Programmer Think

At present, it is found that the online CFS three-tier intranet shooting range is basically built by using VM virtual machine. I want to try whether I can use docker to combine the existing vulnerability environments and build them directly through docker compose. The docker environments used are from vulnhub First, try to build containers tha ...

summary   as a trainee who has studied for less than a year, I took part in the national competition for the first time this year. I thought the title would be gentle, but I only made one pwn question in the end. Originally, there were two pwn questions, but I still lacked some knowledge or skills. I didn't do it, and then it was over ...

Seven Star difficulty SQL injection-2 (character Boolean blind annotation) In the fuzzy Admin field, there are two results: the account does not exist, and the account and password are wrong The test payload is admin 'and 1 = 1 and' TT '='tt and admin' and 1=2 and 'tt'='tt, respectively Character type Boolean blind annotation guessed as' ...

glass.apk Functions for direct analysis of jni: Here, there are three useful functions, the first sub_ FFC((int)&v7, (int)&v6, v4); Is the initialization function of RC4 algorithm, and the second sub_ 1088((int)&v7, v3, 39); RC4 algorithm encryption function, the third sub_ 10D4((int)v3, 39, (int)&v6, v4); Do some XOR ope ...

filemanager Inspection point: secondary injection + code audit capability Old rule – > scan directly The existing directory is found to be Find a www.tar GZ file Combined with the upload function in the web page The idea of guessing this question may be to use the leaked file to audit the code and upload it successfully Get getshell ...

php features Reference blogs are still Nanshen blog web89 include("flag.php"); highlight_file(__FILE__); if(isset($_GET['num'])){ $num = $_GET['num']; if(preg_match("/[0-9]/", $num)){ die("no no no!"); } if(intval($num)){ echo $flag; } } Here is an intval function: get the integer value of the variab ...

There may be a lot of nonsense. It mainly records the process of finding loopholes from so many files Reference blog https://blog.csdn.net/rfrder/article/details/113924013 https://blog.csdn.net/miuzzx/article/details/111352849 https://rainy-autumn.top/archives/913 web301 Audit the loopholes written by the group leader three years ago se ...

Nanshen blog Command execution web29 preg_match : Match regular expression After pattern separator"i"Tag this is a case insensitive search In mode\b Mark a word boundary, so only independent words will be matched, such as: if (preg_match("/\bweb\b/i", "PHP is the web scripting language of choice.")) : True if (preg_matc ...

subject thinking View interface Open the title and we can see a website that can be operated only through the project management interface. The project management interface is as follows We see a source code link. The source code of the link is as follows <?php session_start(); if (!isset($_GET[page])) { show_sour ...

1, Key points return to libcAddress disclosure and location in libc 2, Preparatory knowledge For preliminary knowledge, please refer to pwn getting started reference resources PLT, GOT and ROP in. 3, Title This is a pwn ret2libc topic. The download address of the topic and related resources is: Link: https://pan.baidu.com/s/1fvb4ICRncf ...