PoC’s

Pentesting / PoC's

SQL Injection: OAST techniques

Today I bring you a very interesting type of SQL Injection, and that is not very well known. It's a variation of Blind SQL Injection.if you're still not very familiar with SQL injections, I recommend you visit this post first. You should also take a look at noSQL injections from non-relational databases. In Blind SQL Injection, we can get information from the database if the server returns different responses depending on whether the injected payload (Boolean Blind SQL) is true or false. In case it always returns the same answer, we can get the database information from the server response times (Time Blind SQL).However, it may be the case of…

0 Comments
December 15, 2019
SQL Injection: OAST techniques
Malware / PoC's

Post Explotation Backdooring III

This is the third post on the post-exploitation method based on code caves. In the first part I showed you how to create a basic code cave in an executable to introduce a shell. In the second part I improved its detection rate using natural code caves and hiding the jump to the cave between the instructions of the program. In this part I'm going to show you how to avoid that antivirus detect the shell of the code cave through encryption and decryption at runtime. Thanks again to OscarAkaElvis, who taught me these techniques. Cipher natural code caves This method is based on the previous method. Some antivirus…

0 Comments
November 4, 2019
Post Explotation Backdooring III
Malware / PoC's

Post Explotation Backdooring II

This is the second part of the set of posts about Post Explotation Backdooring. If you haven't read the previous post, I recommend you do so to understand this post. Again I want to thank OscarAkaElvis, who taught me these PE Backdooring techniques.In the previous post we saw how to introduce the code of a reverse shell in a program, creating a Trojan. However, in real life this technique is more than known by antivirus, and it will not work.First of all, because it is very rare for a program to have a JMP as its first instruction.On the other hand, it is easy to verify that the size…

2 Comments
October 21, 2019
Post Explotation Backdooring II
Malware / PoC's

Zip Bombs III: Overlapping Bombs

In this last post of the zip bombs series, I'm going to tell you about a new method that has emerged in the last month: overlapping bombs. With this type of bombs has come to achieve the highest rate of decompression of all time: from 46 MB to 4.5 Petabytes. The idea This kind of bomb that has been created by David Fifield has something very different from those of the previous posts: it does not use recursiveness. Instead, it uses file overlapping. This means that after the first decompression it expands completely, so you can't stop with the security measures taken by antivirus and operating systems with the…

0 Comments
August 20, 2019
Zip Bombs III: Overlapping Bombs
Malware / PoC's

Zip Bombs II: Quine Bombs

In last week's post I introduced the zip bombs and explained how to create a zip bomb using the recursion technique. I recommend that you take a look at it if you haven't already done so.  In this new entry I'm going to introduce the Quine Bombs.  Quine Programs In computing, a "quine" program is a program that replicates itself. In other words, a program whose source code generates its own source code as output. This is not easy to achieve. Let's see an example. If we execute print(1) in python, the output would be 1. We need the output to be the same as the input, in this case…

1 Comment
August 12, 2019
Zip Bombs II: Quine Bombs
Malware / PoC's

Zip Bomb I: Nested bombs

When a file is compressed, its size is reduced. It's based on a simple principle: if you have a file with the text "aaaaaabbb", which is 9 characters long, you could reduce the size by saving it as "6a3b". Using this rudimentary algorithm, you can decompress the compressed file by multiplying the character that follows it by the number of times the digit indicates.That's why two files that are the same size are compressed at a different compression rate. Following the previous example, the file "aaaaaabbb" would become "6a3b", which means a compression ratio of 4:9, i.e. it is reduced by 66%. However, the file "aaabbaaab" would become "3a2b3a1b",…

4 Comments
August 4, 2019
Zip Bomb I: Nested bombs
Pentesting / PoC's

Cross-Site Scripting: XSS Injection

After the posts about SQL Injection and NoSQL Injection, today I bring you the XSS Injection. This attack consists of injecting malicious code into benign web pages. The attacker injects code from the client side, so that for a bad configuration of the website, this code is shown to other users. This type of attack usually occurs when the browser uses a user input field to generate an output field without previously validating it. To try to get a Cross-Site Scripting injection, you have to try to find areas of a web page where a value you enter is reflected. An example would be to find a web page…

1 Comment
June 3, 2019
Cross-Site Scripting: XSS Injection
Pentesting / PoC's

noSQL Injection

In previous posts I have talked about SQL injections. It is usually the first example of computer security that is given to a student: " ´ or 1 = 1 -- a " However, this is only useful for servers that use relational databases, such as MySQL, MSSQL, Oracle. In the last decade another type of database has appeared: non-relational databases, such as Couch or MongoDB. This type of database is used to store a large amount of unrelated data, data that do not fit into the typical tabular model of SQL databases, such as images, videos, social media, and so on. The queries that are made to this type…

1 Comment
May 8, 2019
noSQL Injection
Pentesting / PoC's

WordPress Shielding

As time goes by this domain gets bigger and bigger... Thanks to you! With less than a year of life, Google Analytics has notified me that in March I surpassed the one thousand monthly users. This is great news, but at the same time it has made me think that I should retouch a couple of things about blog security to be completely happy. After all, it's a crime for a cybersecurity blog to lack it. For this reason, today I bring you the steps I have taken to secure wordpress. The Basics Strong passwords and updated services. That's the foundation on which everything else must be built. Be sure…

5 Comments
April 23, 2019
WordPress Shielding
WordPress Shielding
Pentesting / PoC's

Google Hacking

Google is one of the most famous search engines in the world. However, searching Google is an art that many people don't quite understand. And a case apart are those who prefer to ask you rather than do a simple google search. Luckily, there are awareness pages like lmgtfy Do you want to know how to be a hacker? Here's the link: http://lmgtfy.com/?q=how+to+be+a+hackerhttp://lmgtfy.com/?q=As+ser+hacker But in this article we will go further. Google has advanced search options: the so-called Google Dorks. Here I'll explain each of the different dorks that exist, and show you some examples of how you can discover sensitive information and find pages and files of a…

0 Comments
March 5, 2019
Google Hacking
Older Posts →