文章分类 - 安全
网络安全
摘要:题目: <?php error_reporting(0); if (empty($_GET['id'])) { show_source(__FILE__); die(); } else { include 'flag.php'; $a = "www.baidu.com"; $result = "";
阅读全文
posted @ 2025-05-07 23:37
lethe311
摘要:题目 <?php if(isset($_GET['a'])){ $a = $_GET['a']; if(is_numeric($a)){ echo "no"; } if(!preg_match("/flag|system|php/i", $a)){ eval($a); } }else{ highli
阅读全文
posted @ 2025-05-07 22:54
lethe311
摘要:题目: FGAFDAXAGXDGDXAXAGDDAFDAAFFGFDAFGX 先倒序 s = "FGAFDAXAGXDGDXAXAGDDAFDAAFFGFDAFGX" print(s[::-1]) ADFGX解密 flagisadfgxcipher MD5
阅读全文
posted @ 2025-05-07 22:18
lethe311
摘要:题目: int __cdecl main(int argc, const char **argv, const char **envp) { __isoc99_scanf("%s", flag); enkey(); reduce(); check(); return 0; } int enkey()
阅读全文
posted @ 2025-05-07 10:49
lethe311
摘要:题目: void __fastcall __noreturn main(char *a1, char **a2, char **a3) { int v3; // eax char buf[8]; // [rsp+0h] [rbp-10h] BYREF unsigned __int64 v5; //
阅读全文
posted @ 2025-05-06 23:31
lethe311
摘要:题目: int __cdecl main(int argc, const char **argv, const char **envp) { init(); Start(); write(1, "Let's look at this question\n", 0x1Du); return 0; }
阅读全文
posted @ 2025-05-06 12:30
lethe311
摘要:char *Start() { char s[108]; // [esp+Ch] [ebp-6Ch] BYREF puts("You'll get unexpected surprises"); printf("Do you want to try it?"); return gets(s); }
阅读全文
posted @ 2025-05-06 11:53
lethe311
摘要:from pwn import * r = remote("1.95.36.136", 2074) r.sendlineafter("您的名号:", b"a") r.sendlineafter("请作答:", b"2") r.sendlineafter("请回答:", b"22") def dyy(
阅读全文
posted @ 2025-05-05 23:12
lethe311
摘要:使用upx脱壳 int __fastcall main_0(int argc, const char **argv, const char **envp) { char *v3; // rdi __int64 i; // rcx FILE *v5; // rax char v7; // [rsp+2
阅读全文
posted @ 2025-05-05 21:07
lethe311
摘要:关键函数 __int64 __fastcall encrypt(const char *a1) { __int64 result; // rax char v2; // [rsp+13h] [rbp-Dh] int v3; // [rsp+14h] [rbp-Ch] int j; // [rsp+1
阅读全文
posted @ 2025-05-05 17:10
lethe311
摘要:使用Nspack脱壳 ida中持续跟进找到关键函数 int __cdecl main_0(int argc, const char **argv, const char **envp) { char v4; // [esp+0h] [ebp-190h] size_t ii; // [esp+D0h]
阅读全文
posted @ 2025-05-05 16:37
lethe311
摘要:Aspack脱壳 再次检测 是32位 ida: 发现很多函数 查看字符串 最终得到 void sub_401648() { qmemcpy(&Str2, ">4i44oo4?i=n>:m;8m4=oo4i;>?4>h9m", 32); } 思路,将str2的值每一位异或0xc 得到flag scri
阅读全文
posted @ 2025-05-05 15:41
lethe311
摘要:思路: 添加0,1,2trunk->编辑0写入/bin/sh\x00和覆盖1的size为1+2(0x81)->free1->把0x70大小的trunk申请回来->编辑1修改trunk2的索引的堆地址为free_got->show(2)泄露free_got地址->计算libc基地址->编辑2将syst
阅读全文
posted @ 2025-05-05 14:16
lethe311
摘要:Z2dib25k54ix6I+y6I+y5YWs5Li75LiA6L6I5a2Q ggbond爱菲菲公主一辈子 flag{Z2dib25k54ix6I+y6I+y5YWs5Li75LiA6L6I5a2Q}
阅读全文
posted @ 2025-05-05 01:15
lethe311
摘要:题目 int __fastcall __noreturn main(int argc, const char **argv, const char **envp) { int v3; // eax char buf[8]; // [rsp+0h] [rbp-10h] BYREF unsigned _
阅读全文
posted @ 2025-05-04 21:51
lethe311
摘要:题目: int __fastcall __noreturn main(int argc, const char **argv, const char **envp) { int v3; // [rsp+0h] [rbp-10h] BYREF int v4; // [rsp+4h] [rbp-Ch]
阅读全文
posted @ 2025-05-04 18:45
lethe311
摘要:题目: from encrypt import encrypt_message def bytes_to_hex(byte_data): return "".join(format(byte, "02x") for byte in byte_data) def main(): message = "
阅读全文
posted @ 2025-05-04 12:02
lethe311
摘要:压缩包的16进制保存下来,发现是真加密 密码:it'stooexpensive 解压得到 将apk放入手游模拟器 the value of it is 9527ETC flag{5ba2c63a15dcfecb5297f4688bfc6516}
阅读全文
posted @ 2025-05-03 23:49
lethe311
摘要:1奇1偶为伪加密,目录区0100改为0000 属性 得知F5-steganography加密
阅读全文
posted @ 2025-05-03 22:59
lethe311
浙公网安备 33010602011771号