Pablo Gallardo's Blog
My professional web log about IT, Project Management & SAP
Archive | Security RSS feed for this section

Slowloris Attack

The Slowloris script opens two connections to the server, each without the final CRLF. After 10 seconds, second connection sends additional header. Both connections then wait for server timeout. If second connection gets a timeout 10 or more seconds after the first one, we can conclude that sending additional header prolonged its timeout and that […]

Comments { 0 }

Self-signed Certificates

Self-signed certificates are widely used for testing purposes. In self-signed certificates, user creates a pair of public and private keys using a certificate creation tool and signs the document with the public key. The receiver requests the sender for the private key to verify the certificate. However, the certificate verification rarely occurs due to necessity […]

Comments { 0 }

How to identify the Model of a wireless Router in Linux

This post explains how can we identify the model of a wireless router using Linux.   Step by step 1. Set your wireless adapter in monitor mode Check this post about how to put a wireless adapter in monitor mode in Linux. This step includes identifying the ID of the wireless you are going to […]

Comments { 0 }

How to set your Wireless Adapter to Monitor Mode in Linux

Wireless network interface controllers (WNIC’s) can operate in different modes: Managed mode: the only packets that are received in the computer are the one directed to it. Promiscuous mode: it is a listening mode that exists for both wired and wireless adapters. Monitor mode: a listening mode that only exists for wireless adapters. When we […]

Comments { 0 }

How to find the Devices on your Network with nmap

First of all, you need to know your IP and the network range where it belongs to. It is important to perform scanning that you understand the meaning of IPv4 addresses. You can check this post explaining about it. Open a terminal and type the following command to get your IP: ifconfig First, locate what […]

Comments { 0 }


IPv4 Address IPv4 address represent a single device in an IP network. IPv4 addresses consist of 32 bits. Example: 11000110001100110110010000000000 These 32 bits are usually divided in 4 octets, and separated with a dot. Example: 11000110.00110011.01100100.00000000 In order to become more familiar for human, they are usually represented using decimal notation. Example:   Networks, […]

Comments { 0 }


sqlmap is a command line tool to automatize SQL injections. Examples Retrieve tables on DB (–tables;)] specify database with -D: sqlmap -u “″ –cookie=<”cookie value which you have copied in step #5″> -D moviescope –tables Retrieve columns from a table in DB –columns; sqlmap -u “″ –cookie=<”cookie value which you have copied in step #5″> […]

Comments { 0 }

SQL Injection Queries Examples

Testing for SQL Injection ||6 ‘||6′ (||6) ‘ OR 1=1– OR 1=1 ‘ OR ’1′=’1 ; OR ’1′=’1′ %27+–+ “or 1=1– ‘ or 1=1 /* or 1=1– ” or “a”=”a Admin’ OR ‘ ‘ having 1=1– ‘ OR ‘text’= N’text’ ‘ OR 2>1 ‘ OR ‘text’ > ‘t’ ‘ union select Password:*/=1 ‘ or 1/* […]

Comments { 0 }

Metasploit Framework in CEH Exam

This post explain what is Metasploit Framework and its uses regarding Certificated Ethical Hacker (CEH) Exam. It is not intented to be an overall review of the tool. It is focused on CEH v10. What is Metasploit Framework? Metasploit Framework (usually abbreviated as msf) is an open-source tool for developing and executing exploit code against […]

Comments { 0 }

List of Tools featured in CEH iLabs by Hacking Phases

According to some people that have performed Certified Ethical Hacker (CEH) Practical exam, they say that most of the scenarios are based on exercises presented on CEH iLabs, that are included in the official CEH iLearn Course. So for CEH Practical exam candidates, it is important to know and handle all tools that are featured […]

Comments { 0 }
Política de privacidad