Shodan

Shodan is a search engine to find specific services such as webcams, SCADA systems, linksys... Its operation is simple but effective: it scans the whole internet and uses the information returned by the device banners to discover the software version, the device model, etc. Shodan is especially useful for the investigation of IoT devices, since there are millions of devices online with vulnerabilities that can be located by the information they provide in their responses. Mode of use First, I'll do a simple search. I'm going to look at the different Apache servers in the world. To do this, just type "apache" into the search engine. On the left…

0 Comments

Post Explotation Backdooring II

This is the second part of the set of posts about Post Explotation Backdooring. If you haven't read the previous post, I recommend you do so to understand this post. Again I want to thank OscarAkaElvis, who taught me these PE Backdooring techniques.In the previous post we saw how to introduce the code of a reverse shell in a program, creating a Trojan. However, in real life this technique is more than known by antivirus, and it will not work.First of all, because it is very rare for a program to have a JMP as its first instruction.On the other hand, it is easy to verify that the size…

2 Comments

Cross-Site Scripting II: Advanced

This post is the continuation of another one I published a few months ago. If you haven't read it yet, I recommend you take a look at it. You already know that it is a Cross-Site Scripting, you know what types there are, what payloads to test, in which fields to look when you are analyzing a web, how to avoid the filters of the WAFs... Now I'm going to show you how to really take advantage of this injection. BeEF I'll start with a tool called BeEF. It is already integrated in the main hacking distributions (Kali Linux, Parrot Security), just run it with ./beef-xss and enter the…

0 Comments

Zip Bombs III: Overlapping Bombs

In this last post of the zip bombs series, I'm going to tell you about a new method that has emerged in the last month: overlapping bombs. With this type of bombs has come to achieve the highest rate of decompression of all time: from 46 MB to 4.5 Petabytes. The idea This kind of bomb that has been created by David Fifield has something very different from those of the previous posts: it does not use recursiveness. Instead, it uses file overlapping. This means that after the first decompression it expands completely, so you can't stop with the security measures taken by antivirus and operating systems with the…

0 Comments

Zip Bomb I: Nested bombs

When a file is compressed, its size is reduced. It's based on a simple principle: if you have a file with the text "aaaaaabbb", which is 9 characters long, you could reduce the size by saving it as "6a3b". Using this rudimentary algorithm, you can decompress the compressed file by multiplying the character that follows it by the number of times the digit indicates.That's why two files that are the same size are compressed at a different compression rate. Following the previous example, the file "aaaaaabbb" would become "6a3b", which means a compression ratio of 4:9, i.e. it is reduced by 66%. However, the file "aaabbaaab" would become "3a2b3a1b",…

4 Comments

Cross-Site Scripting: XSS Injection

After the posts about SQL Injection and NoSQL Injection, today I bring you the XSS Injection. This attack consists of injecting malicious code into benign web pages. The attacker injects code from the client side, so that for a bad configuration of the website, this code is shown to other users. This type of attack usually occurs when the browser uses a user input field to generate an output field without previously validating it. To try to get a Cross-Site Scripting injection, you have to try to find areas of a web page where a value you enter is reflected. An example would be to find a web page…

1 Comment