Programmer Group

PWN entry series (2) Stack overflow Stack overflow means that the number of bytes written by the program to a variable in the stack exceeds the number of bytes applied by the variable itself, resulting in the value of the variable in the adjacent stack being changed (overwritten). It is a specific buffer overflow vulnerability, similar to hea ...

DNS DNS(Domain Name Service): provides a domain name resolution server for clients Domain name composition Overview of domain name composition Host name. Domain name is called fully qualified domain name (FQDN). There can be multiple hosts under a domain name. The domain name is unique in the world, and the host name. Domain name must be un ...

Environment construction The vulnerability is in the version before yii2.0.38. Download version 2.0.37basic https://github.com/yiisoft/yii2/releases/tag/2.0.37 Modify the value of the / config/web file Enter php yii serve in the current directory to start Reappearance Construct the deserialization entry first Create a new contro ...

1. Basic operations of Exchange Do the following in PowerShell on the Exchange server Add the Exchange snap in to the current session add-pssnapin microsoft.exchange* View mail database Get-MailboxDatabase -server "dc" Query the physical path of the database Get-MailboxDatabase -Identity 'Mailbox Database 0761701514' | Format-List ...

In this article, we will learn the URLDNS chain of ysoserial tool. Compared with the CC chain learned earlier, the URLDNS chain is relatively simple. URLDNS is a utilization chain used by ysoserial tool to detect the existence of Java deserialization vulnerability. Through URLDNS utilization chain, you can initiate a DNS query request, so as ...

preface UNIX system has always had powerful shell programs. The birth of Windows PowerShell is to provide command-line shell programs (such as sh, bash or csh) with functions equivalent to UNIX system. At the same time, it also has built-in script language and tools to assist script programs, so that command-line users and script writers c ...

Blind injection, as the name suggests, means that the return value can not be seen directly during injection, but we can judge it by other methods: next, I will introduce error echo, time blind injection and Boolean blind injection one by one. Blind injection is divided into three categories: reference resources: like 'ro%' # judge whe ...

The path of painful penetration 0x00 Preface The CTF was very sour this time. There were 7 WEB penetration topics, which was also the beginning of pain. Good audit, why add so many high thresholds. 0x01 Pentest-homework-200 http://homework.sctf.xctf.org.cn/ Open the complete page, that is, log in to the registration page. Name, age, uplo ...

2021 "Green League Cup" Chongqing University Student Information Security Competition - Light1ng team Writeup For other directions, please refer to pdf:https://wws.lanzoui.com/iWk1ovo0eaj Password: Le1a Misc Misc1: check in 1 The title gives a string of base64 codes Decoded flag: flag{c54ce9d7b4e17980dd4906d9941ed52a} Misc2: ...

touch command: The touch command is used to create files and modify the time attributes of files or directories, including access time and change time. If the file does not exist, a new file will be created.ls -l can display the time record of the fileUser permissions: all users Syntax: touch [-acfm][-d<Date time>][-r<Reference docu ...