lisenMiller

摘要： 信息收集 Pay attention to the last line ssl-date: we have 7 hour clock skew,which should keep in mind if doing any keberos auth. SMB-TCP445 smbclient -N - 阅读全文

摘要： Port knock service: Knockd Service.This servcie hide the system open service by adding iptables rules dynamically.Using a customized series of serial 阅读全文

摘要： Briefly instruction: This time,the target machine encouter some url coding,php code audit found deserialization,script writing according to the conten 阅读全文

摘要： Flask exploit /proc/self/cmdline understands which process is currently running to provice the web service. curl http://10.10.11.201:8000/?page=../../ 阅读全文

摘要： exploiting json serialization in .NET core 当使用特定的配置的时候，将在NewtonSoft JSON中会有json的反序列化漏洞。 更加具体化一些就是当 jsonserializationsettings 中的typenamehandling这个属性不是N 阅读全文

摘要： This article will talk about th technical points and not talk about the whole pross this target machine has serveral technical points.One is when the 阅读全文

摘要： Form of expression The first is linpeas.sh in the process of detection found that there is a remote debugging of google chrome.the phenotype and analy 阅读全文

摘要： cors概述 发生跨域资源共享,web应用程序通过在http增加字段来告诉浏览器,哪些不同来源的服务器是有权访问本站资源的,当不同域的请求发生时,就出现了跨域的现象 cors漏洞原理 cors请求分为两类,简单请求与非简单请求. 简单请求: 请求方式为GET,POST,HEAD三种之一 http头不 阅读全文

摘要： attention：1.需要找到没有定义的回溯值。2.确保存在merge，copy等赋值的函数能够向上污染。3.注意回溯的情况必须是在copy或复制函数内的参数，需要多少个__proto__是根据这种复制来判断的 像一些链条是没有类似copy之类的赋值函数。可以直接通过调用的数量来判断例如 opt. 阅读全文

摘要： BREIFLY. this box is quite hard for beginner. the walkthrough is following: 1.nmap scan open ports detail and discover this box open 22 and 80 port bu 阅读全文