{"id":23378,"date":"2026-04-10T15:24:02","date_gmt":"2026-04-10T21:24:02","guid":{"rendered":"https:\/\/sada.services\/?p=23378"},"modified":"2026-04-10T17:04:39","modified_gmt":"2026-04-10T23:04:39","slug":"training-hub-i-vulnerabilities-analyst-pd-wrl-007-funciones-basicas-de-evaluacion-y-gestion-de-la-vulnerabilidad-reto-guardar-contrasena","status":"publish","type":"post","link":"https:\/\/sada.services\/?p=23378","title":{"rendered":"Training Hub I: Vulnerabilities Analyst \u2013 PD-WRL-007 | Funciones B\u00e1sicas de Evaluaci\u00f3n y Gesti\u00f3n de la Vulnerabilidad | Evaluaci\u00f3n Inicial"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Reto: Guardar contrase\u00f1a<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Se accede al sitio web <\/li>\n\n\n\n<li><a href=\"https:\/\/challenges.hackrocks.com\/dont-save-me\">https:\/\/challenges.hackrocks.com\/dont-save-me<\/a><\/li>\n\n\n\n<li>y tiene una pagina html con una contrase\u00f1a oculta<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"573\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-45-1024x573.png\" alt=\"\" class=\"wp-image-23379\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-45-1024x573.png 1024w, https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-45-300x168.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-45-768x430.png 768w, https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-45.png 1106w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Y para verla le damos ver c\u00f3digo fuente -> pasar el campo de type=\u00bbpassword\u00bb a type=\u00bbtext\u00bb<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"460\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-46-1024x460.png\" alt=\"\" class=\"wp-image-23380\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-46-1024x460.png 1024w, https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-46-300x135.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-46-768x345.png 768w, https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-46-1536x690.png 1536w, https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-46.png 1724w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"537\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-47-1024x537.png\" alt=\"\" class=\"wp-image-23383\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-47-1024x537.png 1024w, https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-47-300x157.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-47-768x403.png 768w, https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-47.png 1227w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">reto: Veracruz<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Hay que descargar los archivos<\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-file\"><a id=\"wp-block-file--media-6fc39a52-2e5a-4a7e-9ddc-02bc39d55fdd\" href=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/files.zip\">files<\/a><a href=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/files.zip\" class=\"wp-block-file__button wp-element-button\" download aria-describedby=\"wp-block-file--media-6fc39a52-2e5a-4a7e-9ddc-02bc39d55fdd\">Descarga<\/a><\/div>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Archivos<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"845\" height=\"424\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-48.png\" alt=\"\" class=\"wp-image-23385\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-48.png 845w, https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-48-300x151.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-48-768x385.png 768w\" sizes=\"(max-width: 845px) 100vw, 845px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Paso 1 \u2014 Reconocimiento inicial<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># Identificar el tipo real de cada archivo\nfile README.txt algarve.jpg portugal1.jpg contenedor.pdf<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Resultado<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>README.txt:     ASCII text\nalgarve.jpg:    JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: &#91;TIFF image data, big-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, datetime=2021:09:06 16:24:37], baseline, precision 8, 4800x2700, components 3\nportugal1.jpg:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 1920x1080, components 3\ncontenedor.pdf: data\n<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"133\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-50-1024x133.png\" alt=\"\" class=\"wp-image-23387\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-50-1024x133.png 1024w, https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-50-300x39.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-50-768x100.png 768w, https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-50-1536x200.png 1536w, https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-50.png 1909w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"has-palette-color-8-color has-vivid-red-background-color has-text-color has-background has-link-color wp-elements-8809b7ad95b7f76b61f02e4c8e643a18\"><strong>Hallazgo clave:<\/strong> <code>contenedor.pdf<\/code> devuelve <code>data<\/code> \u2014 NO es un PDF real.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ver los primeros bytes del impostor<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>xxd contenedor.pdf | head<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Resultado<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>00000000: bbd6 bbd6 30da f62f 73da 8452 0e43 7b10  ....0..\/s..R.C{.\n00000010: c698 e9b4 e651 386d bafa dd14 d8a0 9462  .....Q8m.......b\n00000020: 3617 8e6d bd9b 0551 bdc6 23cc 5ed3 0761  6..m...Q..#.^..a\n00000030: 46df 6d0c 6fd8 d727 d1bc 927c 5a60 89a9  F.m.o..'...|Z`..\n00000040: c4e2 5536 5c65 c396 ffb1 0eba 5a04 8a84  ..U6\\e......Z...\n00000050: 0bba 946d 5c52 3a0e 1de3 0354 cd2f 3795  ...m\\R:....T.\/7.\n00000060: bf27 73b2 2ef1 2552 f7f1 dd4f 8f49 11d3  .'s...%R...O.I..\n00000070: 45bb 133d 1ad4 5d01 86ce e6be d60e 85b1  E..=..].........\n00000080: a704 e355 d137 4571 453f 69bd 1eda 90a4  ...U.7EqE?i.....\n00000090: 9936 521c 5294 6ff5 16a5 baab 4a5d 09f7  .6R.R.o.....J]..\n<\/code><\/pre>\n\n\n\n<p class=\"has-palette-color-8-color has-vivid-red-background-color has-text-color has-background has-link-color wp-elements-ed469b02d53dd463d8e9f624b50a0c91\"><strong>Hallazgo:<\/strong> No tiene magic bytes de PDF (<code>%PDF<\/code>). Es binario cifrado de alta entrop\u00eda.<\/p>\n\n\n\n<p>Todo archivo tiene una <strong>\u00abfirma\u00bb<\/strong> \u2014 los primeros bytes que identifican su formato. Es como el DNI del archivo, independientemente de su extensi\u00f3n.<br><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"795\" height=\"311\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-51.png\" alt=\"\" class=\"wp-image-23388\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-51.png 795w, https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-51-300x117.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-51-768x300.png 768w\" sizes=\"(max-width: 795px) 100vw, 795px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cuando haces <code>file contenedor.pdf<\/code>, el sistema no mira la extensi\u00f3n \u2014 <strong>lee los primeros bytes<\/strong> y los compara contra una base de datos de firmas. Por eso devolvi\u00f3 <code>data<\/code> en lugar de <code>PDF document<\/code><\/li>\n\n\n\n<li>Verificar tama\u00f1o exacto<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ls -la contenedor.pdf<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"617\" height=\"89\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-52.png\" alt=\"\" class=\"wp-image-23389\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-52.png 617w, https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-52-300x43.png 300w\" sizes=\"(max-width: 617px) 100vw, 617px\" \/><\/figure>\n\n\n\n<p class=\"has-palette-color-8-color has-vivid-red-background-color has-text-color has-background has-link-color wp-elements-1b7a62174e89ab62b5fa1dcef78b03a8\"><strong>Hallazgo:<\/strong> Exactamente <strong>2 MB (2097152 bytes)<\/strong> \u2014 m\u00faltiplo perfecto de 512 y 4096, caracter\u00edstico de contenedores cifrados.<\/p>\n\n\n\n<p>Paso 2 \u2014 Analizar los metadatos de las im\u00e1genes<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>exiftool algarve.jpg<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Resultado<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ExifTool Version Number         : 12.76\nFile Name                       : algarve.jpg\nDirectory                       : .\nFile Size                       : 4.0 MB\nFile Modification Date\/Time     : 2022:11:08 10:01:03-06:00\nFile Access Date\/Time           : 2026:04:10 16:49:08-06:00\nFile Inode Change Date\/Time     : 2026:04:10 16:48:50-06:00\nFile Permissions                : -rw-rw-r--\nFile Type                       : JPEG\nFile Type Extension             : jpg\nMIME Type                       : image\/jpeg\nJFIF Version                    : 1.01\nExif Byte Order                 : Big-endian (Motorola, MM)\nX Resolution                    : 300\nY Resolution                    : 300\nResolution Unit                 : inches\nModify Date                     : 2021:09:06 16:24:37\nColor Space                     : sRGB\nExif Image Width                : 4800\nExif Image Height               : 2700\nXMP Toolkit                     : XMP Core 5.5.0\nColor Mode                      : RGB\nICC Profile Name                : sRGB IEC61966-2.1\nMetadata Date                   : 2021:09:06 16:24:37+01:00\nHistory Action                  : produced\nHistory Software Agent          : Affinity Photo (Feb  1 2021)\nHistory When                    : 2021:09:06 16:24:37+01:00\nIPTC Digest                     : d41d8cd98f00b204e9800998ecf8427e\nProfile CMM Type                : Little CMS\nProfile Version                 : 4.3.0\nProfile Class                   : Display Device Profile\nColor Space Data                : RGB\nProfile Connection Space        : XYZ\nProfile Date Time               : 2021:09:06 09:01:58\nProfile File Signature          : acsp\nPrimary Platform                : Apple Computer Inc.\nCMM Flags                       : Not Embedded, Independent\nDevice Manufacturer             : \nDevice Model                    : \nDevice Attributes               : Reflective, Glossy, Positive, Color\nRendering Intent                : Perceptual\nConnection Space Illuminant     : 0.9642 1 0.82491\nProfile Creator                 : Little CMS\nProfile ID                      : 0\nProfile Description             : sRGB IEC61966-2.1\nProfile Copyright               : No copyright, use freely\nMedia White Point               : 0.9642 1 0.82491\nChromatic Adaptation            : 1.04788 0.02292 -0.05022 0.02959 0.99048 -0.01707 -0.00925 0.01508 0.75168\nRed Matrix Column               : 0.43604 0.22249 0.01392\nBlue Matrix Column              : 0.14305 0.06061 0.71391\nGreen Matrix Column             : 0.38512 0.7169 0.09706\nRed Tone Reproduction Curve     : (Binary data 32 bytes, use -b option to extract)\nGreen Tone Reproduction Curve   : (Binary data 32 bytes, use -b option to extract)\nBlue Tone Reproduction Curve    : (Binary data 32 bytes, use -b option to extract)\nChromaticity Channels           : 3\nChromaticity Colorant           : Unknown\nChromaticity Channel 1          : 0.64 0.33\nChromaticity Channel 2          : 0.3 0.60001\nChromaticity Channel 3          : 0.14999 0.06\nImage Width                     : 4800\nImage Height                    : 2700\nEncoding Process                : Baseline DCT, Huffman coding\nBits Per Sample                 : 8\nColor Components                : 3\nY Cb Cr Sub Sampling            : YCbCr4:4:4 (1 1)\nImage Size                      : 4800x2700\nMegapixels                      : 13.0\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>el otro<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>exiftool portugal1.jpg<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Resultado<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ExifTool Version Number         : 12.76\nFile Name                       : portugal1.jpg\nDirectory                       : .\nFile Size                       : 389 kB\nFile Modification Date\/Time     : 2022:11:08 10:02:03-06:00\nFile Access Date\/Time           : 2026:04:10 16:49:08-06:00\nFile Inode Change Date\/Time     : 2026:04:10 16:48:50-06:00\nFile Permissions                : -rw-rw-r--\nFile Type                       : JPEG\nFile Type Extension             : jpg\nMIME Type                       : image\/jpeg\nJFIF Version                    : 1.01\nResolution Unit                 : inches\nX Resolution                    : 96\nY Resolution                    : 96\nImage Width                     : 1920\nImage Height                    : 1080\nEncoding Process                : Progressive DCT, Huffman coding\nBits Per Sample                 : 8\nColor Components                : 3\nY Cb Cr Sub Sampling            : YCbCr4:2:0 (2 2)\nImage Size                      : 1920x1080\nMegapixels                      : 2.1<\/code><\/pre>\n\n\n\n<p class=\"has-palette-color-8-color has-vivid-red-background-color has-text-color has-background has-link-color wp-elements-5b87edbca80278abb2be64811059cdef\"><strong>Hallazgo:<\/strong> Las im\u00e1genes son JPEGs v\u00e1lidos sin metadatos sospechoso<\/p>\n\n\n\n<p>Paso 3 \u2014 Leer el README con atenci\u00f3n<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Contenido<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>Hi there,\n\nThis PDF is the receipt for the encryptor we bought in Saimazoon.<\/code><\/pre>\n\n\n\n<p class=\"has-palette-color-8-color has-vivid-red-background-color has-text-color has-background has-link-color wp-elements-22f49a666f57cdd752638dbc017a43a9\">La palabra <strong><code>Saimazoon<\/code><\/strong> es tanto el nombre de la tienda ficticia <strong>como la contrase\u00f1a<\/strong>.<\/p>\n\n\n\n<p>Paso 4 \u2014 Identificar el contenedor como VeraCrypt<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>python3 -c \"\ndata = open('contenedor.pdf','rb').read()\nprint('Tama\u00f1o:', len(data))\nprint('M\u00faltiplo de 512:', len(data) % 512 == 0)\nprint('M\u00faltiplo de 4096:', len(data) % 4096 == 0)\n\"<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Comentado<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>python3 -c \"\n# Leer el archivo completo en modo binario ('rb' = read binary)\n# Esto carga todos los bytes del archivo en la variable 'data'\ndata = open('contenedor.pdf', 'rb').read()\n\n# Mostrar el tama\u00f1o total en bytes\n# Un volumen VeraCrypt siempre tiene un tama\u00f1o exacto, no aleatorio\nprint('Tama\u00f1o:', len(data))\n\n# Comprobar si el tama\u00f1o es m\u00faltiplo de 512 bytes\n# 512 bytes = tama\u00f1o de un sector de disco duro tradicional\n# VeraCrypt trabaja sector a sector, por eso el tama\u00f1o SIEMPRE es m\u00faltiplo de 512\n# El operador % devuelve el resto de la divisi\u00f3n:\n#   2097152 % 512 = 0  \u2192 es m\u00faltiplo exacto \u2713\n#   2097153 % 512 = 1  \u2192 NO ser\u00eda m\u00faltiplo \u2717\nprint('M\u00faltiplo de 512:', len(data) % 512 == 0)\n\n# Comprobar si tambi\u00e9n es m\u00faltiplo de 4096 bytes\n# 4096 bytes = tama\u00f1o de un sector en discos modernos (Advanced Format)\n# y tambi\u00e9n el tama\u00f1o de p\u00e1gina de memoria en sistemas Linux\/Windows\n# Si es m\u00faltiplo de ambos (512 y 4096), refuerza la sospecha de contenedor cifrado\nprint('M\u00faltiplo de 4096:', len(data) % 4096 == 0)\n\"<\/code><\/pre>\n\n\n\n<p><strong>Salida esperada:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Tama\u00f1o: 2097152\nM\u00faltiplo de 512: True\nM\u00faltiplo de 4096: True<\/code><\/pre>\n\n\n\n<p>\u00bfPor qu\u00e9 esto apunta a VeraCrypt?<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>2097152 bytes\n      \u2502\n      \u251c\u2500\u2500 \u00f7 512   = 4096 sectores exactos   \u2713\n      \u251c\u2500\u2500 \u00f7 4096  = 512 bloques exactos      \u2713\n      \u2514\u2500\u2500 \u00f7 1024  = 2048 KB = 2 MB exactos  \u2713\n\nUn archivo PDF o cualquier archivo normal\nraramente termina en un m\u00faltiplo tan redondo.\nVeraCrypt SIEMPRE lo hace porque reserva\nespacio en bloques completos de disco.<\/code><\/pre>\n\n\n\n<p class=\"has-palette-color-8-color has-vivid-red-background-color has-text-color has-background has-link-color wp-elements-a15d7443400726ae204a5c82e5dc2369\"><strong>Hallazgo:<\/strong> M\u00faltiplo perfecto \u2192 estructura de volumen cifrado.<\/p>\n\n\n\n<p>Paso 5 \u2014 Instalar VeraCrypt<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Verificar versi\u00f3n de Ubuntu\nlsb_release -a\n\n# Instalar dependencias\nsudo apt install -y libfuse2 pcscd\n\n# Descargar VeraCrypt para Ubuntu 24.04\nwget https:\/\/launchpad.net\/veracrypt\/trunk\/1.26.7\/+download\/veracrypt-console-1.26.7-Ubuntu-24.04-amd64.deb\n\n# Instalar\nsudo dpkg -i veracrypt-console-1.26.7-Ubuntu-24.04-amd64.deb\n\n# Verificar\nveracrypt --version<\/code><\/pre>\n\n\n\n<p>Paso 6 \u2014 Montar el contenedor VeraCrypt<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Crear punto de montaje\nsudo mkdir -p \/mnt\/vc\n\n# Montar con la contrase\u00f1a + keyfile correctos\nsudo veracrypt --text --mount contenedor.pdf \/mnt\/vc \\\n    --password=\"Saimazoon\" \\\n    --pim=0 \\\n    --keyfiles=\"algarve.jpg\" \\\n    --protect-hidden=no \\\n    --non-interactive<\/code><\/pre>\n\n\n\n<p>Paso 7 \u2014 Obtener el token<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Ver contenido del volumen montado\nls -la \/mnt\/vc\/\n\n# Leer el token\ncat \/mnt\/vc\/*<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Desmontar cuando termines<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># Desmontar cuando termines\nsudo veracrypt --text --dismount \/mnt\/vc<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"772\" height=\"343\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-53.png\" alt=\"\" class=\"wp-image-23390\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-53.png 772w, https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-53-300x133.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-53-768x341.png 768w\" sizes=\"(max-width: 772px) 100vw, 772px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"788\" height=\"171\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-54.png\" alt=\"\" class=\"wp-image-23391\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-54.png 788w, https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-54-300x65.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-54-768x167.png 768w\" sizes=\"(max-width: 788px) 100vw, 788px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1006\" height=\"548\" src=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-49.png\" alt=\"\" class=\"wp-image-23386\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-49.png 1006w, https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-49-300x163.png 300w, https:\/\/sada.services\/wp-content\/uploads\/2026\/04\/image-49-768x418.png 768w\" sizes=\"(max-width: 1006px) 100vw, 1006px\" \/><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Reto: Guardar contrase\u00f1a reto: Veracruz Hallazgo clave: contenedor.pdf devuelve data \u2014 NO es un PDF real. Hallazgo: No tiene magic bytes de PDF (%PDF). Es binario cifrado de alta entrop\u00eda. Todo archivo tiene una \u00abfirma\u00bb \u2014 los primeros bytes que identifican su formato. Es como el DNI del archivo, independientemente de su extensi\u00f3n. Hallazgo: Exactamente [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-23378","post","type-post","status-publish","format-standard","hentry","category-sin-categoria"],"blocksy_meta":[],"_links":{"self":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/23378","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=23378"}],"version-history":[{"count":3,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/23378\/revisions"}],"predecessor-version":[{"id":23392,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/23378\/revisions\/23392"}],"wp:attachment":[{"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=23378"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=23378"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=23378"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}