Vulnerability analysis: CVE-2017-17215

Vulnerability analysis: CVE-2017-17215 The command injection vulnerability of Huawei HG532 router lies in the UPnP module. Vulnerability analysis What is UPnP? Set up the environment (using the docker environment of IOT vulhub), start the environment, and check the service and port monitoring started by the system.   The vulnerability lie ...

Posted on Fri, 03 Dec 2021 20:49:00 -0500 by affluent980

SCU freshmen 2021 pwn wp

Some time ago, the geek challenge 2021 and the SCU freshman competition in 2021 did not work out the last question. As a sophomore, I really should reflect on myself. It's too delicious. Woo woo. Geek challenge, because I played for too long, I almost forgot the title, so I didn't write wp. ret2text Simple stack overflow, hello world in pwn. ...

Posted on Mon, 29 Nov 2021 04:41:41 -0500 by LordRogaine

[pwn] 2021 geek challenge (part)

[pwn] 2021 geek challenge (part) 1,pwn777 0x1 How to say, this problem is to write rop chain with fmt. But it's also the first time to see this kind of fmt, which can be regarded as a new question type. 0x2 We open IDA for reverse analysis Just the two main functions, let me be the first level and the second level First enter the ga ...

Posted on Mon, 29 Nov 2021 01:09:07 -0500 by jasonhardwick

uaf logic questions BUUCTF hacknote

First, the title is a menu title. Manually identify and rename the title in ida, as shown in the figure: First, analyze the add function together with the program according to the program flow, as shown in the figure: According to the above analysis, PTR_ Array is a global array with a length of 5, and then enter if to judge that "* ...

Posted on Sun, 28 Nov 2021 04:16:28 -0500 by Baez

2021 geek challenge WP collection

WP comes from the network security community of Qilu Normal University Pay attention to the official account to receive more latest safety messages. WEB Dark When you look at the url, the standard dark net domain name at the end of the onion Use the onion browser to access and view the html code Welcome2021 Prompt at the beginning ...

Posted on Sat, 20 Nov 2021 05:37:23 -0500 by nrg_alpha

House_of_Lore Learning

House_of_Lore brief introduction house_of_lore is a utilization of the small_bin mechanism. By other means, if bin->bk can be replaced with the BK of the small_bin header chunk, then the BK of the header chunk can be set in advance to point to a fake_chunk that is fake_chunk. This allows any address to be leaked or its contents to be ...

Posted on Sun, 26 Sep 2021 12:25:43 -0400 by damonlee

Detailed explanation of house of pig

Before reproducing this question, you need to know some pre knowledge: largebin under libc2.31_ attack,tcache_stashing_unlink plus and IO under glibc_ File attack First, see largebin under libc2.31_ attack   0x1.largebin under libc2.31_ attack Follow the largebin in the how2heap project_ Attack and source code debugging. Starting with ...

Posted on Sun, 05 Sep 2021 17:45:33 -0400 by vishi83