文章分类 - 安全
网络安全
摘要:import gmpy2 from Crypto.Util.number import * a = 1565060704395149152418407457618035042368638736558541613095172195931592854902184165138684317507915090
阅读全文
posted @ 2025-04-28 20:03
lethe311
摘要:from pwn import * def conn(): global r,libc #r = process("./Emo_Chunk") r = remote("1.95.36.136", 2084) libc = ELF("./libc-2.23.so") def add(x): r.sen
阅读全文
posted @ 2025-04-28 19:30
lethe311
摘要:from pwn import * def conn(): global r,libc #r = process("./Emo_Chunk2") r = remote("1.95.36.136",2061) libc = ELF("./libc-2.23.so") def add(x): r.sen
阅读全文
posted @ 2025-04-28 17:52
lethe311
摘要:云影: str="1014014020140881088421010884108820108842088421088421088421088421088421" l = str.split("0") print(l) flag = '' for i in l: sum = 0 for j in i:
阅读全文
posted @ 2025-04-28 12:29
lethe311
摘要:维吉尼亚 eag'expxwxj itsme 解压压缩包 古精灵语 herec0mesthee1f 大写md5
阅读全文
posted @ 2025-04-28 11:17
lethe311
摘要:适用于对文件内容进行了检测且对文件大小无限制的情况 原码 <?php define('UPLOAD_PATH', __DIR__ . '/uploads/'); $is_upload = false; $msg = null; $status_code = 200; // 默认状态码为 200 if
阅读全文
posted @ 2025-04-28 00:13
lethe311
摘要:题目 解 或 import gmpy2 flag = "WMPTPTRGGPED" flags = '' for i in flag: i = ord(i)-ord("A") j = (gmpy2.invert(3,26)*(i-17))%26 flags += chr(j+ord("A")) pr
阅读全文
posted @ 2025-04-27 23:01
lethe311
摘要:题目 import base64 str = "j2rXjx8wSZjD" zdy = "GHI3KLMNJOPQRSTUb=cdefghijklmnopWXYZ/12+406789VaqrstuvwxyzABCDEF5" stand = "ABCDEFGHIJKLMNOPQRSTUVWXYZabc
阅读全文
posted @ 2025-04-27 22:10
lethe311
摘要:有一个程序员认为456是他的幸运数字,所以干什么都喜欢循环456。得到答案后MD5加密套上flag{}即可 kseYvkasuj5618t lygemfla235158jd utasvQsjdybl587t sydwkuhd54kdhg jtftY658qiwudhs iaugwjiushyc871
阅读全文
posted @ 2025-04-27 21:48
lethe311
摘要:题目 补齐25位,不重复 informatbcdeghjklpqsuvwxy engirabcdfhjklmopqstuvwxy
阅读全文
posted @ 2025-04-27 21:31
lethe311
摘要:import wordninja str = wordninja.split("tonightsuccessfavoritefavoritewewesuccesstonightweexamplecryptoshouldweistonightisexamplelearnwesublimlearnisw
阅读全文
posted @ 2025-04-27 20:58
lethe311
摘要:{ b c 1 b g 5 7 2 e c 0 6 6 } a 0 d 2 f b 1 3 7 l 9 5 1 b 5 4 5 1 f 0 6 b 7 flag{50905d7b2216bfeccb5b41016357176b}
阅读全文
posted @ 2025-04-27 20:40
lethe311
摘要:void __fastcall __noreturn main(const char *a1, char **a2, char **a3) { int v3; // [rsp+4h] [rbp-Ch] BYREF unsigned __int64 v4; // [rsp+8h] [rbp-8h] v
阅读全文
posted @ 2025-04-27 19:57
lethe311
摘要:from pwn import * def conn(): global r r = process("./like_it") #r = remote("1.95.36.136", 2097) def add(x,y): r.sendlineafter(b"Your choice :",b"1")
阅读全文
posted @ 2025-04-27 18:13
lethe311
摘要:from pwn import * def conn(): global libc,r r = remote("1.95.36.136", 2080) libc = ELF("./libc-2.23.so") def add(x,y): r.sendlineafter(b"Please Choice
阅读全文
posted @ 2025-04-27 12:21
lethe311
摘要:思路: 利用格式化字符串漏洞泄露canary的值,先gdb调试找到偏移 -> 泄露puts的真实地址进而得到libc的基地址和system和sh的地址 -> 填充到canary之前的空间 + canary的值 + 填充canary到ret的空间 -> rdi调用sh -> call(system)
阅读全文
posted @ 2025-04-26 23:50
lethe311
浙公网安备 33010602011771号