My Experience with cooking!

I started cooking when I moved to Hyderabad. It has been a great experience cooking I always wanted to cook since my childhood. So finally got the opportunity to work on this skill as I was in a new place new opportunities just found me.

When I first tried cooking I always felt that there is oil left in my food. Then I understood the process and chemistry of cooking oil with veggies. Then the best taste comes up on its own.

I will be still watching courses and other things on cooking and learning more as this is a life skill. Despite gender, everyone should know how to cook basic meals.

Cooking is just another section of chemistry. That’s it

I will post more on this.

Israel Trip

How to get Visa: IVP (Israel visa processing) is a service provider for the State of Israel, authorized to provide support services to visa applicants in India. Visit this site https://www.israelvisa.in/ to get more details on Visa process.

There are two types of Visa submission:

a. Normal: minimum 5 working days – Rs 3330

b. Fast track: minimum 2 working days – Rs 7650

You need to submit application form (not hand written) and other required documents to IVP Center of your respective location.

Use below link to access the application form

https://www.israelvisa.in/online-visa-application-form/b2-tourist-visa

Use below link to know details of required documents

Click to access B2-Tourist-Visa.pdf

Track your visa application status by using below link

https://www.israelvisa.in/track-your-application

Hotel Booking

Check hotel rating on Booking.com and book using Agoda.com. Always use free cancellation type to book hotel. Agoda has zero cancellation policies which you can avail.

Tel Aviv Hotel: Abraham Hotel, Guest Kitchen is available

Jerusalem Hotel: Abraham Hotel and Kalpan Hotel, Guest Kitchen is available

Flight Booking

For Visa, always use dummy tickets for flight booking and book confirmed tickets once you get your visa. You can use below link to book dummy flight tickets:

dummyticket.com

My trip to my favorite country Israel

Some want to go to the US, Some want to Go to Europe, Some want to go to Canada, I just wanted to see my favorite country Israel which has stood up against all the adversaries via their courage, knowledge, and Here I am at the western wall

Mohit Dabas at Western Wall
Mohit Dabas at Masada Dead Sea
Mohit Dabas at Jersusalem Chord Bridge
Mohit Dabas at church of the holy sepulchre Jersualem
Mohit Dabas at kidron valley
Mohit Dabas Tel Aviv

Source Code Review: Grabbing all the inputs from a web application using a simple python script.

The following small code of python grabs all the inputs from the html page or templates in a project and gives you a clear picture to attack and fuzz.

The project used for this experiment https://github.com/CSPF-Founder/JavaVulnerableLab

Here is the code for this:

from os import listdir
from os.path import isfile, join
import re
from os import walk
from bs4 import BeautifulSoup
def fileGetter():
fileNames = []
mypath='<folder_name>'
for (dirPath, dirNames, fileName) in walk(mypath):
for fn in fileName:
fileNames.append(dirPath+'/'+fn)
return fileNames
def grabInputTag(fileNames):
inputTagFiles=[]
for filePath in fileNames:
with open(filePath) as f:
try:
data=f.read()
match=re.findall(r'<input',data)
if len(match)> 0:
inputTagFiles.append(filePath)
else :
pass
except Exception as e:
print (e)
return inputTagFiles
def getAllInputAttributes(inputTagFileNames):
inputTags=[]
for itf in inputTagFileNames:
with open(itf) as f:
data=f.read()
soup = BeautifulSoup(data)
try:
form = soup.find('form')
for nameAttr in form.findAll('input'):
inputTags.append(nameAttr.get('name'))
for nameAttr in form.findAll('textarea'):
inputTags.append(nameAttr.get('name'))
except Exception as e:
#print (e)
pass
return inputTags
fileNames=fileGetter()
inputTagFileNames=grabInputTag(fileNames)
inputTags=list(set(getAllInputAttributes(inputTagFileNames)))
print (inputTags)
view raw inputparser.py hosted with ❤ by GitHub

Post related to it will be posted very soon

#100DaysOfCode: Inspect Launch Agents and Daemon Programs T1543.001 – Launch Agent (Mitre)

So I have taken this challenge and hope I code something cool and code.Mostly I will be coding about security.

So The program for today is a simple one, During incident response and forensic we need check for the persistence of malicious software in case of mac malware they use launch Agent and Launch Daemons .The plist files which contains information on how to run a program is found on these locations.

Sometimes the plist.info file is binary format .We can use plutil to convert into xml and vice-versa.

import os
from pathlib import Path
def crawlAgentsAndDaemons():

    agentsNDaeomns={
        str(Path.home())+'/Library/LaunchAgents':['Currently logged in user'],
        '/Library/LaunchAgents':['Currently logged in user'],
        '/Library/LaunchDaemons':['root or the user specified with the key UserName'],
        '/System/Library/LaunchAgents':['Currently logged in user'],
        '/System/Library/LaunchDaemons':['root or the user specified with the key UserName']
    }
    directories=list(agentsNDaeomns.keys())
    for dirs in directories:
        print ("============"+dirs+"===========")
        print ()
        plistFiles=os.listdir(dirs)
        for pfiles in plistFiles:
            print ("Application Name: "+pfiles)
            print()
            fileOpen=open(dirs+'/'+pfiles)
            try:
             fileRead=fileOpen.read()
             print(fileRead)
             fileOpen.close()
            except(UnicodeDecodeError):
               
                try:
                 os.system('plutil -convert xml1 '+dirs+'/'+pfiles)
                 fileOpen=open(dirs+'/'+pfiles)
                 fileRead=fileOpen.read()
                 print(fileRead)
                 fileOpen.close()
                 os.system('plutil -convert binary1 '+dirs+'/'+pfiles)
                except:
                    pass

crawlAgentsAndDaemons()         


sudo python inspectmacosxlaunchagentanddaemon.py > dump.txt

after running this program we get application details like this and can check for malicious program by checking program’s arguments.

Coding a Timer In Javascript.

So I m just started to work on JS animation I don’t know I should call it only js animation as lots of CSS is also involved but fuck it lets just write some code.

Before I present you the code you must visit this timing function reference on w3school and experiment with them and get yourself comfortable.

https://www.w3schools.com/js/js_timing.asp

https://www.w3schools.com/howto/howto_js_typewriter.asp

The code is here https://gist.github.com/MohitDabas/f9a99c16fc54a09200beb065db0d0418

SASTGriper: Finding vulnerable Code via grep.

Before you start reading this I want to make sure the whole project is based upon this grep command.

grep -irnE  “regexp” ./pathtoFolder. I haven’t done anything new or I m not even bragging. I m starting and posting this for feedbacks and features which are going to be added in the upcoming versions. Feel free to give any suggestions, feedback.
I have only added a user interface where you can click a button which is mentioning your desired file and a visual studio code’s window will be opened and the cursor will directly point to that line number. You can add a breakpoint directly to the line number in visual studio code.
The example is shown here is mentioning Damn Vulnerable NodeJS Application
1. Let us hunt some SQL operations and functions.
Screenshot 2019-09-21 at 12.21.38 AM
After Clicking on Open In Visual Studio. The File will be opened and the cursor will be prompt on the desired line.
Screenshot 2019-09-21 at 12.21.58 AM
2. Searching for the dangerous eval function in the code.
Screenshot 2019-09-21 at 12.29.13 AM
When Open In Visual Studio Code is Clicked.
Screenshot 2019-09-21 at 12.29.29 AM
3 When Authentication related functions are searched.
Screenshot 2019-09-21 at 12.32.54 AM
You can search for multiple things at once by simply giving a regex.
Screenshot 2019-09-21 at 12.32.30 AM

Break restricted Environments. Spawn a shell, Evade common detections.

So Usually while solving CTF or doing some pentesting project you stuck on getting a shell because of some restricted shell environment or some detection tools.

While searching on this topic I came to this amazing link https://gtfobins.github.io/#+shell

The list on the website contains an awesome comprehensive list of some daily or uncommon bin exe which can help you to break free restriction in restricted environments. Usage of the Environment variable and how to elevate privilege is also mentioned out there. Few of the binary usages are quite uncommon could easily be used for malicious purposes. All n all a great information.

I tried my hands on a few of them.

1blog

2ndblog3rd4blog