2021 5space 第五空间线上部分writeup
时隔一年,再次以LQers之名打比赛
时隔一年,再次以LQers之名打比赛
考虑到大部分人有直接抄答案的习惯,所以只给一些hint和关键步骤
攻击机:Kali Linux最新版,192.168.85.131
Python版本:3.6!! 十分重要,Kali自带的3.9会蓝屏
被攻击机:Win10 v1903 (OS内部版本18362.356),192.168.85.145
周末事情太多,就看了两道简单题
攻击机:kali
被攻击机:win7sp1
ROP Emporium 第二部分
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=“null” (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.
在一道密码学题目中碰到的问题,需要绕过Miller-Rabin素性测试,稍微记录一下
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.