雨天の笔记

雨天の笔记-个人博客-笔记

DozerCTF-2021-PwnPwnPwn

0 条评论 CTF 无标签 admin
PwnPwnPwn__int64 FUN_10061883() { char v1[112]; // [rsp+0h] [rbp-70h] BYREF return gets(v1); }gets函数溢出在 中分别有/sh、/bin、system函数char *__fastcall FUN_10021884(int a1, int a2) { char *result; // ...

HTB-Hackthebox - Knife

0 条评论 HTB php/8.1.0-dev knife admin
请输入密码访问 

HTB-Postman

0 条评论 HTB redis webmin ssh2john admin
靶机描述清单信息搜集nmapredis 未授权ssh2john提权webmin信息搜集靶机IP端口扫描nmap -sS -sV -p- -T4 10.10.10.160Not shown: 65531 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubunt...

Codefest CTF 2020 (部分wp)

0 条评论 CTF 入门 pwn admin
C is hard➜ ctf21 checksec source_fixed [*] '/home/yutian/ctf21/source_fixed' Arch: amd64-64-little RELRO: Partial RELRO Stack: No canary found NX: NX enabled P...

NahamCon CTF 2021 (部分wp)

0 条评论 默认分类 入门 wp web安全 admin
Chicken Wings在线解码http://grompe.org.ru/static/wingdings_gaster.html然后在转换全小写Shoelaces010 打开图片搜索 flag 字符串得到esab64flag = "mxWYntnZiVjMxEjY0kDOhZWZ4cjYxIGZwQmY2ATMxEzNlFjNl13X" print(flag[::-...

HTB-Bashed

0 条评论 HTB 入门 sudo htb phpbash admin
靶机描述清单信息搜集nmapdirsearch未受到保护的危险php文件提权sudo -l定时脚本信息搜集靶机IP端口扫描nmap 10.10.10.68Not shown: 999 closed ports PORT STATE SERVICE 80/tcp open http80页面内容如下介绍了 phpbash https://github.com/Arrexel/phpbas...