玄机应急响应-第三章
权限维持-linux权限维持-隐藏 一,黑客隐藏的隐藏的文件 完整路径md5 发现/tmp下存在可疑的.temp文件 #!/usr/bin/python3 import socket,subprocess,os,sys, time pidrg = os.fork() if pidrg > 0: sys.exit(0) os.chdir("/") os.set...
bamuwe's_blog
玄机应急响应-第一章
第一章 应急响应-webshell查杀 查杀方法1:d盾查杀 查杀方法2:grep -nr “eval” .` 一,黑客webshell里面的flag flag{xxxxx-xxxx-xxxx-xxxx-xxxx} <?php @session_start(); @set_time_limit(0); @error_reporting(0); function encode...
[CISCN 2022 华东北]duck
UAF UAF leak_libc leak_heap_base 指针加密 unsortedbin one_gadget [*] '/home/bamuwe/duck/pwn' Arch: amd64-64-little RELRO: Full RELRO Sta...
[NISACTF 2022]UAF
[NISACTF 2022]UAF pwn: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=85bd87e16a35c0c05064a1a0938...
[HNCTF 2022 WEEK4]ezheap
[HNCTF 2022 WEEK4]ezheap [*] '/home/bamuwe/ezheap/ezheap' Arch: amd64-64-little RELRO: Full RELRO Stack: Canary found NX: NX enabled PIE: PIE enabled ...
hitcontraining_heapcreator
[BUUCTF]hitcontraining_heapcreator UAF Off-By-One 堆溢出 对应libc版本libc6_2.23-0ubuntu9_amd64 [*] '/home/bamuwe/heapcreator/heapcreator' Arch: amd64-64-litt...
[BJDCTF 2020]YDSneedGirlfriend
所谓UAF漏洞是指程序在运行时通过悬空指针(悬空指针是指仍然指向已被释放内存空间的指针)访问已经被释放的内存. bamuwe@bamuwe:~/YDSneedGirlfriend$ ldd girlfriend linux-vdso.so.1 (0x00007ffd09fec000) /home/bamuwe/pwn_tools/glibc-all-in-o...
palurctf_Palu
bamuwe@bamuwe:~/palu$ checksec Palu [*] '/home/bamuwe/palu/Palu' Arch: amd64-64-little RELRO: No RELRO Stack: Canary found NX: NX enabled PIE: No PIE (0x400...
[HNCTF 2022 WEEK4] ez_uaf
[*] '/home/bamuwe/ez_uaf/ez_uaf' Arch: amd64-64-little RELRO: Full RELRO Stack: Canary found NX: NX enabled PIE: PIE enabled $ checksec ./ez_uaf Easy...
[GFCTF 2021]where_is_shell
shell的特殊姿势 看上去很简单的栈溢出,但是问题在于找不到能用的/bin/sh或者sh 这里出现了一个shell的新姿势:可以利用system($0)获得shell权限,$0在机器码中为 \x24\x30 在tips函数中正好有 \x24\x30可以用来构造,所以需要取出0x400541 关于ida打开机器码:Option->general->Number ...