1, Brief description
Syzkaller is a kernel fuzzy testing tool developed by Google. In short, it automatically inputs various effective, invalid and completely randomized parameter data to the kernel, and observes the operation status of the kernel, whether there are panic, memory leakage and other problems, so as to discover the vulnerabilitie ...
Added by majik_sheff on Sat, 05 Mar 2022 14:59:12 +0200
The Remote Code Execution Vulnerability of log4j2 [cve-2021-44228] exposed on December 8, 2021 can be called an epic nuclear bomb vulnerability. Although after such a long time, most of the relevant vulnerabilities in the current network have been repaired, they can still be found... Many leaders and research institutions on the Internet have a ...
Added by KrisNz on Sun, 13 Feb 2022 18:24:21 +0200
title: file upload learning notes date: 2021-5-22 tags: penetration test, file upload, basic categories:
Penetration test File upload Basics
File upload learning notes
2021 / 3 / 6 notes
What is a sentence
In one sentence, Trojan horse "server" (locally stored script Trojan horse file)
It is the execution permission we want to u ...
Added by waygood on Tue, 08 Feb 2022 05:31:45 +0200
Nanshen blog: https://www.wlhhlc.top/
y4 blog: https://y4tacker.blog.csdn.net/
feng blog: https://ego00.blog.csdn.net/
Let's just start sql injection now.
Just after entering, we can see that there are three columns: id, username and password
The statement is
$sql = "select username,passwor ...
Added by devarticles on Thu, 03 Feb 2022 10:31:56 +0200
Summary of Linux polkit rights raising
As soon as I was about to take my annual leave, I received a regulatory vulnerability alert - "pkexec program in Linux Polkit has a privilege escalation vulnerability (vulnerability number: CVE-2021-4034). Pkexec application is a pre installed tool for Linux system, and the vulnerability affects main ...
Added by texmansru47 on Mon, 31 Jan 2022 22:18:08 +0200
The HashSet and Hashtable used by both CC6 and CC7 chains of ysoserial deserialization vulnerability exploitation tool are hash table based data storage structures. When it comes to hash table, the HashMap class is the most used hash table storage structure in Java. At the same time, HashMap class is also the underlying implementation ...
Added by jek1134 on Tue, 25 Jan 2022 19:30:32 +0200
HashSet uses the data structure of the Hash table. The time complexity of adding, deleting, modifying and querying is O(1). Set is a set. The elements are not added in order, and there will be no duplicate elements in the set. Combined with this, we can roughly know the ...
Added by 2DaysAway on Mon, 24 Jan 2022 15:14:16 +0200
Apache common collections with Java deserialization vulnerability
Gongzong No.: Black palm
A blogger who focuses on sharing network security, hot spots in the hacker circle and hacker tool technology area!
Recently, I calmed down and read a lot of Daniel's notes and blogs. I have gained a lot, so I'd like to record the first ...
Added by messer on Sun, 23 Jan 2022 23:39:34 +0200
Hello, I'm glacier~~
Recently, many friends asked me: Glacier, how do you feel you can do anything? Java, Python, big data, distribution, microservices, system architecture, operation and maintenance, penetration, how do you usually learn? I: personally, I think the best way to learn is to summarize problems in the usual work process, pay atte ...
Added by loudrake on Sat, 22 Jan 2022 18:06:51 +0200
Target address: https://www.vulnhub.com/entry/goldeneye-1,240/
Goal: get root & find flag txt
Author: ned Hogg 007
Time: July 7, 2021
1, Information collection
Open kali virtual machine and target machine Golden Eye-v1, and both virtual machine networks are in NAT mode
kali, check the local IP segment. Mine is 192.168.21.0/24
Added by rline101 on Sat, 22 Jan 2022 01:39:19 +0200