Posts

Showing posts from July, 2020

Reverse Shells

-
Image
>  A reverse shell is a shell session established on a connection that is initiated from a remote machine, not from the localhost. Attackers who successfully exploit a remote command execution vulnerability can use a reverse shell to obtain an interactive shell session on the target machine and continue their attack. A reverse shell (also called a connect-back shell) can also be the only way to gain remote shell access across a NAT or firewall. Let’s see how reverse shells work in practice and what you can do to prevent them. How a Reverse Shell Works To establish a typical remote shell, a machine controlled by the attacker connects to a remote network host and requests a shell session – this is called a bind shell. But what if the remote host is not directly accessible, for example, because it has no public IP or is protected by a firewall? In this situation, a reverse shell might be used, where the target machine initiates an outgoing connection to a listening network host,
1 comment
Read more

OTP Bypassing

-
Image
How I bypassed the OTP ? It's been a long since i posted blog, So in this blog i'll show you how i bypassed the OTP. This is only for the educational purpose. There are different ways by which we can try and bypass the login credentials with the help of different methods. Today , i am going to tell you how you can bypass OTP using burpsuite. Let's Start : Firstly, target any site or we can say select any site for the attack . I selected ICICI bank website.     Burp Suite on! So First step :   First you need to configure your browser with the burpsuite and secondly, you need to configure your browser to use the Burp Proxy listener as its HTTP proxy server. To do this, you need to change your browser's proxy settings to use the proxy host address (by default, 127.0.0.1) and port (by default, 8080) for both HTTP and HTTPS protocols, with no exceptions.   NOTE : If the listener is still not running, then Burp was not able to open the default proxy listener port (8080). S
8 comments
Read more