Morioh
Login
Brain Crist

Brain Crist

4 years ago

Investigating “strings” within an application and why these values are important!

_Room link: _https://tryhackme.com/room/malstrings

Note: This room is for Premium Members Only. who purchased THM premium membership.

Motivation:

What you will learn after completing this Room:

  • String analysis
  • OSINT
  • Static Analysis(Part of Malware Analysis)

Image for post

MAL: Strings

What are “strings”?

  • From a programming perspective, “strings” is the term given for data handled by an application. At a broader view, these pieces of data are used to store information such as text to numerical values.

  • For example, let’s say we have an application such as a calculator. A user will have to input two numerical values (e.g. 1 and 5) combined with an operator (e.g. + or plus) addition in this case. These values will be stored as “strings”.
  • However “strings” can be stored within the application itself — where no input is necessary from the user. For example, using the example of usernames and passwords is a great representation of the many types of information that may be stored as a “string”.

Why are “strings” important?

  • We’re all security-minded people here and know that writing down passwords isn’t a very smart thing to do. However, developers are not quite so likeminded and often leave credentials in applications which are often essential i.e. An application that server needs to know the IP address of it. Arguably, an IP address is trivial in comparison to the sensitivity of a password — but both would be stored as strings.
  • There are a plethora of examples of companies storing sensitive information such as passwords within their applications. For example, Intellian, a satellite-communications focused company had the disclosure of their “Aptus Web 1.24” application retaining a default passcode of “12345678”.
  • Illustrated below is an example of an Android Application containing sensitive credentials within strings:

Task 1:

Image for post

  1. What is the **name of the account **that had the passcode of “12345678” in the intellian example discussed above?

Answer: intellian

  • I searched this product name on google and found it’s default username and password.

Image for post

Reference:

#tryhackme #th3cyb3rc0p #ransomware #ctf #bug-bounty

TryHackMe:(MAL: Strings) Walkthrough by Mayur Parmar

medium.com

TryHackMe:(MAL: Strings) Walkthrough by Mayur Parmar

Investigating “strings” within an application and why these values are important!

22.40 GEEK