Programmer Group

PWN entry series (2) Stack overflow Stack overflow means that the number of bytes written by the program to a variable in the stack exceeds the number of bytes applied by the variable itself, resulting in the value of the variable in the adjacent stack being changed (overwritten). It is a specific buffer overflow vulnerability, similar to hea ...

java_ Command execution Runtime class analysis First look at the demo of a command execution, as follows import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; public class RuntimeTest { public static void main(String[] args) throws IOException { Runtime runtime = Runtime.getRuntime(); ...

preface:Early jenkins assumed all the functions of ci/cd in kubernetes Jenkins Pipeline evolution , we are going to split the cd continuous integration into spinnaker!Of course, the normal idea should be to get through the user account of jenkins spinnaker and integrate ldap.spinnaker account system. Relevant experiments have been done before i ...

Vulnerability type SSTI RCE Utilization conditions Scope of influence application Vulnerability overview On September 30, 2021, Steven Seeley, a foreign security researcher, disclosed an SQL injection vulnerability and an RCE vulnerability caused by SSTI in the latest DedeCMS version. Because the utilization conditions of SQL injection vul ...

catalogue What values in the PE file will be affected by the new section? To add a new section: Add section manually Code new section If you need to build a shellcode at one end in the PE file (when the remaining space in the default section area is insufficient), you can solve this problem by adding a section. Usually, most shelling soft ...

Absrtact: This paper will first introduce the principle of java deserialization vulnerability, and then introduce how security tools detect and scan such vulnerabilities. This article is shared from Huawei cloud community< java deserialization vulnerability and its detection >, author: alpha1e0. 1 Introduction to Java deserialization ...

Experiment 1: brute force cracking Specific requirements: break the login point of the specified IP environment. A. IP address can be specified; B. The number of threads required for scanning can be set; C. Analyze the burst result and its principle, and show the corresponding process. 0x01 low difficulty: Log in to dvwa range Reset d ...