Shodan

Shodan is a search engine to find specific services such as webcams, SCADA systems, linksys... Its operation is simple but effective: it scans the whole internet and uses the information returned by the device banners to discover the software version, the device model, etc. Shodan is especially useful for the investigation of IoT devices, since there are millions of devices online with vulnerabilities that can be located by the information they provide in their responses. Mode of use First, I'll do a simple search. I'm going to look at the different Apache servers in the world. To do this, just type "apache" into the search engine. On the left…

0 Comments

SQL Injection: OAST techniques

Today I bring you a very interesting type of SQL Injection, and that is not very well known. It's a variation of Blind SQL Injection.if you're still not very familiar with SQL injections, I recommend you visit this post first. You should also take a look at noSQL injections from non-relational databases. In Blind SQL Injection, we can get information from the database if the server returns different responses depending on whether the injected payload (Boolean Blind SQL) is true or false. In case it always returns the same answer, we can get the database information from the server response times (Time Blind SQL).However, it may be the case of…

0 Comments

Cross-Site Scripting II: Advanced

This post is the continuation of another one I published a few months ago. If you haven't read it yet, I recommend you take a look at it. You already know that it is a Cross-Site Scripting, you know what types there are, what payloads to test, in which fields to look when you are analyzing a web, how to avoid the filters of the WAFs... Now I'm going to show you how to really take advantage of this injection. BeEF I'll start with a tool called BeEF. It is already integrated in the main hacking distributions (Kali Linux, Parrot Security), just run it with ./beef-xss and enter the…

0 Comments

Cross-Site Scripting: XSS Injection

After the posts about SQL Injection and NoSQL Injection, today I bring you the XSS Injection. This attack consists of injecting malicious code into benign web pages. The attacker injects code from the client side, so that for a bad configuration of the website, this code is shown to other users. This type of attack usually occurs when the browser uses a user input field to generate an output field without previously validating it. To try to get a Cross-Site Scripting injection, you have to try to find areas of a web page where a value you enter is reflected. An example would be to find a web page…

1 Comment

noSQL Injection

In previous posts I have talked about SQL injections. It is usually the first example of computer security that is given to a student: " ´ or 1 = 1 -- a " However, this is only useful for servers that use relational databases, such as MySQL, MSSQL, Oracle. In the last decade another type of database has appeared: non-relational databases, such as Couch or MongoDB. This type of database is used to store a large amount of unrelated data, data that do not fit into the typical tabular model of SQL databases, such as images, videos, social media, and so on. The queries that are made to this type…

2 Comments

WordPress Shielding

As time goes by this domain gets bigger and bigger... Thanks to you! With less than a year of life, Google Analytics has notified me that in March I surpassed the one thousand monthly users. This is great news, but at the same time it has made me think that I should retouch a couple of things about blog security to be completely happy. After all, it's a crime for a cybersecurity blog to lack it. For this reason, today I bring you the steps I have taken to secure wordpress. The Basics Strong passwords and updated services. That's the foundation on which everything else must be built. Be sure…

7 Comments
WordPress Shielding
WordPress Shielding

Tor Network and Deep Web

During the last decade, the deep web has become very well known, everyone has talked about it. And the problem with this fame is that a lot of urban myths have arisen about this part of the Internet.The deep web is the name given to all content that is not included in search engines. Without going into details about why a person would want to access the deep web, in this blog I'm going to show you how to connect using the Tor browser. Tor is a browser that allows anonymous access to the Internet, thanks to its Onion Routing system. In a normal Internet connection, routing is direct: it…

0 Comments

Google Hacking

Google is one of the most famous search engines in the world. However, searching Google is an art that many people don't quite understand. And a case apart are those who prefer to ask you rather than do a simple google search. Luckily, there are awareness pages like lmgtfy Do you want to know how to be a hacker? Here's the link: http://lmgtfy.com/?q=how+to+be+a+hackerhttp://lmgtfy.com/?q=As+ser+hacker But in this article we will go further. Google has advanced search options: the so-called Google Dorks. Here I'll explain each of the different dorks that exist, and show you some examples of how you can discover sensitive information and find pages and files of a…

1 Comment

Penetration Tester Manual

Today I bring a very special post. This publication has been delayed a couple of weeks because I was finishing polishing it, and I wanted it to be perfect.I've been working for quite some time on a guide with the basics of pentesting, the different steps that a security auditor takes to perform an ethical hacking to a web application. Finally it is ready, and today I bring it to you in this post.One of the first books I read when I started in the world of cybersecurity was "The Web Application Hacker's Handbook 2", by Dafydd Stuttard and Marcus Pinto. This book, although it is something old, describes in…

0 Comments
Penetration Tester Manual
Manual del pentester

Physical hacking with USB

Have you ever been told that if you find a USB stick on the floor, you shouldn't put it in your computer? Today I'll show you through a proof of concept why you shouldn't do it. In this post we will see how to create a malicious USB that can infect a computer in seconds.But first a little bit of history.In 2010, the media echoed a virus that had managed to infect a nuclear power plant in Iran. This malware, called Stuxnet, slowed down the centrifuges that enriched uranium, increasing the pressure to critical points. The power station had sensors that allowed it to operate valves that released the…

1 Comment