秋月入梦的小窝

This is a method to bypass the offical patch for CVE-2022-37070Vulnerability introductionH3C GR-1200W was discovered a fatal vulnerabilities that can cause a remote code execution(RCE) via the aspForm parame Official website : https://www.h3c.com/ Download link: H3C MiniGRW1A0V100R008 版本软件及说明书-新华三集团-H3C H3C MiniGRW1A0V100R008 is the latest version on GR-1200W Vulnerability analysisDelL2tpLNSList parameter in the function sub_46F0A8In the binary file /bin/webs , we use IDA to locate th ...

This is a method to bypass the offical patch for CVE-2022-36510Vulnerability introductionH3C GR2200 was discovered a fatal vulnerabilities that can cause a remote code execution(RCE) via the aspForm parame Official website : https://www.h3c.com/ Download link: H3C MiniGR1A0V100R016 版本软件及说明书-新华三集团-H3C H3C MiniGR1A0V100R016 is the latest version on GR2200 Vulnerability analysisDelL2tpLNSList parameter in the function sub_46EAC8In the binary file /bin/webs , we use IDA to locate the func ...

This is a method to bypass the offical patch for CVE-2022-36509Vulnerability introductionH3C GR3200 was discovered a fatal vulnerabilities that can cause a remote code execution(RCE) via the aspForm parame Official website : https://www.h3c.com/ Download link: H3C MiniGR1B0V100R016 版本软件及说明书-新华三集团-H3C H3C MiniGR1B0V100R016 is the latest version on GR3200 Vulnerability analysisDelL2tpLNSList parameter in the function sub_10069280In the binary file /bin/webs , we use IDA to locate the fu ...

Vulnerability introductionH3C GR-1800AX was discovered a fatal vulnerabilities that can cause a remote code execution(RCE) via the aspForm parame Official website : https://www.h3c.com/ Download link: https://www.h3c.com/cn/d_202304/1824907_30005_0.htm H3C MiniGRW1B0V100R007 is the latest version on GR-1800AX Vulnerability analysisDelL2tpLNSList parameter in the function sub_100780E8In the binary file /bin/www , we use IDA to locate the function sub_100780E8 that causes the vulne ...

本来想最后十分钟偷别人的塔没成想最后一分钟被人偷塔了，喜提第二QaQ MISC你是我的眼将程序拖入jadx中，查看main函数将-替换为/base64解密 二维码拼图没什么说的，直接手动在线拼图 SignIn打开他给的网站https://qrcode.antfu.me/点击verify上传附件图片进行验证一直点击 random tries和narrow down，每次会获得不同的flag片段，拼起来得到flag crypto奇怪的条形码把电脑盖子对着眼睛即可得到flag 简单密码将密文分为两个一组，观察到偏后的十六进制数比较大，猜测是要减去i(i为第几个十六进制数) 1647669776d757e83817372816e707479707c888789757c92788d84838b878d9d 123456789101112hex_string = "647669776d757e83817372816e707479707c888789757c92788d84838b878d9d"# 将十六进制字符串转换为整数列表hex_values = [int(hex ...

0x00 写在最前由于glibc在2.29中新增了一系列保护措施使得我们对unsortedbin attack的利用举步维艰，那么我们是否可以找到一种替代的方法使得unsortedbin attack的精神延续下去呢？我们知道，unsortedbin attack是通过修改unsortedbin的bk指针为我们想要写大数的地址-0x10即可向该地址写入一个较大的数值，2.29之后，我们可以通过Tcache Stashing Unlink Attack来达到同样的效果，倘若我们可以控制目标地址的fd的话我们甚至可以直接分配堆块到目标地址。 0x01 源码分析123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657/*If a small request, check regular bin. Since these "smallbins"hold one size each, no searching within ...

Vulnerability introductionTenda AX1803 firmware version v1.0.0.1 has a stack overflow vulnerability because it uses the strcpy function by mistake in the deviceId、time parameter of the saveParentControlInfo function which can cause a Denial of Service (DoS) attck.Firmware download address:https://down.tenda.com.cn/uploadfile/AX1803/AX1803V2.0_V1.0.0.1_cn.zip Vulnerability analysisdeviceId parameter in the function saveParentControlInfoIn the binary file /bin/tdhttpd, we use IDA to loca ...