我可是会飞的啊 主要方向:re,pwn

【置顶】本博客的使用指南&更新计划(2024.10.24更新)

本博客的使用指南,更新计划,碎碎念

selph Published on 2022-07-09

[HTB] Sabotage

前言 本题目触发了一个知识盲区,setenv函数的细节,会让环境变量指针数组进入堆中,如果存在堆中漏洞,可能可以篡改环境变量 题目情况 Draeger ordered Thanatos, destroyer under the Golden Fang flag, to annihilate our

selph Published on 2024-12-26

[HTB] Bon-nie-appetit

前言 本题目介绍了一种溢出覆盖chunk size创造重叠块的利用手法 题目情况 After the successful hijacking of the D12 spaceship during the Space Pirate mission, the crew managed to plac

selph Published on 2024-12-25

[HTB] Spellbook

前言 一次常规的fastbin dup练习 题目情况 In this magic school, there are some spellbound books given to young wizards where they can create and store the spells the

selph Published on 2024-12-24

[HTB] Trick or Deal

题目情况 Arch: amd64-64-little RELRO: Full RELRO Stack: Canary found NX: NX enabled PIE: PIE enabled

selph Published on 2024-12-23

[HTB] Control Room

前言 题目的要点有2个,一个是跳过scanf赋值的手法泄露libc,一个是GOT表劫持拿shell,跳过scanf赋值的技巧 今天是第16天,咕咕咕了好几天,最近太累了,一点精力没有,今天开始恢复练习!! 题目情况 After unearthing the crashed alien spacecr

selph Published on 2024-11-15

网鼎杯白虎组 pwn01 超详细分析

前言 首发于先知社区:https://xz.aliyun.com/t/16074?time__1311=GuD%3DYKBK7IeRx05DKA81tDkFG8Bpphm3x 题目来自网鼎杯白虎组初赛pwn01,这个题目是常规的堆菜单题,但没有常见的堆溢出,双重释放,UAF问题,问题始于OOB漏洞,

selph Published on 2024-11-09

[HTB] Deathnote

前言 一个简单的堆问题,要点是如何用0x80的chunk泄露出libc 今天是第15天,继续努力! 题目情况 You stumble upon a mysterious and ancient tome, said to hold the secret to vanquishing your ene

selph Published on 2024-11-08

[HTB] Zombiedote

前言 一个关于堆的稍综合点的简单练习 该题目是 shellcode 的编写练习 今天是第14天,继续努力! 题目情况 Humanity is under siege from a deadly disease spread by zombies. The BioShield Solutions Re

selph Published on 2024-11-07

[HTB] Zombienator

前言 一个蛮有收获的综合题目 今天是刷题第13天,继续努力ing! 题目情况 Our radar has detected an approaching swarm of zombies, and the threat level is high. To safeguard our communit

selph Published on 2024-11-06
Previous Next