我可是会飞的啊 主要方向:re,pwn,欢迎加群讨论,神秘代码:********

【置顶】本博客的使用指南&更新计划(2024.10.24更新)

本博客的使用指南,更新计划,碎碎念

selph 发布于 2022-07-09

DefCamp CTF 2025 onigirl 详解

DefCamp CTF 2025 onigirl 复盘详解 作者:selph https://xz.aliyun.com/news/18992 文章转载自 先知社区 唯一一个困难pwn题,难是真难,为期2天的比赛总共只有11只队伍解出,该题是glibc-2.41下的题目,总共3个难点:如何绕过图像校

selph 发布于 2025-09-27

[DefCamp CTF 2025] pwn-nulle writeup

pwn - nulle 题目描述:Our developer got a bit too clever with C structs. They decided that if two structs have the same fields, just in a different order,

selph 发布于 2025-09-24

2025宁波网络安全大赛预赛pwn:entity_cache 详解

2025宁波网络安全大赛预赛pwn:entity_cache 详解 这是本次初赛的仅有的一个困难标注的题目,本题是常规的堆题目,但是没给libc文件,猜测libc成为本题最大的难点,然后就是从堆上打到栈上,从栈上绕过沙箱的流程了 题目情况

selph 发布于 2025-09-02

[HTB] Login Simulator

题目情况 Such an innocent binary, what could possibly go wrong? Arch: amd64-64-little RELRO: Partial RELRO Stack: Canary found

selph 发布于 2025-01-01

[HTB] Hellhound

题目情况 In one of Bonnie's first missions, a helpless dog was injured by the laser guns during the fierce fight and was unable to move and escape the war

selph 发布于 2024-12-31

[HTB] Sabotage

前言 本题目触发了一个知识盲区,setenv函数的细节,会让环境变量指针数组进入堆中,如果存在堆中漏洞,可能可以篡改环境变量 题目情况 Draeger ordered Thanatos, destroyer under the Golden Fang flag, to annihilate our

selph 发布于 2024-12-26

[HTB] Bon-nie-appetit

前言 本题目介绍了一种溢出覆盖chunk size创造重叠块的利用手法 题目情况 After the successful hijacking of the D12 spaceship during the Space Pirate mission, the crew managed to plac

selph 发布于 2024-12-25

[HTB] Spellbook

前言 一次常规的fastbin dup练习 题目情况 In this magic school, there are some spellbound books given to young wizards where they can create and store the spells the

selph 发布于 2024-12-24

[HTB] Trick or Deal

题目情况 Arch: amd64-64-little RELRO: Full RELRO Stack: Canary found NX: NX enabled PIE: PIE enabled

selph 发布于 2024-12-23
上一页 下一页