我可是会飞的啊 主要方向:re,pwn

【置顶】本博客的使用指南&更新计划(2024.10.24更新)

本博客的使用指南,更新计划,碎碎念

selph Published on 2022-07-09

[DefCamp CTF 2025] pwn-nulle writeup

pwn - nulle 题目描述:Our developer got a bit too clever with C structs. They decided that if two structs have the same fields, just in a different order,

selph Published on 2025-09-24

2025宁波网络安全大赛预赛pwn:entity_cache 详解

2025宁波网络安全大赛预赛pwn:entity_cache 详解 这是本次初赛的仅有的一个困难标注的题目,本题是常规的堆题目,但是没给libc文件,猜测libc成为本题最大的难点,然后就是从堆上打到栈上,从栈上绕过沙箱的流程了 题目情况

selph Published on 2025-09-02

[HTB] Login Simulator

题目情况 Such an innocent binary, what could possibly go wrong? Arch: amd64-64-little RELRO: Partial RELRO Stack: Canary found

selph Published on 2025-01-01

[HTB] Hellhound

题目情况 In one of Bonnie's first missions, a helpless dog was injured by the laser guns during the fierce fight and was unable to move and escape the war

selph Published on 2024-12-31

[HTB] Sabotage

前言 本题目触发了一个知识盲区,setenv函数的细节,会让环境变量指针数组进入堆中,如果存在堆中漏洞,可能可以篡改环境变量 题目情况 Draeger ordered Thanatos, destroyer under the Golden Fang flag, to annihilate our

selph Published on 2024-12-26

[HTB] Bon-nie-appetit

前言 本题目介绍了一种溢出覆盖chunk size创造重叠块的利用手法 题目情况 After the successful hijacking of the D12 spaceship during the Space Pirate mission, the crew managed to plac

selph Published on 2024-12-25

[HTB] Spellbook

前言 一次常规的fastbin dup练习 题目情况 In this magic school, there are some spellbound books given to young wizards where they can create and store the spells the

selph Published on 2024-12-24

[HTB] Trick or Deal

题目情况 Arch: amd64-64-little RELRO: Full RELRO Stack: Canary found NX: NX enabled PIE: PIE enabled

selph Published on 2024-12-23

[HTB] Control Room

前言 题目的要点有2个,一个是跳过scanf赋值的手法泄露libc,一个是GOT表劫持拿shell,跳过scanf赋值的技巧 今天是第16天,咕咕咕了好几天,最近太累了,一点精力没有,今天开始恢复练习!! 题目情况 After unearthing the crashed alien spacecr

selph Published on 2024-11-15
Previous Next