Debugging Tools: Application Validator (How to use it and how it works)
What does Application Verifier do?
Application Verifier is an official application verification tool from Microsoft. It is mainly used to help users detect and debug memory corruption, dangerous security vulnerabilities, Run-time detection, etc. It is an auxiliary development tool without modifying the source code; When reporting unrel ...
Posted by Idri on Wed, 25 May 2022 12:51:24 +0300
Actual combat of wireless routing attack
1, Preparation stage
Attack host: kali Linux
Attack tools: airrack ng, airdump ng, air ng, and air replay ng
One network card
You can check whether the network card is ready through the command: sudo iwconfig.
My network card name is wlan0
root@kali:~# iwconfig
lo no wireless extensions.
eth0 no wireless extensions.
wlan0 ...
Posted by pradee on Sun, 22 May 2022 11:24:31 +0300
Two ways of heap overflow (topic)
babyheap_0ctf_2017
The first step is to change libc
Routine checksec
Enter code audit
If you find that the symbol table is closed, you need to guess the function with the function.
Then rename the main function.
Allocate function:
Nothing special
Fill function
It is obvious that there i ...
Posted by jonex on Fri, 20 May 2022 05:29:05 +0300
Upgrade CentOS 7 to openssh 8.0 7.p1
Background summary
OpenSSH (OpenBSD Secure Shell) is a set of connection tools for secure access to remote computers of the Openbsd program group. The tool is an open source implementation of SSH protocol, supports encryption of all transmissions, and can effectively prevent eavesdropping, connection hijacking and other network level attacks. ...
Posted by tbeinc on Fri, 20 May 2022 04:59:54 +0300
CTF Reverse-[Anxun Cup 2019]game-Use deflat to de-obfuscate conventional logic judgments
CTF Reverse-[Anxun Cup 2019]game-Use deflat to make conventional logical judgments after the main confusion is de-obfuscated
Source: https://buuoj.cn/
Content: none
Attachment: https://pan.baidu.com/s/1qq_64SNIRnnTTCNqNIKOiw?pwd=1iz9 Extraction code: 1iz9
Answer: KDEEIFGKIJ@AFGEJAEF@FDKADFGIJFA@FDE@JG@J
general idea
Determine the funct ...
Posted by Ludichrist on Wed, 18 May 2022 00:20:16 +0300
2020 ddctf web check-in problem solution
Solution of Web check-in problem in DDCTF in 2020. (web 🐶 Only work out this problem. I have something to do the next day)
web check in question
Step 1: JWT bypass
Figure 1: accident conditions given by the title.
Send a request to the api and get the following response. The data format of data is similar to jwt, which is guessed to be ...
Posted by ego0 on Tue, 17 May 2022 16:51:44 +0300
Recurrence of struts 2-052 vulnerability
preface
The application of struts 2 is full of holes. Recently, I suddenly thought about studying the relevant principles and utilization. s2-052 vulnerability is caused by lgtm Com security researcher reported that CVE-2017-9805 is a remote command execution vulnerability with a Critical degree of vulnerability. When users use the Struts R ...
Posted by cyberRobot on Wed, 11 May 2022 11:27:58 +0300
bugkuctf
bugkuctf: https://ctf.bugku.com
Target address: http://123.206.31.85:1616/
After entering the drone, select the character attribute you want and start the game
After looking at other game functions, I found that we need to defeat the old demon through crusade to clear the level
You can buy Tathagata Palms from the mall, but you need to ...
Posted by Mirge on Mon, 09 May 2022 00:24:45 +0300
day32.1 - coding implementation add code
1, The encoding implementation adds code to the code section
1. Address of different software
We open a file with OD to simulate the real running state of the file, so all the addresses displayed in the left column are memory addresses, and the starting address of the file is ImageBase We use UE and winhex to open a file. The beginning is t ...
Posted by vinny199 on Tue, 03 May 2022 03:41:30 +0300
day33.1 - new section, expanded section - add code
1, New section ideas
1. Meet the conditions of new section
Why add a new section to add code? Because sometimes the blank area of all sections may not be enough to store the code we want to add, we add enough sections to add code ourselves First, judge whether there is enough space to add a section table (to add a new section, you need to a ...
Posted by andy1398 on Mon, 02 May 2022 18:30:54 +0300