Programmer Help

Vulnerability analysis: CVE-2017-17215 The command injection vulnerability of Huawei HG532 router lies in the UPnP module. Vulnerability analysis What is UPnP? Set up the environment (using the docker environment of IOT vulhub), start the environment, and check the service and port monitoring started by the system.   The vulnerability lie ...

Some time ago, the geek challenge 2021 and the SCU freshman competition in 2021 did not work out the last question. As a sophomore, I really should reflect on myself. It's too delicious. Woo woo. Geek challenge, because I played for too long, I almost forgot the title, so I didn't write wp. ret2text Simple stack overflow, hello world in pwn. ...

[pwn] 2021 geek challenge (part) 1,pwn777 0x1 How to say, this problem is to write rop chain with fmt. But it's also the first time to see this kind of fmt, which can be regarded as a new question type. 0x2 We open IDA for reverse analysis Just the two main functions, let me be the first level and the second level First enter the ga ...

First, the title is a menu title. Manually identify and rename the title in ida, as shown in the figure: First, analyze the add function together with the program according to the program flow, as shown in the figure: According to the above analysis, PTR_ Array is a global array with a length of 5, and then enter if to judge that "* ...

WP comes from the network security community of Qilu Normal University Pay attention to the official account to receive more latest safety messages. WEB Dark When you look at the url, the standard dark net domain name at the end of the onion Use the onion browser to access and view the html code Welcome2021 Prompt at the beginning ...

House_of_Lore brief introduction house_of_lore is a utilization of the small_bin mechanism. By other means, if bin->bk can be replaced with the BK of the small_bin header chunk, then the BK of the header chunk can be set in advance to point to a fake_chunk that is fake_chunk. This allows any address to be leaked or its contents to be ...

Before reproducing this question, you need to know some pre knowledge: largebin under libc2.31_ attack，tcache_stashing_unlink plus and IO under glibc_ File attack First, see largebin under libc2.31_ attack   0x1.largebin under libc2.31_ attack Follow the largebin in the how2heap project_ Attack and source code debugging. Starting with ...