Cross-Site Scripting: XSS Injection

After the posts about SQL Injection and NoSQL Injection, today I bring you the XSS Injection. This attack consists of injecting malicious code into benign web pages. The attacker injects code from the client side, so that for a bad configuration of the website, this code is shown to other users. This type of attack usually occurs when the browser uses a user input field to generate an output field without previously validating it. To try to get a Cross-Site Scripting injection, you have to try to find areas of a web page where a value you enter is reflected. An example would be to find a web page…

1 Comment

noSQL Injection

In previous posts I have talked about SQL injections. It is usually the first example of computer security that is given to a student: " ´ or 1 = 1 -- a " However, this is only useful for servers that use relational databases, such as MySQL, MSSQL, Oracle. In the last decade another type of database has appeared: non-relational databases, such as Couch or MongoDB. This type of database is used to store a large amount of unrelated data, data that do not fit into the typical tabular model of SQL databases, such as images, videos, social media, and so on. The queries that are made to this type…

2 Comments

WordPress Shielding

As time goes by this domain gets bigger and bigger... Thanks to you! With less than a year of life, Google Analytics has notified me that in March I surpassed the one thousand monthly users. This is great news, but at the same time it has made me think that I should retouch a couple of things about blog security to be completely happy. After all, it's a crime for a cybersecurity blog to lack it. For this reason, today I bring you the steps I have taken to secure wordpress. The Basics Strong passwords and updated services. That's the foundation on which everything else must be built. Be sure…

7 Comments
WordPress Shielding
WordPress Shielding

Tor Network and Deep Web

During the last decade, the deep web has become very well known, everyone has talked about it. And the problem with this fame is that a lot of urban myths have arisen about this part of the Internet.The deep web is the name given to all content that is not included in search engines. Without going into details about why a person would want to access the deep web, in this blog I'm going to show you how to connect using the Tor browser. Tor is a browser that allows anonymous access to the Internet, thanks to its Onion Routing system. In a normal Internet connection, routing is direct: it…

0 Comments

Google Hacking

Google is one of the most famous search engines in the world. However, searching Google is an art that many people don't quite understand. And a case apart are those who prefer to ask you rather than do a simple google search. Luckily, there are awareness pages like lmgtfy Do you want to know how to be a hacker? Here's the link: http://lmgtfy.com/?q=how+to+be+a+hackerhttp://lmgtfy.com/?q=As+ser+hacker But in this article we will go further. Google has advanced search options: the so-called Google Dorks. Here I'll explain each of the different dorks that exist, and show you some examples of how you can discover sensitive information and find pages and files of a…

1 Comment

Penetration Tester Manual

Today I bring a very special post. This publication has been delayed a couple of weeks because I was finishing polishing it, and I wanted it to be perfect.I've been working for quite some time on a guide with the basics of pentesting, the different steps that a security auditor takes to perform an ethical hacking to a web application. Finally it is ready, and today I bring it to you in this post.One of the first books I read when I started in the world of cybersecurity was "The Web Application Hacker's Handbook 2", by Dafydd Stuttard and Marcus Pinto. This book, although it is something old, describes in…

0 Comments
Penetration Tester Manual
Manual del pentester

Physical hacking with USB

Have you ever been told that if you find a USB stick on the floor, you shouldn't put it in your computer? Today I'll show you through a proof of concept why you shouldn't do it. In this post we will see how to create a malicious USB that can infect a computer in seconds.But first a little bit of history.In 2010, the media echoed a virus that had managed to infect a nuclear power plant in Iran. This malware, called Stuxnet, slowed down the centrifuges that enriched uranium, increasing the pressure to critical points. The power station had sensors that allowed it to operate valves that released the…

1 Comment

The art of breaking a hash (Hashcat)

In this other post I talked about passwords and the conditions that must be met to be considered secure. However, if we enter the world's strongest password on an insecure site, an attacker who has access to the database will be able to obtain it no matter how long or complicated it is. The question then arises as to how to securely store the passwords of website users in a database. The answer is that the safest way to do this is not to save them. Instead, a reference to them, i.e. a hash, is stored. To understand this, let's delve deeper into the concept of hash. Hashes and…

0 Comments
The art of breaking a hash (Hashcat)
Hashcat

Hacking web: searching leaks in github with Scarpy

Many times it is not necessary to hack into anything to get credentials or confidential data. Many developers have the strange habit of leaving sensitive information in their code. And it is a Pentester's duty to get hold of that information. Today I'm going to do a little tutorial on how you can track the web for sensitive information. To do this, I will use the Scrapy tool, a very powerful crawler that is very easy to configure in python. The most important thing about this tool is the speed with which it performs the crawling. For this little proof of concept, I will show you how to get sensitive information…

2 Comments
Hacking web: searching leaks in github with Scarpy
Scrapy: Web Crawling

Strong Passwords

Today we are going to talk about why in recent years we are constantly told that we must establish secure passwords if we want to protect our accounts. I decided to write this post because I recently pentested a client and exploited a SQL Injection vulnerability (you can read more about this vulnerability here) and got to download their entire database. When I opened the table of users, not only was it shocking to see that they kept the passwords clear, but that users had set passwords such as "carmen01", "david93", "Password" or "qwerty". And the administrator user had decided that "admin2018" was a secure password. Spoiler: it's not.…

4 Comments