[CTF Question NO.00008] mini-LCTF 2021 official write up by arttnba3
0x00. Introduction I'm glad to have worked out this minilCTF 2021 with RX and other coaches of the association. Although there are only two simple questions 233333, I hope you like it. Point below to see the solution👇 0x01.Baby Repeater - fmtstr + got hijack Expected to leak libc and program lUTF-8...
Posted by irving on Sat, 15 May 2021 01:39:44 +0930
Linux basic knowledge of network security
1. Please describe the three elements of communication between hosts in TCP/IP protocol ip Address subnet mask ip route +wx: machinegunjoe666 Free access to information 2. Please describe the classification of IP address and the range of each category A 1-127 B 128-19 C 192-223 D 224-239((multUTF-8...
Posted by capella07 on Wed, 16 Jun 2021 04:49:30 +0930
Penetration testing knowledge points
Penetration testing knowledge points Fundamentals 1. What do you think you should do when you get a station to be tested 1,whois http://whois.chinaz.com/ 2,Website source ip http://ip.tool.chinaz.com/ 3,Secondary domain name Scanner 4,C Segment website cScan.py phpinfo.me/bing.php 5,Server versUTF-8...
Posted by crucialnet on Sat, 19 Jun 2021 06:19:10 +0930
Programming realization of SM3 algorithm
Programming realization of SM3 algorithm [Objective] 1. Understand the calculation principle and characteristics of Hash function; 2. Understand the principle of SM3 algorithm; 3. Understand the generation process of SM3 value. [experimental environment] windows virtual machine Open SM3.dsw inUTF-8...
Posted by altis88 on Sun, 20 Jun 2021 04:40:26 +0930
Programming implementation of DSA signature
[Objective] 1. Understand DSS standard; 2. Understand the principle of DSA digital signature; 3. Verification of DSA signature and signature verification process. [experimental environment] windows virtual machine. Open DSAsign.dsw in the directory of C: / / program files / Microsoft Visual StUTF-8...
Posted by Kaizard on Sun, 20 Jun 2021 07:50:27 +0930
pwntools, the pwn tool of binary Security Foundation
Author: ZERO-A-ONEDate: 2021-06-24 1, Deeply understand the use of pwntools 1.1 common modules of pwntools asm: assembly and disassemblydynelf: remote symbol leakelf: elf file operationgdb: start gdb debuggingshellcraft: the generator of shellcodecyclic pattern: offset character calculationprocUTF-8...
Posted by eits on Fri, 25 Jun 2021 07:09:18 +0930
First contact penetration test
preface: The author of this paper received an authorized penetration test task, and needed to test the security of the app back-end server with an app as the entrance. Stage 1: IOS prison break After getting the corresponding authorization and downloading the specified app, we found that thereUTF-8...
Posted by jfourman on Thu, 08 Jul 2021 05:25:47 +0930
ctfshow 2021/7/9-10 eat chicken cup 6 questions
The group leader said to make a simple topic. Let's make it a little easier Convert c to string directly from libnum import * print(n2s(753942433466370960362245139417326604948003139322030944590231931050473628736586045113275203662233955415979961176832868679282875095255126864786316054777423793495UTF-8...
Posted by melkara on Sun, 11 Jul 2021 04:39:42 +0930
In a word, how to realize the Trojan horse? I'll show you now
preface For a long time, the Java Trojan horse has been implemented by entering the bytecode defineClass. The advantage of this method is that it can completely enter a class and realize almost all functions in Java. The disadvantage is that the Payload is too large and not as easy to modify asUTF-8...
Posted by smarlowe on Sat, 31 Jul 2021 06:39:07 +0930
[security vulnerabilities] the recent ProxyShell utilization chain is briefly analyzed and reproduced
preface Recently, some researchers announced three ways to use their attack chain against Microsoft's Exchange service. Although Microsoft officially issued a patch, many users ignored it for various reasons, resulting in many vulnerable services still exposed to the public network. This paper UTF-8...
Posted by monstro on Sat, 18 Dec 2021 20:21:47 +1030