Debugging Tools: Application Validator (How to use it and how it works)

What does Application Verifier do? Application Verifier is an official application verification tool from Microsoft. It is mainly used to help users detect and debug memory corruption, dangerous security vulnerabilities, Run-time detection, etc. It is an auxiliary development tool without modifying the source code; When reporting unrel ...

Posted by Idri on Wed, 25 May 2022 12:51:24 +0300

Actual combat of wireless routing attack

1, Preparation stage Attack host: kali Linux Attack tools: airrack ng, airdump ng, air ng, and air replay ng One network card You can check whether the network card is ready through the command: sudo iwconfig. My network card name is wlan0 root@kali:~# iwconfig lo no wireless extensions. eth0 no wireless extensions. wlan0 ...

Posted by pradee on Sun, 22 May 2022 11:24:31 +0300

Two ways of heap overflow (topic)

babyheap_0ctf_2017 The first step is to change libc     Routine checksec   Enter code audit   If you find that the symbol table is closed, you need to guess the function with the function.   Then rename the main function. Allocate function:     Nothing special Fill function   It is obvious that there i ...

Posted by jonex on Fri, 20 May 2022 05:29:05 +0300

Upgrade CentOS 7 to openssh 8.0 7.p1

Background summary OpenSSH (OpenBSD Secure Shell) is a set of connection tools for secure access to remote computers of the Openbsd program group. The tool is an open source implementation of SSH protocol, supports encryption of all transmissions, and can effectively prevent eavesdropping, connection hijacking and other network level attacks. ...

Posted by tbeinc on Fri, 20 May 2022 04:59:54 +0300

CTF Reverse-[Anxun Cup 2019]game-Use deflat to de-obfuscate conventional logic judgments

CTF Reverse-[Anxun Cup 2019]game-Use deflat to make conventional logical judgments after the main confusion is de-obfuscated Source: https://buuoj.cn/ Content: none Attachment: https://pan.baidu.com/s/1qq_64SNIRnnTTCNqNIKOiw?pwd=1iz9 Extraction code: 1iz9 Answer: KDEEIFGKIJ@AFGEJAEF@FDKADFGIJFA@FDE@JG@J general idea Determine the funct ...

Posted by Ludichrist on Wed, 18 May 2022 00:20:16 +0300

2020 ddctf web check-in problem solution

Solution of Web check-in problem in DDCTF in 2020. (web 🐶 Only work out this problem. I have something to do the next day) web check in question Step 1: JWT bypass Figure 1: accident conditions given by the title. Send a request to the api and get the following response. The data format of data is similar to jwt, which is guessed to be ...

Posted by ego0 on Tue, 17 May 2022 16:51:44 +0300

Recurrence of struts 2-052 vulnerability

  preface The application of struts 2 is full of holes. Recently, I suddenly thought about studying the relevant principles and utilization. s2-052 vulnerability is caused by lgtm Com security researcher reported that CVE-2017-9805 is a remote command execution vulnerability with a Critical degree of vulnerability. When users use the Struts R ...

Posted by cyberRobot on Wed, 11 May 2022 11:27:58 +0300

bugkuctf

bugkuctf: https://ctf.bugku.com Target address: http://123.206.31.85:1616/ After entering the drone, select the character attribute you want and start the game After looking at other game functions, I found that we need to defeat the old demon through crusade to clear the level You can buy Tathagata Palms from the mall, but you need to ...

Posted by Mirge on Mon, 09 May 2022 00:24:45 +0300

day32.1 - coding implementation add code

1, The encoding implementation adds code to the code section 1. Address of different software We open a file with OD to simulate the real running state of the file, so all the addresses displayed in the left column are memory addresses, and the starting address of the file is ImageBase We use UE and winhex to open a file. The beginning is t ...

Posted by vinny199 on Tue, 03 May 2022 03:41:30 +0300

day33.1 - new section, expanded section - add code

1, New section ideas 1. Meet the conditions of new section Why add a new section to add code? Because sometimes the blank area of all sections may not be enough to store the code we want to add, we add enough sections to add code ourselves First, judge whether there is enough space to add a section table (to add a new section, you need to a ...

Posted by andy1398 on Mon, 02 May 2022 18:30:54 +0300