Shuciran Pentesting Notes

Urlexploder (Intermediate)

Host entries 10.0.160.235 Content KodExplorer Dangerous File Upload leading to RCE Arbitrary File Read via Playwright’s Screenshot Feature Exploiting File Wrapper Reconnaissance Initial ...

Havents (Intermediate)

Host entries 10.0.14.47 Content Default Credentials Haven blog web application RCE Binary allowed to run with superuser (root) privileges sudo -l Reconnaissance Initial reconnaissanc...

DestroyerCMS (Intermediate)

Host entries 10.0.160.222 destroyercms.echocity-f.com Content GetSimpleCMS RCE exploit SUID privilege escalation Reconnaissance Initial reconnaissance for TCP ports # Nmap 7.94SVN sca...

SQLite Database

SQLite DB To save structured data, such as contact information or to-do lists, we can leverage the iOS Core Data framework. It provides a convenient API for storing data in different store types s...

Realm database

Realm DB Realm DB is an alternative to SQLite for storing structured data in mobile applications. It is object-oriented, which means that the database internally uses objects that map to the mobil...

Plist Files

Plist File Plist files use an XML format and can be stored in plaintext ASCII or as a proprietary packed file format intended to reduce the file size. These binary files require the use of a suppo...

Data Storage Keychain dumper

iOS Keychain Dumper Since the Keychain stores sensitive information, attackers are naturally interested in accessing its contents. We can use the iOS Keychain Dumper tool, to dump the contents of ...

Firebase database

Firebase DB Contrary to SQLite and Realm DB, which store data locally, Firebase is a cloud database. It allows developers to collect data from many application users and store it online in JSON fo...

Binary Cookies

Binary Cookies Some iOS applications display web content inside WebView components. Webpages often require cookies for mechanisms such as automatic reconnection. iOS applications save these WebVie...

Finding GUID with ipainstaller

Ipainstaller can be obtained by installing the BigBoss Recommended tools through Cydia. Installing IPAs files The IPA can be directly installed on the iOS device via the command line with ipa...