Author Archives: Xavi

Shellcoding Linux x86 XOR Encoder

Posted on March 31, 2019 by Xavi

Following the SLAE course I found an interesting subject that is how to create an encoder to hide our original shellcode. In this case we are going to use the XOR operation because it has the following property: (A xor … Continue reading

Posted in Exploiting | Tagged , , , , , , , , | Leave a comment

Shellcoding Linux x86 STACK technique (3/3)

Posted on March 25, 2019 by Xavi

Hello, in this post I will explain how to use execve syscall in a shellcode using the stack technique, the purpose of this shellcode is the same as the last shellcode from the previous post. As I told you in … Continue reading

Posted in Exploiting | Tagged , , , , , , , , | Leave a comment

Shellcoding Linux x86 JMP-CALL-POP technique (2/3)

Posted on March 24, 2019 by Xavi

Following the last article content, we are going to pop a shell instead of printing Hello World in the screen. To do this we are going to use the Execve syscall. This syscall allows us to execute a new program … Continue reading

Posted in Exploiting | Tagged , , , , , , , , | Leave a comment

Shellcoding Linux x86 JMP-CALL-POP technique (1/3)

Posted on March 23, 2019 by Xavi

Currently I’m studying SLAE certification of Pentester Academy and I found a really interesting video that explained this technique. I’m going to follow the course instructions step by step and try to explain it here the best as I can. … Continue reading

Posted in Exploiting | Tagged , , , , , , , , | Leave a comment

Introduction to Assembly

Posted on February 23, 2019 by Xavi

In this article I’m going to write a quick introduction to intel x86 assembly language. We are going to create a program, that is going to print a sentence in the screen. Before starting programming, we need to know a … Continue reading

Posted in Exploiting | Tagged , , , , , , , , | Leave a comment

SQL Injection 4

Posted on October 28, 2018 by Xavi

Time to move on to time-based SQLi.   Time based SQLi The process is almost the same as boolean-based. The thing that changes is the way to identify a true condition. Let’s visit level 9 of sqlilabs. The way to … Continue reading

Posted in Hacking Web | Tagged , , , , | Leave a comment

SQL Injection 3

Posted on October 28, 2018 by Xavi

In this article I’m going to explain step by step how you can extract information of a database using a blind boolean based SQLi vulnerability.   Blind boolean based SQLi First of all we need to understand what a boolean … Continue reading

Posted in Hacking Web | Tagged , , , , | Leave a comment

SQL Injection 2

Posted on October 28, 2018 by Xavi

Let’s continue understanding SQL injections. This time we are going to focus on understanding how to exploit more complicated SQL injections manually.   Error/Doble Query To understand Error-based SQLi, we need to start doing lesson 5 and 6 of the … Continue reading

Posted in Hacking Web | Tagged , , , , | Leave a comment

SQL Injection 1

Posted on October 27, 2018 by Xavi

Introduction The purpose of this post is not to teach you how to exploit a SQL Injection vulnerability, if you are just looking for that, just google sqlmap. In this article I will try to explain to you how SQL … Continue reading

Posted in Hacking Web | Tagged , , , , | Leave a comment

How to learn to hack?

Posted on October 14, 2018 by Xavi

I guess everyone that works in Infosec world has heard these words: “How can I learn to hack?” or “What I need to learn to be a hacker?”. There are a lot of people that are curious and wants to … Continue reading

Posted in Miscellaneous | Tagged , , , , , | Leave a comment