yehgdotnet

#!/usr/bin/env python
# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
#
# This software is provided under under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
#
# A similar approach to psexec w/o using RemComSvc. The technique is described here
# https://www.optiv.com/blog/owning-computers-without-shell-access
# Our implementation goes one step further, instantiating a local smbserver to receive the

yehgdotnet

package main

import (
    "fmt"
    "regexp"
    "io/ioutil"
    "log"
)

func main() {

yehgdotnet

<script>
var original_url = window.location.toString();
var https_url = original_url.replace("http://","https://");

if (window.location.toString().indexOf("http://")==0){
    location.replace(https_url);
}
</script>

yehgdotnet

A very fast and easy solution is to use FileSaver.js :
1) Add the following line into the ==UserScript== section of your Greasemonkey script

// @require     https://raw.githubusercontent.com/eligrey/FileSaver.js/master/src/FileSaver.js
2) Add the 2 following lines of code to the GM script

var blob = new Blob(["Hello, world!"], {type: "text/plain;charset=utf-8"});

saveAs(blob, "hello world.txt");

yehgdotnet

The most effective control against insecure direct object reference attacks is to avoid exposing internal functionality of the software using a direct object reference that can be easily manipulated. 



The following are some defensive strategies that can be taken to accomplish this objective:

■ Use indirect object reference by using an index of the value or a reference map so that direct parameter manipulation is rendered futile unless the attacker also is aware of how the parameter maps to the internal functionality.

■ Do not expose internal objects directly via URLs or form parameters to the end user.

yehgdotnet

000000
1q2w3e
1q2w3e4r
1q2w3e4r5t
1qaz2wsx
3rjs1la7qe
18atcskd2w
123
123qwe
1234

yehgdotnet

1.0.0.1
1.1.1.1
149.112.112.112
2606:4700:4700::1001
2606:4700:4700::1111
2620:fe::9
2620:fe::fe
8.8.4.4
8.8.8.8
9.9.9.9

yehgdotnet

\.match|\.contains|\@GetMapping|\@PostMapping|\"matches\"|\@RequestMapping|\@PutMapping|\@DeleteMapping|\@PatchMapping|random|org.springframework.validation|javax.validation|SecretKeyFactory|xmlDecoder|xstream|zip|implements Runnable|implements Threads|new Runnable|new Thread|synchronized|newCachedThreadPool|newFixedThreadPool|utf\-8|403|denied|invalid|illegal|catch \(Exception|System\.loadLibrary|Class\.forName|getRuntime\(\)|AccessController.\doPrivileged|implements Serializable|Object deserialize|deserialize|deserialise|ObjectInputStream|KeyGenerator\.getInstance|printStackTrace|X509TrustManager|SSLContext.getInstance\("SSL"\)|\.hostnameVerifier|new TrustManager|System\.out|System\.err|HttpServletRequest|md5|sha1|password|key|pay|credit|createTempFile|class\.newInstance|.loadClass|.newInstance|objectinputstream.readobject|readObject|Pattern.compile|\.compile|DocumentBuilderFactory|SAXReader

yehgdotnet

Enable ATS support. Include exception in ATS declaration in the application plist file.



<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSExceptionDomains</key>
        <dict>
            <key>exceptionsite.com</key>
            <dict>

yehgdotnet

While analyzing the source code, look for the fields or screens where sensitive data is involved. Identify if the application sanitize the screen before being backgrounded by using UIImageView.

Possible remediation method that will set a default screenshot:

@property (UIImageView *)backgroundImage;

- (void)applicationDidEnterBackground:(UIApplication *)application {
    UIImageView *myBanner = [[UIImageView alloc] initWithImage:@"overlayImage.png"];
    self.backgroundImage = myBanner;
    [self.window addSubview:myBanner];