CTFWiki-格式化字符串漏洞利用学习记录
泄露内存 泄露栈内存 Example: #include <stdio.h> int main() { char s[100]; int a = 1, b = 0x22222222, c = -1; scanf("%s", s); printf("%08x.%08x.%08x.%s\n", a, b, c, s);
Ubuntu22.04下安装Binwalk
先clone项目: git clone https://github.com/ReFirmLabs/binwalk.git 安装Rust编译环境: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh source "$HOME/.cargo/env" 在binwalk目录下: carg
攻防世界-repeater Writeup
拿到这道题的第一时间不是然后cyclic去爆偏移量,先甩ida里面分析一下: 其实还应该先看一下保护情况; # zhailin @ DESKTOP-4OQQP8F in ~/CTF-Pwn/adworld/repeater [19:26:32] $ checksec repeater [*] '/home/zhailin/CTF-Pwn/adworld/repeater/repeater
Large Language Models for Code:Security Hardening and Adversarial Testing论文学习笔记
Title: Large Language Models for Code:Security Hardening and Adversarial Testing Author: Jingxuan He, Martin Vechev (ETH Zurich) Conference: ACM CCS 2023 PDF: https://arxiv.org/pdf/2302.05319 一、研究背
jarvisoj-level0 Writeup
checksec: # zhailin @ DESKTOP-4OQQP8F in ~/Pwns/ROP/jarvisoj_level0 [12:17:21] C:2 $ checksec level0 [*] '/home/zhailin/Pwns/ROP/jarvisoj_level0/level0' Arch: amd64-64-little R
warmup_csaw_2016
checksec: # zhailin @ DESKTOP-4OQQP8F in ~/Pwns/ROP/warmup_csaw_2016 [12:08:42] $ checksec warmup_csaw_2016 [*] '/home/zhailin/Pwns/ROP/warmup_csaw_2016/warmup_csaw_2016' Arch: amd
bjdctf-2022-babystack-babystack-2 Writeups
Babystack checksec: # zhailin @ DESKTOP-4OQQP8F in ~/Pwns/ROP/bjdctf_2020_babystack [21:38:28] $ checksec bjdctf_2020_babystack [*] '/home/zhailin/Pwns/ROP/bjdctf_2020_babystack/bjdctf_2020_bab
HNCTF 2022 week2-ret2csu Writeup
检查文件保护 开了NX保护 分析 main函数 int __fastcall main(int argc, const char **argv, const char **envp) { setbuf(stdin, 0LL); setbuf(stderr, 0LL); setbuf(_bss_start, 0LL); write(1, "Start You
Hexo下Buffterfly主题图片加载问题解决方法
使用https://feifeining.github.io/2024/09/14/test/index.html提到的方法,更正一点图片引用格式类似于: 
Ubuntu 22.04下 ROP环境适配指南
基础环境 系统:Ubuntu 22.04 对于CTF-Wiki上部分题目由于原题环境较老在新系统上存在无法复现的问题,首先确保系统支持32位程序并安装必要工具: sudo dpkg --add-architecture i386 sudo apt update sudo apt install gcc-multilib g++-multilib 对于安全机制差异,如ASLR(地址空间布局随机化)