PHP deserialization & Construction of POP chain -- CTF pklovecloud in the fifth space of 2021

0x00 Preface There are many articles on online and PHP deserialization & pop chain construction. The author briefly explains its related knowledge here. Learning, expanding and reviewing relevant knowledge from a problem will get twice the result with half the effort. 0x01 serialization and deserialization To facilitate the storage and t ...

Posted on Mon, 20 Sep 2021 23:50:56 -0400 by jonners

ctfshow file contains

web78 unprotected read source code <?php if(isset($_GET['file'])){ $file = $_GET['file']; include($file); }else{ highlight_file(__FILE__); } base64 decryption after pseudo protocol reading php://filter/read=convert.base64-encode/resource=flag.php web79 data protocol <?php if(isset($_GET['file'])){ $file = $_GET[ ...

Posted on Sun, 19 Sep 2021 08:23:04 -0400 by Renlok

Learning and recording of angr (I: input find address and avoid address)

What does angr do In summary, angr is a python framework for binary analysis in reverse engineering See its github homepage angr for details Symbolic Execution is a program analysis technology. It can analyze the program to get the input for specific code areas to execute. When using Symbolic Execution to analyze a program, the program uses s ...

Posted on Sun, 12 Sep 2021 20:17:24 -0400 by Inkyskin

Magic 010Editor Template Recognizes Pseudo Encryption

When talking about pseudo-encryption, "Geek Compression" can be used to ignore pseudo-encryption, open the compression package directly, and there are so good tools to download it, but the velvet reports virus directly, and persuade me directly. Later I saw Baidu Dalao's analysis of software on the Internet. Bamboo Bug: Backdoor hi ...

Posted on Thu, 09 Sep 2021 13:16:03 -0400 by Stevis2002