Category:Information Security

  • How to realize multi branch test from the perspective of operation and maintenance


    Multi branch test requirements With the growth of business and demand, R & D needs to be developed in parallel. How to ensure that functions are not affected and prevent R & D fights. How to ensure that everyone’s code is not covered, and how to ensure that the online function is the online code. […]

  • Meterpreter use


    0x01 system command Basic system commands Background – places the current session in the background Sessions – view help Sessions – I ා enter session – K kill session Bgrun / run ා execute the existing module, enter run and press tab twice to list the existing scripts Info – view existing module information Getuid […]

  • Token based authentication of Vue & nodejs JWT


    Now the more popular way of verification is to takeLogin verification of token principle 1. When logging in, the client sends the user name and password 2. The server verifies whether the user name and password are correct. After verification, a valid token string will be generated and sent to the client 3. The token […]

  • Logic vulnerability mining


    Logic loophole refers to that some logic branches are unable to handle or handle errors due to the lax or too complex logic of the program, which generally occurs in any password modification (without old password verification), unauthorized access, password retrieval, transaction payment amount, etc.  

  • VMware Kali virtual machine environment configuration


    Compiling kernel (1)Execute the command uname – r to see the kernel version. (2)Execute the command apt cache search Linux headers to see if the kernel header file is installed.   (3)  If the content of uname-r is found in the search kernel header file, you do not need to install the kernel. If not, […]

  • HTTP header security options (discussion)


    HTTP header – Security Issues Mirror Wang Yuyang 2019-10-01 Reference: MDN technical documentation; HTTP header security related options Understanding HTTP protocol HTTP is an extensible protocol~ X-Frame-Options: X-Frame-OptionsThe HTTP response header is used to indicate to the browser whether a page can be perhapsThe mark shown in. Sites can avoid this by ensuring that […]

  • Analysis and solution of the landowner encryption protocol


    “Analyze the encryption protocol of the tussle landlord.”   As a mobile phone chess and card game manufacturer, tuyou is ranked No.1. Its landlords of tuyou have been very hot. It is vaguely remembered that the manufacturer has been engaged in the national competitive competition against landlords, and has rubbed against the IP of the […]

  • bugku—Web_Writeup


    Bugku_Web_Writeup Writeup is a little rough~~ Some web problems don’t get the final flag ~ just have a simple idea~~ Web1: As mentioned above, a picture will pop up after you open the question answering website. You can find that it is a PHP source code by looking at the picture. Through the analysis of […]

  • Obtaining and cracking windows password


    Windows password obtaining and cracking This article is just a simple description of password acquisition and cracking Specific operation details are avoided in the way of fuzzy or specific code confusion If you are interested, please study by yourself, this article will not elaborate~~~ Get ideas: Windows password is usually encrypted and saved with “hash […]

  • Audit analysis of ThinkPHP < 6.0 SQL injection code


    Too many versions only analyze the large version and the version with more users. Currently, the version with the most users is 3.2.3. During the audit, multiple versions were found to be unpublished Test environment: mysql5.6 / php5.5 First of all, it is clear that the full version of ThinkPHP may have wide byte injection […]

  • PHP code audit foundation – Intermediate


    The primary part is more about vulnerability analysis of existing versions and functions with security problems, while the intermediate part is more about vulnerability exploitation based on user input   The intermediate level is more about the security problems caused by user input. First of all, the preparation tool should have a PHP local environment […]

  • PHP code audit foundation – Advanced


    Advanced part 1. Be familiar with the historical version vulnerabilities of each open source framework. 2. Business logic vulnerability 3. Vulnerabilities caused by multithreading 4. Vulnerability caused by transaction lock   There are a lot of loopholes in advanced audit, which normally do not exist, only in special cases.   PHP common framework Zendframwork,Yii,Laravel ,、ThinkPHP For […]