Programmer Think

[geek challenge 2019]LoveSQL ​ Try the universal password first and go straight in Then try ?username=1' order by 3#&password=1 ​ But I couldn't do it anyway. Later, I found that it was because the # number couldn't be transmitted, so I changed it to% 23 (# url code) Then try username=1' order by 3%23&password=1 username=1' order b ...

Some title WP contains pictures, because CSDN can't get external pictures, so it can't join. If you want to watch the full version, welcome Click here to access Another: CSDN inserting the outer chain picture failed again and again. It's really disgusting. We're already considering transferring stations Participants: b4tteRy, x0r, f1oat ...

FSOP is the abbreviation of File Stream Oriented Programming. All_ IO_ The file structure is_ The chain field is connected to form a linked list_ IO_list_all to maintain. The core idea of FSOP is hijacking_ IO_list_all to forge the linked list and its_ IO_FILE entry. In addition to forging data, another point is to find a way to execute. FSOP s ...

wp 1. [v & n2020 open] memory Forensics 1. Find strategies volatility.exe -f C:\Users\shen\Downloads\mem.raw imageinfo 2. Look at the process volatility.exe -f C:\Users\shen\Downloads\mem.raw --profile=Win7SP1x86_23418 pslist > pslist.txt From the back to the front, the last one is for fixing the memory image dumpit Software and ...

1 _dl_runtime_resolve entry _ dl_runtime_resolve is implemented by assembly in glibc, in which the 32-bit entry point is / sysdeps / i386 / dl trampoline S. 64 bit entry point in / sysps_ 64/dl-trampoline. S. This paper mainly analyzes the 32-bit source code, version 2.23. From glibc online source website https://elixir.bootlin.com/glibc/ ...

dataleak Two \ x00 can be skipped with "\ or / but each time" \ is used, 4 bytes will be copied to buf, so the last 3 bytes of data cannot be leaked. Therefore, / \ is used to control the leaked string with garbage data filling. exp: #!python #coding:utf-8 from pwn import * import subprocess, sys, os from time import sleep sa = l ...

1, Tool introduction 1. Introduction Nucleus is a customized rapid vulnerability scanner based on YAML syntax template. It is developed with Go language and has strong configurability, scalability and ease of use. At present, the project has 6.6k stars on Github. Official website: https://nuclei.projectdiscovery.ioNucleoi project addres ...

Just write, take notes MISC24-25 Change the picture height to see the flag MISC26 The title suggests that the flag is under the picture, but how many are there? Change the height to 900 and you can see half of the flag: Here we also need to find out the real height of this picture and see the script of the boss on the Internet: import b ...

Just talk but not practice the fake style. Use the CTF topic as an after-school exercise to test whether we master it. This is the first two of the four deserialized questions of weekly CTF one day (exhausted, rest and do the latter two) EZ-unserialize It's no exaggeration to say that I did it for a long time. It's a common question type, but b ...

RELRO half open. After you come in, you need to log in first. The user name is admin, but the password is unknown. Given a reverse, after research is md5 Why md5? First, let's take a look at what md5 is. First of all, no matter how long the input is, the output md5 value must be 16 bytes. Also know that md5 there is something called standa ...