Programming VIP

1, Brief description Syzkaller is a kernel fuzzy testing tool developed by Google. In short, it automatically inputs various effective, invalid and completely randomized parameter data to the kernel, and observes the operation status of the kernel, whether there are panic, memory leakage and other problems, so as to discover the vulnerabilitie ...

The Remote Code Execution Vulnerability of log4j2 [cve-2021-44228] exposed on December 8, 2021 can be called an epic nuclear bomb vulnerability. Although after such a long time, most of the relevant vulnerabilities in the current network have been repaired, they can still be found... Many leaders and research institutions on the Internet have a ...

title: file upload learning notes date: 2021-5-22 tags: penetration test, file upload, basic categories: Penetration test File upload Basics File upload learning notes 2021 / 3 / 6 notes What is a sentence In one sentence, Trojan horse "server" (locally stored script Trojan horse file) It is the execution permission we want to u ...

Reference articles Nanshen blog: https://www.wlhhlc.top/ y4 blog: https://y4tacker.blog.csdn.net/ feng blog: https://ego00.blog.csdn.net/ sql injection Let's just start sql injection now. web171 Just after entering, we can see that there are three columns: id, username and password The statement is $sql = "select username,passwor ...

Summary of Linux polkit rights raising As soon as I was about to take my annual leave, I received a regulatory vulnerability alert - "pkexec program in Linux Polkit has a privilege escalation vulnerability (vulnerability number: CVE-2021-4034). Pkexec application is a pre installed tool for Linux system, and the vulnerability affects main ...

preface The HashSet and Hashtable used by both CC6 and CC7 chains of ysoserial deserialization vulnerability exploitation tool are hash table based data storage structures. When it comes to hash table, the HashMap class is the most used hash table storage structure in Java. At the same time, HashMap class is also the underlying implementation ...

Test environment: jdk1.8(jdk8u71) Commons Collections4.0 HashSet HashSet uses the data structure of the Hash table. The time complexity of adding, deleting, modifying and querying is O(1). Set is a set. The elements are not added in order, and there will be no duplicate elements in the set. Combined with this, we can roughly know the ...

Apache common collections with Java deserialization vulnerability Gongzong No.: Black palm A blogger who focuses on sharing network security, hot spots in the hacker circle and hacker tool technology area! preface: Recently, I calmed down and read a lot of Daniel's notes and blogs. I have gained a lot, so I'd like to record the first ...

Hello, I'm glacier~~ Recently, many friends asked me: Glacier, how do you feel you can do anything? Java, Python, big data, distribution, microservices, system architecture, operation and maintenance, penetration, how do you usually learn? I: personally, I think the best way to learn is to summarize problems in the usual work process, pay atte ...

Target address: https://www.vulnhub.com/entry/goldeneye-1,240/ Goal: get root & find flag txt Author: ned Hogg 007 Time: July 7, 2021 1, Information collection Open kali virtual machine and target machine Golden Eye-v1, and both virtual machine networks are in NAT mode kali, check the local IP segment. Mine is 192.168.21.0/24 nma ...