About me

 

$> David Utón (M3n0sD0n4ld)

• More than 10 years as a computer technician and technical service in microelectronics.
• 12 years playing with Industrial technology.
• Passionate about Cybersecurity and hacking challenges.
• Currently working in Offensive Security area.

[+] Tools

1. uCVE: uCVE is a tool written in GO that allows to extract CVE’s related to a specific software and version, obtaining a report in HTML format with the result and/or exporting it to the pentesting report.
2. GooFuzz: GooFuzz is a tool to perform fuzzing with an OSINT approach, managing to enumerate directories, files, subdomains or parameters without leaving evidence on the target’s server and by means of advanced Google searches (Google Dorking).
3. uDork: uDork is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information in files or directories, find IoT devices, detect versions of web application… (Currently not working)
4. uNominaCracker: It is a script written in Python that performs brute force on workers’ payroll files through the use of their DNI (National Identity Document).

[+] Exploits

• WordPress 5.7 - ‘Media Library’ XML External Entity Injection (XXE) (Authenticated) - CVE-2021-29447
• SUDO - CVE-2021-3156 (Checker)
• Strapi < 3.0.0-beta.17.7 (Authenticated) - CVE-2019-19609
• Simple Image Gallery System 1.0 - SQL Injection (Time-Based blind)
• Company’s Recruitment Management System 1.0 - Remote Readable Administrator Credentials (Unauthenticated)

[+] CVE

• Scada-LTS - Privilege escalation (CVE-2022-41976)
• CVE-2022-41869
• CVE-2022-2033
• CVE-2023-31505
• CVE-2023-31506
• Jorani - SQL Injection (CVE-2023-2681)
• CVE-2023-33357
• HelpDezk Community - Improper Authorization (CVE-2023-3037)
• HelpDezk Community - SQL Injection (CVE-2023-3039)
• CVE-2023-3101
• SLiMS - Server-Side Request Forgery (CVE-2023-3744)
• ZKTeco ZEM800 - Insecure Direct Object Reference (CVE-2023-4587)
• Amazing Little Poll - Authentication Bypass (CVE-2023-6768)
• Amazin Little Poll - Stored Cross-Site Scripting (CVE-2023-6769)

[+] Articles

• PenTest Magazine: Open-Source Pentesting Toolkit
• Company’s Recruitment Management System 1.0 - Remote Readable Administrator Credentials (Unauthenticated)
• GooFuzz: la herramienta para la enumeración de directorios y ficheros de forma pasiva
• Cracking of payroll files
• CTF: Aprende «hacking» jugando
• Por el router muere el pez
• Ciberataques físicos: cuando el peligro está en un USB
• Black Fraude: cómo evitar las estafas en rebajas
• El Coronavirus, una excusa más para los ciberdelincuentes
• Red Segura: Ciberseguridad aplicada al Coronavirus

[+] Events & Conferences

• Interview: Digitalización industrial en CCI (Centro de Ciberseguridad Industrial)
• Conference: Voz de la industria sobre la integración de Redes IT/OT - Ciberseguridad Industrial
• Conference: uDork - Google Hacking Tool - Hack&Beers Remake vol 5
• Conference: uDork - Google Hacking Tool v2.0 - BitUP 2020
• Conference: MailDay - Hackterriza como puedas - BitUP 2021
• Conference: IES Rafael Alberti (Cádiz) - IoT Pentesting - 2022
• Conference: GooFuzz - Securiters Twitch- 2022

[+] Old Writeups

HackTheBox

Name	Level	OS	Tags
Resolute	Medium	Windows	#smb #evil-winrm #password-spray
Monteverde	Medium	Windows	#enum4linux #powershell #AzureAD
Sauna	Easy	Windows	#GetNPUsers #mimikatz #winPEAS
Conceal	Hard	Windows	#snmp #ike-scan #strongswan
Omni	Easy	Windows	#IoT #SirepRAT.py #WDP
Mango	Medium	Linux	#NoSQL #script #SUID #jjs #java
Bastard	Medium	Windows	#Drupal #RCE
Forest	Easy	Windows	#Exchange #Secretsdump
Doctor	Easy	Linux	#SSTI #RCE #Splunk
Chaos	Medium	Linux	#WP #Roundcube #Firefox

VulnHub

Name	Level	OS	Tags
VulnUni	Medium	Linux	#eClass #SQLi #DirtyCow
Recon:1	Easy	Linux	#WP #SUDO #gdb
CK-00	Easy	Linux	#WP #SUDO #scp
DevRandom CTF: 1.1	Easy	Linux	#LFI #RCE #apache #poison #SUDO #dpkg
Victim: 1	Medium	Linux	#Bolt #WebFS #wpa #wifi #SUID #nohup
Zion: 1	Medium	Linux	#SSH #SUDO #cp
Death Star: 1	Medium	Linux	#UDP #steghide #knockport #lib.so.6
Tre: 1	Medium	Linux	#adminer #mantisBT #SUDO #shutdown
Seppuku: 1	Hard	Linux	#webconsole #smb #SUDO #ln
CengBox: 2	Medium	Linux	#GilaCMS #SUDO #scripts
HA: Natraj	Medium	Linux	#LFI #SSH #RCE #poison #SUDO #nmap
Glasgow Smile: 1.1	Medium	Linux	#joomla #cron
GitRoot: 1	Medium	Linux	#git #SUDO
eLection: 1	Medium	Linux	#eLection #OSINT #SQLi #
Sunset: decoy	Easy	Linux	#zip #john #chkrootkit
CyberSploit: 1	Easy	Linux	#crypto #overlays
Pwned: 1	Easy	Linux	#SSH #group #docker
BlackRose: 1	Hard	Linux	#byPass #PHP #strcmp #id.so #reversing #ghidra #waf
GreenOptic: 1	Hard	Linux	#LFI #wireshark #group
Presidential: 1	Hard	Linux	#LFI #RCE #phpmyadmin #capabilities #tar
Tomato: 1	Medium	Linux	#LFI #poison #RCE #ssh #log #CVE-2017-16995
Sunset: Midninght	Medium	Linux	#WP #SUID #status #path #service
Sunset: Twilight	Medium	Linux	#PHPF1 #shadow #file
Chili: 1	Easy	Linux	#FTP #write #abuse #passwd
Cewlkid: 1	Medium	Linux	#SitemagicCMS #fileupload #cron #SUDO
Durian: 1	Hard	Linux	#LFI #RCE #log #poison #capabilities #gdb
Relevant: 1	Medium	Linux	#WP #nmap #scripts #plugins #wp-file-manager #RCE #SUDO #node
Powergrid: 1.0.1	Hard	Linux	#Roundcube #RCE #PGP #Rsync #pivoting #SSH
Insanity: 1	Hard	Linux	#wireshark #SQLi #SquirrelMail #Firefox
Tempus Fugit: 3	Hard	Linux	#SSTI #SQLite #Processwire #OPT #Google #reversing #abuse #binary
KB-Vulns: 3	Easy	Linux	#smb #SiteMagicCMS #SETUID #systemctl
Cybox: 1	Medium	Linux	#LFI #RCE #Apache #poison #SETUID #uncommon

Offensive Security

Name	Level	OS	Tags
DC5	Easy	Linux	#LFI #RCE #Nginx #log #poison #SETUID #screen

UAM

Name	Level	OS	Tags
El coche fantástico	Easy	Linux	#web #waf #xor #RCE