specifically focused on one API YQL, which basically claims to do the following select * from internet now that raises an eyebrow, in simpler term this is what is we [...]