Analysis of shell app Authorization parameters

Well, 2021 is coming to an end. I've been busy studying for a year. At the end of the year, write some articles and summarize the learning results! The app we want to analyze today is the shell version number: v2 66.0, small partners can go to major applications and agree to download by themselves. It is also a good case of reverse analysis. ...

Posted by algarve4me on Sat, 25 Dec 2021 09:00:06 +0100

[pwn learning] Canary's various bypassing postures

Method 1: get Canary by overwriting truncated characters principle Canary's low byte is designed to be \ x00, which is intended to prevent Canary from being read directly by read, write and other functions. The value of Canary can be read out by overwriting the low \ x00 through stack overflow. From the above analysis, we can sort out th ...

Posted by jimmyp3016 on Fri, 24 Dec 2021 19:27:31 +0100

DVWA SQL Injection(blind) full level

SQL Injection(blind) 1. Low Manual injection method The server will only return and not display the search value. This kind of SQL injection without echo is called SQL blind injection. This question will only return whether the user exists or not, that is, true or false. This kind of blind note becomes Boolean blind note. The injection ...

Posted by acook on Thu, 23 Dec 2021 16:57:41 +0100

Wave after wave, VMware released another high-risk vulnerability

VMware customers had a very busy week due to the vulnerability of Apache Log4j 2, Nearly half of global enterprises are affected,According to a report provided by the Threat Intelligence Department of Check Point, a well-known network security solution provider , the Apache Log4j 2 vulnerability may persist. This means that VMware customers ha ...

Posted by mdell on Wed, 22 Dec 2021 04:48:10 +0100

Intranet attack and defense - power lifting - Linux

Linux rights one text link preface The original text comes from https://www.freebuf.com/articles/251884.html I feel that many of them are machine turned, and there are some format problems, large and small So I went to the Internet to find the original text, translated and typeset it again, and also referred to the translation of the origin ...

Posted by iblackedout on Tue, 21 Dec 2021 08:36:14 +0100

ATT&CK combat series - red team assessment WP

Environment construction Target download address http://vulnstack.qiyuanxuetang.net/vuln/detail/5/ After downloading the virtual machine, configure the network environment according to the official instructions to start the test Infiltration process 0x01 WEB information collection Check the target WEB service and find that it is a de ...

Posted by mgilbert on Mon, 20 Dec 2021 16:42:31 +0100

clamav+pyClamad linux virus scanning

1, Background Clam AntiVirus(Clam AV) is a free and open source anti-virus software. Software and virus library updates are released free of charge by the open source community. At present, ClamdAV mainly provides virus scanning and killing for Linux and Uinux systems. pyClamad is a third-party module of python, which allows Python to directly ...

Posted by friday_13 on Mon, 20 Dec 2021 09:03:42 +0100

windows Server 2012 R2 scanning vulnerability handling (CVE-2018-0886, CVE-2016-2183, CVE-2013-2566, CVE-2015-2808)

introduce During the project security inspection of the company, it is found that there are four high-risk and medium risk copper leakage in the figure on windows server 2012R2 server, which need to be handled. CVE-2018-0886 1. Solutions have been identified at: https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2018-0886 , ...

Posted by Maiku on Sun, 19 Dec 2021 14:47:32 +0100

JAVA Concurrent Programming: multithreading safety and performance issues

1. Thread safety 1.1 thread safety definition ● when multiple threads access an object, if the scheduling and alternate execution of these threads in the runtime environment are not considered, and no additional synchronization or any other coordination operation is required at the caller, the behavior of calling this object can or get the co ...

Posted by beanwebb on Thu, 16 Dec 2021 02:23:17 +0100

Learning notes on TA's signature, signature verification, loading and calling

Signature of TA Take optee OS version 3.11 as an example. In optee_ The OS directory stores the private key and signature script of the signature. Project directory / optee_os/keys/default_ta.pem Project directory / optee_os/scripts/sign_encrypt.py Compiling optee OS compiles the ta into an elf file. At this point, execute the signature sc ...

Posted by llanitedave on Wed, 15 Dec 2021 13:07:23 +0100