Tag:network security

  • CTF’s web learning record — file contains


    File contains summary Common files contain functions and principles Local file contains Remote file contains Remote inclusion with question mark truncation utilize php://filter utilize php://input serialization and deserialization Java file contains CVE-2018-12613 summary summary Back end programmers usually write reusable functions to a single file, and then call this file directly when needed. This process […]

  • Goby reverse reproduction


    0x00 Preface Recently, when reproducing goby’s anti-counterfeiting, I encountered many pits. I recorded the anti-counterfeiting process and the pits encountered, and the world’s strongest hacker mux1ng helped me solve many problems. 0x01 environment Attack aircraft: windows10 Goby1.8.230 Reaction machine: Windows7 Phpstudy2016 0x02 step 1. Then open a PHP service on the reverse machine, […]

  • Common vulnerabilities_ File upload


    1、 Introduction principle When programmers develop the file upload function, because the back-end detection of files is not strict enough or the white list verification is only carried out on the front-end JS, the attacker causes an attack on the server by uploading malicious files. harm Permission loss System crash 2、 Use 1. Front end […]

  • Wamp deploy PHP + vscode + Xdebug (xdebug3. X stepping on the pit)


    Ctfshow doesn’t really want to sit down when it does SQL injection. The database foundation is too poor to understand. So I jump to the later topic to see what I’m interested in. I see the topic of ThinkPHP. Tut I can’t understand 571 under the topic of ThinkPHP. What the boss does is to […]

  • fakebook


    This question has been used successively robots.txt sqli Deserialization The first thing to open is to registerThe page after registration has a contentF12 see iframeIt should be the address of the blogSo let blog become flag phpI found that I can’t register againThere are two ideas about this See if there are any background pages […]

  • Recurrence of php-fpm Remote Code Execution Vulnerability (cve-2019-11043)


    Recurrence of php-fpm Remote Code Execution Vulnerability (cve-2019-11043) Environment construction git clone https://github.com/vulhub/vulhub.git cd vulhub/php/CVE-2019-11043 docker-compose up -d visit Install exploit tools git clone https://github.com/neex/phuip-fpizdam.git cd phuip-fpizdam go env -w GOPROXY=https://goproxy.cn go get -v && go build attack go run . “” Show successful exploit The browser is accessed and successfully reproduced. The ID can […]

  • Windows rights CMD enable 3389


    Right raising 1. Name and version of operating system View all users View remote port (3389) View network configuration Directory file operation: common commands Open port 3389 Windows rights raising preparation Right raising auxiliary tool Rights raising auxiliary website At upgrade Windows Server 2003 SC Rights: Using pinjector Exe rights Pstools rights 1. Name and […]

  • SSRF vulnerability


    First, find a definition on the network: server-side Request Forgery; Using a service that can initiate network requests can be used asspringboardTo attack other services.SSRF attacks usually attack internal systems that cannot be directly accessed by external networks. First, let’s talk about my personal understanding. SSRF is mainly used to attack the intranet host through […]

  • Several common network packet capturing and protocol analysis tools


    Several common network packet capturing and protocol analysis tools introduction A necessary skill for network engineers – capturing network data. In this blog, we will focus on the following issues: How to capture the network data sent / received by the computer? How to grab the network data on host B on host a? How […]

  • SQL injection white box audit under the framework of mybatis


    1、 Two ways to pass parameters under the mybatis framework 1.select * from [tablename] where [column]=#{value} #{value}, that is, using JDBC precompile mode, can effectively prevent SQL injection vulnerabilities. 2.select * from [tablename] where [column]=${value} ${value}, which is the dynamic splicing of SQL statements. If the parameter is externally controllable and not verified, there is […]

  • Ultra detailed, Wireshark 3.6.3 installation tutorial (Windows system)


    Environmental preparation Operating system: Windows 10 Enterprise EditionInstallation package: wireshark-win32-3.6.3 exe Initial installation Double click the installation package to enter the installation wizard interface. 1) Click next to start the installation 2) Agree to the license agreement and click next 3) In the component selection interface, keep the default and click next 4) In the […]

  • Vulnhub range tomato


    1. Target information Target name: Tomato Target difficulty: medium to difficult Virtual machine environment: VMware Workstation 15 X pro (this target is recommended to be built with VMware) Shell: get target( [email protected] : ~#), and then get the flag under / root Target address:https://download.vulnhub.com/tomato/Tomato.ova Kali server IP Target IP 2. Information collection 2.1 […]