Category:Information Security

  • How to realize multi branch test from the perspective of operation and maintenance

    Time:2019-11-12

    Multi branch test requirements With the growth of business and demand, R & D needs to be developed in parallel. How to ensure that functions are not affected and prevent R & D fights. How to ensure that everyone’s code is not covered, and how to ensure that the online function is the online code. […]

  • Meterpreter use

    Time:2019-11-11

    0x01 system command Basic system commands Background – places the current session in the background Sessions – view help Sessions – I ා enter session – K kill session Bgrun / run ා execute the existing module, enter run and press tab twice to list the existing scripts Info – view existing module information Getuid […]

  • Token based authentication of Vue & nodejs JWT

    Time:2019-11-10

    Now the more popular way of verification is to takeLogin verification of token principle 1. When logging in, the client sends the user name and password 2. The server verifies whether the user name and password are correct. After verification, a valid token string will be generated and sent to the client 3. The token […]

  • Logic vulnerability mining

    Time:2019-11-9

    Logic loophole refers to that some logic branches are unable to handle or handle errors due to the lax or too complex logic of the program, which generally occurs in any password modification (without old password verification), unauthorized access, password retrieval, transaction payment amount, etc.  

  • VMware Kali virtual machine environment configuration

    Time:2019-11-8

    Compiling kernel (1)Execute the command uname – r to see the kernel version. (2)Execute the command apt cache search Linux headers to see if the kernel header file is installed.   (3)  If the content of uname-r is found in the search kernel header file, you do not need to install the kernel. If not, […]

  • HTTP header security options (discussion)

    Time:2019-11-7

    HTTP header – Security Issues Mirror Wang Yuyang 2019-10-01 Reference: MDN technical documentation; HTTP header security related options Understanding HTTP protocol https://www.cnblogs.com/wangyuyang1016/p/10421073.html HTTP is an extensible protocol~ X-Frame-Options: X-Frame-OptionsThe HTTP response header is used to indicate to the browser whether a page can be perhapsThe mark shown in. Sites can avoid this by ensuring that […]

  • Analysis and solution of the landowner encryption protocol

    Time:2019-11-6

    “Analyze the encryption protocol of the tussle landlord.”   As a mobile phone chess and card game manufacturer, tuyou is ranked No.1. Its landlords of tuyou have been very hot. It is vaguely remembered that the manufacturer has been engaged in the national competitive competition against landlords, and has rubbed against the IP of the […]

  • bugku—Web_Writeup

    Time:2019-11-5

    Bugku_Web_Writeup Writeup is a little rough~~ Some web problems don’t get the final flag ~ just have a simple idea~~ Web1: As mentioned above, a picture will pop up after you open the question answering website. You can find that it is a PHP source code by looking at the picture. Through the analysis of […]

  • Obtaining and cracking windows password

    Time:2019-11-4

    Windows password obtaining and cracking This article is just a simple description of password acquisition and cracking Specific operation details are avoided in the way of fuzzy or specific code confusion If you are interested, please study by yourself, this article will not elaborate~~~ Get ideas: Windows password is usually encrypted and saved with “hash […]

  • Audit analysis of ThinkPHP < 6.0 SQL injection code

    Time:2019-11-2

    Too many versions only analyze the large version and the version with more users. Currently, the version with the most users is 3.2.3. During the audit, multiple versions were found to be unpublished Test environment: mysql5.6 / php5.5 First of all, it is clear that the full version of ThinkPHP may have wide byte injection […]

  • PHP code audit foundation – Intermediate

    Time:2019-11-1

    The primary part is more about vulnerability analysis of existing versions and functions with security problems, while the intermediate part is more about vulnerability exploitation based on user input   The intermediate level is more about the security problems caused by user input. First of all, the preparation tool should have a PHP local environment […]

  • PHP code audit foundation – Advanced

    Time:2019-10-31

    Advanced part 1. Be familiar with the historical version vulnerabilities of each open source framework. 2. Business logic vulnerability 3. Vulnerabilities caused by multithreading 4. Vulnerability caused by transaction lock   There are a lot of loopholes in advanced audit, which normally do not exist, only in special cases.   PHP common framework Zendframwork,Yii,Laravel ,、ThinkPHP For […]