Programming VIP

1, Title 2, WriteUp [1]. Get compressed package Directly modify the suffix of the document to zip or use binwalk -e [file name] in kalinux to obtain a compressed package The contents are as follows [2]. Tips In_ There is a key in rels Txt, said to move forward bravely, indicating that the flag is likely to be i ...

Foreword: I just started the core problem recently, so I'll learn from ctfwiki here. Don't spray... The first step is classic... If the title is not given to vmlinux, it can be extracted through extract vmlinux. See start SH finds that kalsr randomization is enabled, and the base address needs to be leaked. This is very similar to the pwn pro ...

1, Experiment Title: Comprehensive Target Experiment 2, Experiment content: 1. Use msf to search for exploitable vulnerabilities (drupal) 2. Find the configuration file of the target website 3. Database administrator authorization (update administrator password or add a new user) 4. suid authorization command (nmap, vim, find, bash, more ...

For space reasons, please refer to this article to realize the login function first https://blog.csdn.net/grd_java/article/details/121925792 1, Database tables, and entity classes Because the front end is written by VUE, components and paths need to be saved sql statements for all libraries 2, Menu management TODO fi ...

1. Create a private CA and apply for a certificate. 1.1 create CA related directories and files [22:05:51 root@centos8 data]#mkdir -pv /etc/pki/CA/{certs,crl,newcerts,private} mkdir: created directory '/etc/pki/CA' mkdir: created directory '/etc/pki/CA/certs' mkdir: created directory '/etc/pki/CA/crl' mkdir: created directory '/etc/pki/CA/new ...

1, Experimental environment The underlying system is Ubuntu 18 04, then install k8s on each node and build a cluster. The IP address of the Master node is 192.168 26.71/24, the IP address of two worker nodes is 192.168 26.72/24,192.168. 26.73/24. 2, PSP Foundation 1.PSP overview Pod Security Policy is a cluster level resource (it does not ...

Vulnerability introduction and harm Redis is bound to 0.0.0 by default 0.0:6379. If relevant policies are not adopted, such as configuring firewall rules to avoid IP access from other untrusted sources, redis service will be exposed to the public network; If password authentication is not set (generally empty), any user can access Redis an ...

Realize the working mode of DES 1, Experimental purpose Master the working principle of DES algorithm; Familiar with the working mode of packet encryption algorithm. 2, Experimental principle Basic principle of DES ppop has three entry parameters: key, data and mode. Key is the key used for encryption and decryption, data is the encrypt ...

CTFSHOW blasting [21-28] Web21 You can see that the selected text - > decoded from is decoded by Base64 The format of account password is [username]:[password] So we can use the custom payload in the introder module position 1: admin position 2: (:) is a colon and does not need parentheses (easy to see) position 3: you can use the ...

Pessimistic lock When modifying a piece of data, in order to prevent others from changing the data at the same time, we can lock the data through the locking mechanism to prevent concurrency problems;   Threads think that thread security problems are easy to occur and lock the code. Because the process of locking and releasing pess ...