Command injection (DVWA+buuctf pingpingping)
Write in front The command injection vulnerability is very similar to SQL injection and XSS vulnerabilities. It is also caused by developers' poor consideration. When using web applications to execute system commands, the characters entered by users are not filtered or the filtering is not striUTF-8...
Posted by A JM on Mon, 20 Sep 2021 18:35:25 +0530
Great Wall Cup baby_rsa problem solving
from Crypto.Util.number import * from secret import flag, v1, v2, m1, m2 def enc_1(val): p, q = pow(v1, (m1+1))-pow((v1+1), m1), pow(v2, (m2+1))-pow((v2+1), m2) assert isPrime(p) and isPrime(q) and ( p*q).bit_length() == 2048 and q < p < q
Posted by mds1256 on Fri, 24 Sep 2021 20:15:56 +0530
[PHP code audit] PHP classes and objects
Welcome new students ... ... If you are nameless, you can concentrate on practicing sword I am not a salted fish, but a dead fish! 0x01 PHP classes and objects definition The definition of each class begins with the keyword class, followed by the class name (non reserved word)The class name is UTF-8...
Posted by topflight on Sat, 25 Sep 2021 17:27:46 +0530
Source code analysis of cocos2d-x for mobile game security (mobile game reverse and protection)
1, Cocos 2d-x frame structure 2, Cocos 2d-x engine architecture 3, cocos2d-x source code structure 4, Analysis of cocos2d-x source code 1.luaLoadBuffer function analysis cocos2d-x-3.16/cocos/scripting/lua-bindings/manual/CCLuaStack.h cocos2d-x-3.16/cocos/scripting/lua-bindings/manual/CCLuaStackUTF-8...
Posted by TruckStuff on Tue, 28 Sep 2021 04:43:47 +0530
CC2 of "idiot" God perspective regulating deserialization chain
The reason for the idiot God perspective is that we got the poc, and the simulation didn't know any details to analyze the cause of this vulnerability. It can also be said that the semi black box state is mainly to exercise the analysis ability. The analysis of CC1 has been published in previoUTF-8...
Posted by apoc- on Tue, 28 Sep 2021 16:30:25 +0530
Write a simple summary of Windows Shellcode ideas with ASM
What is shellcode? "Code or data, as long as it is location independent binary, it is shellcode." In order to write location independent code, you need to pay attention to the following points: You cannot use a direct offset on a string, you must store the string on the stackdll. Since ASLR wiUTF-8...
Posted by Kibit on Thu, 30 Sep 2021 02:27:21 +0530
Intranet penetration beginner foundation 02
Intranet information collection 01 Around three aspects: Who am I?--Judgment of current machine role where's this?--Analyze and judge the topology of the current network environment Where am i?--Judgment of the area where the current machine is located Collect native information Collect informUTF-8...
Posted by Ange52 on Fri, 01 Oct 2021 04:29:55 +0530
Small campus network built by eNSP
Software ENSP required for the project_ Setup,VirtualBox-5.2.38-136252-Win,WinPcap_4_1_3,Wireshark-win64-3.2.2 1.1 design tasks Establish a small campus network: 50 computers in the student dormitory, 30 computers in the office building (the office building is divided into financial department,UTF-8...
Posted by mick_otoole on Tue, 05 Oct 2021 02:30:31 +0530
JavaScript anti code formatting principle
This article comes from: JShaman, a professional JS code obfuscation platform. Anti code formatting, also known as anti code beautification and self defense. It means that after a piece of code is confused and encrypted, the output code is compressed into one line. This line of code can not be UTF-8...
Posted by JDcrack on Tue, 19 Oct 2021 06:02:33 +0530
[Web security] injection book -- the cornerstone of SQL injection
It is better to teach people to fish than to teach people to fish Try to be concise and explain the principle of bypass mode clearly in this article [View information] Unsuitable population: 1. A boss who knows the principles of sql injection like the back of his hand 2. Novice without any datUTF-8...
Posted by viperdk on Tue, 19 Oct 2021 07:30:20 +0530