Programmer Think

Gongzong No.: Black palm A blogger who focuses on sharing penetration testing, hot spots in the hacker circle and hacker tool technology area! preface During intranet penetration, a WebShell or CobaltStrike, Metasploit, etc. are just the beginning. It is more about moving horizontally within the intranet, expanding the results and reaching ...

Having a more secure channel is the best way to transmit user information across the network Download source code - 1.1 MB cryptography Most of the problems on the network are related to security issues and the storage and transmission of sensitive data in the network. So we must provide a secure system on it. The most popular and practical w ...

preface The video version of this article is available at station B: https://www.bilibili.com/video/BV1aq4y1X7oE?p=2 Burp Suite is an integrated penetration testing tool, which integrates a variety of penetration testing components, enabling us to better complete penetration testing and attacks on web applications automatically or manually. I ...

Disclaimers The technology mentioned in this article is only for learning purposes. It is prohibited to use any technology in this article to launch network attacks, illegal utilization and other network crimes, and all information is prohibited to be used for any illegal purpose. If the reader uses the technology mentioned in the article to co ...

Browser homology policy summary In 1995, the same origin policy was introduced by Netscape. At present, all browsers implement this policy. Initially, it means that the Cookie set by page A and page B cannot be opened unless the two pages are "homologous". The so-called "homology" refers to "three sameness": 　 ( ...

dataleak Two \ x00 can be skipped with "\ or / but each time" \ is used, 4 bytes will be copied to buf, so the last 3 bytes of data cannot be leaked. Therefore, / \ is used to control the leaked string with garbage data filling. exp: #!python #coding:utf-8 from pwn import * import subprocess, sys, os from time import sleep sa = l ...

1, Purpose of the experiment: 1. Understand what is htaccess file. 2. Through the upload labs game (Pass-04), master htaccess file parsing vulnerability technology. 2, Tools: cmd command line Firefox / Google browser 3, Experimental environment: Target machine: windows10 virtual machine: 192.168.100.150    & ...

Project address https://github.com/alexlang24/bloofoxCMS bloofoxCMS is a free open source web content management system (CMS) written in PHP using MySQL. Rough sweep Use seay to go through it More than 200 suspected vulnerabilities reflect the shortcomings of the traditional regular expression matching based code audit: rigid rules and many ...

1, Tool introduction 1. Introduction Nucleus is a customized rapid vulnerability scanner based on YAML syntax template. It is developed with Go language and has strong configurability, scalability and ease of use. At present, the project has 6.6k stars on Github. Official website: https://nuclei.projectdiscovery.ioNucleoi project addres ...

Small ideas of session utilization preface When doing questions, we often take into account the use of session. There are two common basic types: session file inclusion and session deserialization. We haven't summarized it in detail before, so let's write it. session file contains php.ini session related configuration session.upload_progr ...