Published on 2022-07-09
2025宁波网络安全大赛预赛pwn:entity_cache 详解 这是本次初赛的仅有的一个困难标注的题目,本题是常规的堆题目,但是没给libc文件,猜测libc成为本题最大的难点,然后就是从堆上打到栈上,从栈上绕过沙箱的流程了 题目情况
Published on 2025-09-02
题目情况 Such an innocent binary, what could possibly go wrong? Arch: amd64-64-little RELRO: Partial RELRO Stack: Canary found
Published on 2025-01-01
题目情况 In one of Bonnie's first missions, a helpless dog was injured by the laser guns during the fierce fight and was unable to move and escape the war
Published on 2024-12-31
前言 本题目触发了一个知识盲区,setenv函数的细节,会让环境变量指针数组进入堆中,如果存在堆中漏洞,可能可以篡改环境变量 题目情况 Draeger ordered Thanatos, destroyer under the Golden Fang flag, to annihilate our
Published on 2024-12-26
前言 本题目介绍了一种溢出覆盖chunk size创造重叠块的利用手法 题目情况 After the successful hijacking of the D12 spaceship during the Space Pirate mission, the crew managed to plac
Published on 2024-12-25
前言 一次常规的fastbin dup练习 题目情况 In this magic school, there are some spellbound books given to young wizards where they can create and store the spells the
Published on 2024-12-24
题目情况 Arch: amd64-64-little RELRO: Full RELRO Stack: Canary found NX: NX enabled PIE: PIE enabled
Published on 2024-12-23
前言 题目的要点有2个,一个是跳过scanf赋值的手法泄露libc,一个是GOT表劫持拿shell,跳过scanf赋值的技巧 今天是第16天,咕咕咕了好几天,最近太累了,一点精力没有,今天开始恢复练习!! 题目情况 After unearthing the crashed alien spacecr
Published on 2024-11-15
前言 首发于先知社区:https://xz.aliyun.com/t/16074?time__1311=GuD%3DYKBK7IeRx05DKA81tDkFG8Bpphm3x 题目来自网鼎杯白虎组初赛pwn01,这个题目是常规的堆菜单题,但没有常见的堆溢出,双重释放,UAF问题,问题始于OOB漏洞,
Published on 2024-11-09
