The foreground uses RSA asymmetric security to encrypt user information
First, briefly clarify the difference between symmetric encryption and asymmetric encryption: Symmetric encryption: that is, the same key is used for encryption and decryption; Asymmetric encryption: two keys are generated. The public key is used for encryption and the private key is used for decryption;
Note: the encryption operation in this ...
Added by dswain on Sun, 26 Dec 2021 21:09:32 +0200
Introduction to encryption and decryption
Encryption and decryption is nothing more than ensuring data security. Three problems need to be solved to ensure data security:
Confidentiality, integrity, authentication (anti forgery and denial)
Confidentiality: the transmission content is not in clear text. Even if the data is intercepted by the outside world, it cannot be interprete ...
Added by genie on Sat, 25 Dec 2021 23:12:54 +0200
ATT&CK red team evaluation actual combat range-1 (the smallest in the whole network)
Statement: the series is first official account: Xuan Xuan is safe, please indicate the source of the reprint. The contents of this official account are only used for technical discussions among network fans. All penetration and use of tools need authorization, and no use of illegal channels. Otherwise, the official account and author will not ...
Added by Seol on Sat, 25 Dec 2021 12:05:41 +0200
Part of the first "Hecheng Cup" Henan Hebi CTF network security challenge
The first "Hecheng Cup" Henan Hebi CTF network security challenge
Official account: Th0r security
1
$ tshark -r timu.pcapng http|grep ' GET ' > timu-get
$ for i in `seq 1 30`; do a=`grep "),$i,1)" timu-get|tail -1|cut -d= -f3|cut -
d- -f1`;b=`printf "%x" $a`;echo -n $b; done
666c61677b77317265736841524b5f657a5f31736e74697 ...
Added by chadu on Sat, 25 Dec 2021 04:47:16 +0200
Load DLL by modifying PE file
target
The goal of this experiment is to modify the TextView directly. Exe file to automatically load myhack at run time. DLL file.
TextView.exe
TextView.exe is a very simple text viewer that allows you to view the contents of a text file by dragging it (Drop) with the mouse.
View TextView using the PEView tool. IDT of exe executable (Imp ...
Added by youqing on Fri, 24 Dec 2021 15:03:12 +0200
New upload labs 1-19 customs clearance ideas
upload.test
Pass-01
Delete the check method return checkFile(). If the browser does not allow you to modify the front-end code, use the packet capture tool to modify it
Then upload a sentence
Pass-02
Back end verification content type
Change the typege to image/jpeg
Pass-03
php::
D
...
Added by karq on Fri, 24 Dec 2021 07:23:00 +0200
Analysis of linux mining virus
Recently, my test virtual machine was a little abnormal. I found a strange process named vp0erom, which has a particularly high cpu occupancy. So I tossed and analyzed it, trying to find out the reason. After looking at the ip connected to the process, I knew it was a mining virus. The following is a simple analysis process.
1. The top comma ...
Added by brandye71 on Fri, 24 Dec 2021 01:26:00 +0200
shiro licensing and annotated development
1, Authorization
1. Grant roles to users
① Get the account
② Get the granted role through the user account
③ Give these roles to shiro for management
2. Grant permissions to users
① Get the account
② Get the visible granted permissions through the user account
③ Give these permissions to shiro for management
First, in shirousermapper N ...
Added by Mindwreck on Thu, 23 Dec 2021 14:30:17 +0200
Tiktok volcano version device registration generates device_id and iid
1, Foreword Tiktok volcano volcano volcano is a small video. It is understood that the volcanic video has been upgraded to the tiktok version. It is necessary to upgrade its security measures. The author studied the equipment registration method of the flare volcano version, which is to generate device_. Tiktok can make nothing of it. It is pos ...
Added by hwmetzger on Wed, 22 Dec 2021 23:50:04 +0200
Analysis of arbitrary file upload vulnerability of security vulnerability
preface
The front desk arbitrary file upload vulnerability of X micro e-office has been exposed for some time, and the related vulnerability exploitation scripts or even vulnerability batch exploitation scripts
There are also many. Here, analyze this vulnerability point according to the system code and POC.
Locate vulnerability points
Accor ...
Added by Absorbator on Wed, 22 Dec 2021 17:04:23 +0200