PWN entry series (2)
Stack overflow means that the number of bytes written by the program to a variable in the stack exceeds the number of bytes applied by the variable itself, resulting in the value of the variable in the adjacent stack being changed (overwritten). It is a specific buffer overflow vulnerability, similar to hea ...
Posted by NINTHTJ on Thu, 02 Dec 2021 10:39:48 -0800
DNS(Domain Name Service): provides a domain name resolution server for clients
Domain name composition
Overview of domain name composition
Host name. Domain name is called fully qualified domain name (FQDN). There can be multiple hosts under a domain name. The domain name is unique in the world, and the host name. Domain name must be un ...
The vulnerability is in the version before yii2.0.38. Download version 2.0.37basic
Modify the value of the / config/web file
Enter php yii serve in the current directory to start
Construct the deserialization entry first
Create a new contro ...
Posted by claypots on Mon, 29 Nov 2021 07:48:07 -0800
1. Basic operations of Exchange
Do the following in PowerShell on the Exchange server
Add the Exchange snap in to the current session
View mail database
Get-MailboxDatabase -server "dc"
Query the physical path of the database
Get-MailboxDatabase -Identity 'Mailbox Database 0761701514' | Format-List ...
Posted by ungown_admin on Wed, 24 Nov 2021 01:35:17 -0800
In this article, we will learn the URLDNS chain of ysoserial tool. Compared with the CC chain learned earlier, the URLDNS chain is relatively simple.
URLDNS is a utilization chain used by ysoserial tool to detect the existence of Java deserialization vulnerability. Through URLDNS utilization chain, you can initiate a DNS query request, so as ...
Posted by thefortrees on Tue, 23 Nov 2021 19:21:35 -0800
UNIX system has always had powerful shell programs. The birth of Windows PowerShell is to provide command-line shell programs (such as sh, bash or csh) with functions equivalent to UNIX system. At the same time, it also has built-in script language and tools to assist script programs, so that command-line users and script writers c ...
Posted by rbama on Sun, 07 Nov 2021 18:01:06 -0800
Blind injection, as the name suggests, means that the return value can not be seen directly during injection, but we can judge it by other methods: next, I will introduce error echo, time blind injection and Boolean blind injection one by one.
Blind injection is divided into three categories:
reference resources: like 'ro%' # judge whe ...
Posted by noisenet on Sat, 06 Nov 2021 13:54:55 -0700
The path of painful penetration
The CTF was very sour this time. There were 7 WEB penetration topics, which was also the beginning of pain. Good audit, why add so many high thresholds.
Open the complete page, that is, log in to the registration page. Name, age, uplo ...
Posted by ntjang on Wed, 27 Oct 2021 23:06:31 -0700
2021 "Green League Cup" Chongqing University Student Information Security Competition - Light1ng team Writeup
For other directions, please refer to pdf:https://wws.lanzoui.com/iWk1ovo0eaj Password: Le1a
Misc1: check in 1
The title gives a string of base64 codes
Posted by sykowizard on Sat, 23 Oct 2021 00:28:09 -0700
The touch command is used to create files and modify the time attributes of files or directories, including access time and change time. If the file does not exist, a new file will be created.ls -l can display the time record of the fileUser permissions: all users
touch [-acfm][-d<Date time>][-r<Reference docu ...
Posted by Desdinova on Wed, 13 Oct 2021 12:15:18 -0700