Carlos Bello – WindowsTechs.com

Server response delays without having provided a time-based blind SQL injection input

Posted on March 31, 2021 by Carlos Bello

I am new to SQL injection. When I was researching a bug bounty site protected by cloudflare, unsurprisingly, entering email@gmail.com’ OR 1=1–, to test SQL injection, did not work.
So later, trying to bypass the filter, there came a time … Continue reading Server response delays without having provided a time-based blind SQL injection input→

Mount my own DDNS with python to perform DNS rebinding attacks (for a challenge in rootme)

Posted on March 14, 2021 by Carlos Bello

I’m trying to make a simple python DDNS server, to test it against a DNS rebinding challenge on the internet.
After days of research I was able to understand the vuln, but I have not been able to configure my own ddns using dnslib in pytho… Continue reading Mount my own DDNS with python to perform DNS rebinding attacks (for a challenge in rootme)→

Can I change my public IP address to a specific one?

Posted on February 23, 2021 by Carlos Bello

It happens that I participate in a bug hunting program and analyzing the app I realized that there is a particular parameter that is very important for access control and that only changes with the IP address.
Anyway, the question here is … Continue reading Can I change my public IP address to a specific one?→

web shells in IDAT PNG Fragments

Posted on February 10, 2021 by Carlos Bello

I have been doing some research on how a PNG is constructed internally, as well as some articles on a technique to include web shells within the IDAT fragment of a PNG.
Researching on the Internet I came across a publication, which listed … Continue reading web shells in IDAT PNG Fragments→

c vs c ++ for reverse engineering or cracking

Posted on January 19, 2020 by Carlos Bello

I have searched a lot on the Internet and I see that I strongly recommend c for this task, I thought it was better c ++ for the fact of including the POO.

I have also read that these two are certainly compatible, but I don’t know to what… Continue reading c vs c ++ for reverse engineering or cracking→

How to compare hashes with bcrypt when the salt is different?

Posted on December 28, 2019 by Carlos Bello

There are different ways to perform a MAC, but without doubt the most used and efficient in many cases is HMAC, this serves to verify that the message has not been altered. A hash such as sha-256, sha-512 or bcrypt is regular… Continue reading How to compare hashes with bcrypt when the salt is different?→

Some questions about criptography

Posted on December 28, 2019 by Carlos Bello

During my tour learning from this interesting world of cryptography, I have encountered several questions which are:

There are different ways to perform a MAC, but without doubt the most used and efficient in many cases is H… Continue reading Some questions about criptography→