What does Application Verifier do?
Application Verifier is an official application verification tool from Microsoft. It is mainly used to help users detect and debug memory corruption, dangerous security vulnerabilities, Run-time detection, etc. It is an auxiliary development tool without modifying the source code; When reporting unrel ...
1, Preparation stage
Attack host: kali Linux
Attack tools: airrack ng, airdump ng, air ng, and air replay ng
One network card
You can check whether the network card is ready through the command: sudo iwconfig.
My network card name is wlan0
lo no wireless extensions.
eth0 no wireless extensions.
Posted by pradee on Sun, 22 May 2022 11:24:31 +0300
The first step is to change libc
Enter code audit
If you find that the symbol table is closed, you need to guess the function with the function.
Then rename the main function.
It is obvious that there i ...
Posted by jonex on Fri, 20 May 2022 05:29:05 +0300
OpenSSH (OpenBSD Secure Shell) is a set of connection tools for secure access to remote computers of the Openbsd program group. The tool is an open source implementation of SSH protocol, supports encryption of all transmissions, and can effectively prevent eavesdropping, connection hijacking and other network level attacks. ...
Posted by tbeinc on Fri, 20 May 2022 04:59:54 +0300
CTF Reverse-[Anxun Cup 2019]game-Use deflat to make conventional logical judgments after the main confusion is de-obfuscated
Attachment: https://pan.baidu.com/s/1qq_64SNIRnnTTCNqNIKOiw?pwd=1iz9 Extraction code: 1iz9
Determine the funct ...
Posted by Ludichrist on Wed, 18 May 2022 00:20:16 +0300
Solution of Web check-in problem in DDCTF in 2020. (web 🐶 Only work out this problem. I have something to do the next day)
web check in question
Step 1: JWT bypass
Figure 1: accident conditions given by the title.
Send a request to the api and get the following response. The data format of data is similar to jwt, which is guessed to be ...
The application of struts 2 is full of holes. Recently, I suddenly thought about studying the relevant principles and utilization. s2-052 vulnerability is caused by lgtm Com security researcher reported that CVE-2017-9805 is a remote command execution vulnerability with a Critical degree of vulnerability. When users use the Struts R ...
Posted by cyberRobot on Wed, 11 May 2022 11:27:58 +0300
Target address: http://188.8.131.52:1616/
After entering the drone, select the character attribute you want and start the game
After looking at other game functions, I found that we need to defeat the old demon through crusade to clear the level
You can buy Tathagata Palms from the mall, but you need to ...
Posted by Mirge on Mon, 09 May 2022 00:24:45 +0300
1, The encoding implementation adds code to the code section
1. Address of different software
We open a file with OD to simulate the real running state of the file, so all the addresses displayed in the left column are memory addresses, and the starting address of the file is ImageBase We use UE and winhex to open a file. The beginning is t ...
Posted by vinny199 on Tue, 03 May 2022 03:41:30 +0300
1, New section ideas
1. Meet the conditions of new section
Why add a new section to add code? Because sometimes the blank area of all sections may not be enough to store the code we want to add, we add enough sections to add code ourselves First, judge whether there is enough space to add a section table (to add a new section, you need to a ...
Posted by andy1398 on Mon, 02 May 2022 18:30:54 +0300