Dmolina23

https://dmolina23.github.io/pentest_blog/Dmolina23Personal web, CTF Writeups, Software News and many more. 2026-06-08T19:45:27+02:00 David Molina https://dmolina23.github.io/pentest_blog/ Jekyll © 2026 David Molina /pentest_blog/assets/img/favicons/favicon.ico /pentest_blog/assets/img/favicons/favicon-96x96.png Hacking RFID: Descifrando las tarjetas MIFARE Classic 1K y modificando su saldo2026-05-12T00:00:00+02:00 2026-05-12T20:04:18+02:00 https://dmolina23.github.io/pentest_blog/posts/nfc-rfid/ David Molina

¿Alguna vez te has preguntado si las tarjetas de transporte que utilizas a diario son seguras? Durante años, la tecnología RFID ha sido el estándar para controles de acceso, pagos rápidos y transporte público. Sin embargo, lo que para el usuario es un simple “tocar y pasar”, a nivel técnico esconde implementaciones que, a día de hoy, están completamente rotas. En este post, vamos a analizar l...

Ingeniería Inversa a la Mi Band 4. Descifrando su Protocolo BLE para Tomar el Control de los Sensores.2025-12-09T00:00:00+01:00 2025-12-09T00:00:00+01:00 https://dmolina23.github.io/pentest_blog/posts/miband-reverse-engineering/ David Molina

Los dispositivos IoT, como las pulseras de actividad, son cajas negras para la mayoría de los usuarios. Funcionan, pero ¿cómo? ¿Qué secretos guardan sus protocolos de comunicación? A veces, para construir, primero hay que deconstruir. Este post es un caso práctico de ingeniería inversa. Vamos a darle una segunda vida a una Mi Band 4, no solo para usarla, sino para entenderla. Nuestro objetivo...

ConsoleLog Writeup - DockerLabs2024-08-09T00:00:00+02:00 2024-08-09T14:16:52+02:00 https://dmolina23.github.io/pentest_blog/posts/consolelog-writeup-dockerlabs/ David Molina

Hello! In this write-up, we will dive into the DockerLabs machine ConsoleLog. Let’s go! Active recognition As a first step, we will execute the ping command to verify that the target machine is active: ping -c 1 172.17.0.2 Port scanning Next, we run a scan with nmap to identify open ports on the target machine. nmap -p- --open -sS --min-rate 5000 -vvv 172.18.0.2 -oG allPorts The on...

Trust Writeup - DockerLabs2024-06-25T00:00:00+02:00 2024-06-25T00:00:00+02:00 https://dmolina23.github.io/pentest_blog/posts/trust-writeup-dockerlabs/ David Molina

Hello! In this write-up, we will dive into the DockerLabs machine Trust. Let’s go! Active recognition As a first step, we will execute the ping command to verify that the target machine is active: ping -c 1 172.18.0.2 Port scanning Next, we run a scan with nmap to identify open ports on the target machine. nmap -p- --open -sS --min-rate 5000 -vvv 172.18.0.2 -oG allPorts The only op...

Editorial Writeup - HackTheBox2024-06-09T00:00:00+02:00 2024-06-09T00:00:00+02:00 https://dmolina23.github.io/pentest_blog/posts/editorial-writeup-htb/ David Molina

Hello! In this write-up, we will dive into the HackTheBox seasonal machine Editorial. It is a Linux machine on which we will carry out a SSRF attack that will allow us to gain access to the system via SSH. Then, we will proceed to do an user pivoting and then, as always, a Privilege Escalation. Let’s go! Active recognition As a first step, we will execute the ping command to verify that t...