• Zimbra


    Step 1: read the configuration file with xxE   Cve-2019-9670 vulnerability is exploited here to read the configuration file. You need to place a DTD file on your VPS server and make the file accessible through HTTP. For demonstration, I created a warehouse on GitHub to get DTD files from GitHub. In the above figure, […]

  • SQLi-LABS Page-3 (order by injections) Less-46-Less-53


      Explanation of order by injection principle Injection principle 1. test ?sort=1 desc–+?sort=1 asc–+ The results are different, indicating that it can be injected Desc means descend in descending order ASC means ascend Some parameters after order by can be used for injection 2. make use of 1) the number after order by can be […]

  • Using hash remote login system


    Sometimes when we get the system administrator hash, because the password complexity is too high, we can use hash to log in remotely We use the module of Metasploit, broiler, as the windwis Server 2003 X32 system 1. Use the hash grabbing tool pwdump7.exe to get the hash Execute pwdump7.exe > > 1.txt Hash obtained […]

  • Penetration practice in vulnhub range (II) billu﹐b0x


    Run the virtual machine to scan the nmap directly to obtain the range IP nmap 192.168.18.* Open port TCP 22 SSH OpenSSH 5.9p1 TCP 80 HTTP Apache httpd 2.2.22 open page blast path to get Test.php, add.php, in.php, c.php, index.php, show.php, etc. guess that c.php can have a sentence in bursting Open once and […]

  • Penetration practice of vulnhub range (IV) acid


    Using NAMP to scan IP first nmap  192.168.18.* Get IP. No 80 port host is found alive. Guess it can be a port after 2000 Nmap – p1-65533 open port 33447 Obtained by using the imperial sword and burpsuit blasting Imges, index, challenge and so on   Make discovery directory / magic box […]

  • React performance optimization


    There is an important direction:NamelyAvoid unnecessary rendering。 React compares the virtual DOM tree returned by the render function with the old one to determine whether and how to update the dom. When will render be triggered Component mount: the process of component building and inserting DOM into the page is mount. Setsate() method called In […]

  • Penetration practice of vulnhub range (V) lazysysysadmin


    Step 1 scan IP nmap 192.168.18. * obtain IP Scan port [email protected]:~# masscan -p 1-10000 –rate=1000 Starting masscan 1.0.4 (http://bit.ly/14GZzcT) at 2019-07-08 11:54:11 GMT — forced options: -sS -Pn -n –randomize-hosts -v –send-eth Initiating SYN Stealth Scan Scanning 1 hosts [10000 ports/host] Discovered open port 3306/tcp on Discovered open port 6667/tcp on […]

  • PHP picture anti-theft chain


    Using. htaccess rewriting rules to prevent images from being stolen     2. Find httpd.conf and open the rewrite rule 3.  

  • C# Array Sort with Index


    Two methods have been proposed to implement it. List. Sort () and Dictionary. OrderBy () are used respectively. The code is as follows: int[] arrInt = new int[] { 11, 38, 12, 9, 234, 24, 441, 24, 45, 35 }; //List.Sort() List lstOrg = new List(), lstSort = new List(); lstOrg.AddRange(arrInt); lstSort.AddRange(arrInt); lstSort.Sort(); List lstIndex […]

  • Vulnerability Reproduction Defense Repair for CVE 2019-0708


    CVE-2019-0708 Windows was exposed again as a high-risk remote vulnerability CVE-2019-0708, which has great destructive power. Once the vulnerability is successfully exploited, an attacker can execute arbitrary code on the target system, including acquiring sensitive information, executing remote code, launching denial of service attacks and so on. What’s more, the vulnerability can be triggered without […]

  • MySQL Strings Separated into Lines & Substring Statistics


    Use the help_topic table to convert strings into rows (separating symbols’,’)   SELECT substring_index(substring_index(‘a,b,c,d,e,f,g,h’,’,’,`help_topic_id`+1),’,’,-1) as `id` FROM mysql.`help_topic`;   Statistics of the number of occurrences of each substring of a string (separator’,’)   SELECT substring_index(substring_index(A.`column`,’,’,B.`help_topic_id` + 1),’,’,-1) AS `sub_column`,COUNT(A.`column`) AS `count` FROM `test` A JOIN mysql.`help_topic` B ON B.`help_topic_id` < (length(A.`column`) – length(replace(A.`column`,’,’,”))+1) GROUP BY […]

  • Relevant Method of Retaining Decimals in PHP


    Combine the examples on the Internet $num = 10.4567;    // First: Round () is used to round floating-point numbers, but this would not be “two-precision” without two decimal numbers. echo ($num,2); //10.46   echo round(‘1.1’,2); //1.1 // Second: Format strings with sprintf and round them $format_num = (“%.2f”,$num); 2 echo $format_num; //10.46 // The third […]