Programmer Group

DisclaimersThe host penetrated by this article is legally authorized. The tools and methods used in this article are limited to learning and communication. Please do not use the tools and infiltration ideas used in this article for any illegal purpose. I will not bear any responsibility for all the consequences, nor be responsible for any misus ...

In this article, we will learn the URLDNS chain of ysoserial tool. Compared with the CC chain learned earlier, the URLDNS chain is relatively simple. URLDNS is a utilization chain used by ysoserial tool to detect the existence of Java deserialization vulnerability. Through URLDNS utilization chain, you can initiate a DNS query request, so as ...

SQL injection concept Basic concepts of database Related terms data Data refers to the symbols that record and identify objective events. It is the physical symbols or a combination of these physical symbols that record the nature, state and relationship of objective things. It is a recognizable and abstract symbol. See for details Baidu ...

Blind injection, as the name suggests, means that the return value can not be seen directly during injection, but we can judge it by other methods: next, I will introduce error echo, time blind injection and Boolean blind injection one by one. Blind injection is divided into three categories: reference resources: like 'ro%' # judge whe ...

The path of painful penetration 0x00 Preface The CTF was very sour this time. There were 7 WEB penetration topics, which was also the beginning of pain. Good audit, why add so many high thresholds. 0x01 Pentest-homework-200 http://homework.sctf.xctf.org.cn/ Open the complete page, that is, log in to the registration page. Name, age, uplo ...

Passive information collection using Recon ng Full feature web information search framework, developed based on Python. Note: when reading this article, pay attention to reading the comments in the code at the same time. 1. Enter Recon ng environment 1.1 welcome interface _/_/_/ _/_/_/_/ _/_/_/ _/_/_/ _/ _/ ...

Solution I Solution II Solution III Test site • directory scanning • SSRF • SQL injection • PHP deserialization When we get the website, we first need to collect information about the website to expand the probability of vulnerability discovery, such as whois, fingerprint identification, scanning the directory of ...

preface This blog post only talks about vulnerability utilization and batch mining. Before contacting src, I had the same question with many masters, that is, how did those masters dig holes in batches? After climbing for two months, I gradually have my own understanding and experience, so I intend to share it and communicate with all masters. ...