python bypss 第二弹
前言没什么技术含量,响应群友要求水一篇 shellcode处理生成python的payload 取出shellcode去掉”x”就是这个样子 base64编码一下,当然还可以继续加密,异或或者aes等等,自写加密也行 保存为一个,或者多个txt文件,或者图片隐写,都可以,这里只提供一 ...
iscsicpl.exe ByPassUac复现
前言上午在推特逛街,看到了个这个bypassuac。复现了一下,写个笔记 正文lnk:https://www.ddosi.org/iscsicpl-bypassuac/poc:https://github.com/hackerhouse-opensource/iscsicpl_bypassUAC/archive/refs/heads/main.zip c:Windowssyswow64iscsic ...
CVE-2025-20002: Addressing Error Message Vulnerabilities in GMOD Apollo
Overview of CVE-2025-20002In early 2025, a security vulnerability identified as CVE-2025-20002 was disclosed, affecting GMOD Apollo versions lower than 2.8.0. This vulnerability, assigned to ICS-CERT, allows local path informatio ...
htb打靶-apt
简介Hackthebox名为APT靶机的域渗透,即动态目录渗透,Insane级别即疯狂难度级别 信息收集连接上vpn后的攻击机ip ping一下测试靶机是否通 nmap端口信息收集同时进行tcp和udp的全端口扫描 1234nmap --min-rate 10000 -p- 10.129.96.60nmap --min- ...
Addressing CVE-2025-1964: SQL Injection Vulnerability in Projectworlds Online Hotel Booking
CVE-2025-1964 presents a critical security vulnerability affecting Projectworlds Online Hotel Booking version 1.0. Identified as an SQL Injection via the /booknow.php?roomname=Duplex endpoint, this vulnerability allows unauthoriz ...
Understanding and Mitigating CVE-2025-1965: SQL Injection in Projectworlds Online Hotel Booking
Overview of CVE-2025-1965CVE-2025-1965 is a critical security vulnerability found in the projectworlds Online Hotel Booking application version 1.0. This vulnerability resides in the /admin/login.php file and stems from improper ...
Comprehensive Analysis and Mitigation of CVE-2025-1966 SQL Injection Vulnerability
IntroductionIn March 2025, a significant vulnerability identified as CVE-2025-1966 was discovered in PHPGurukul Pre-School Enrollment System version 1.0. This vulnerability arises from a SQL Injection flaw, exposing critical soft ...
clash文件覆写导致RCE
环境准备影响版本: 通过利用powershell自定义.profile来执行命令。当用户打开powershell将触发(还需要powershell运行脚本执行才能成功) 1、%windir%system32WindowsPowerShellv1.0profile.ps1 它作用于所有用户、所有的Shell。 2、%windi ...
Understanding CVE-2025-1967: Mitigating Cross Site Scripting in Blood Bank Management System
Introduction to CVE-2025-1967The code-projects Blood Bank Management System version 1.0 has been found to contain a significant security vulnerability, identified as CVE-2025-1967. The vulnerability lies within the donor.php file ...
python 端口在线扫描
引言 在渗透过程中,经常会遇到 nmap 扫描不出端口的情况,web 端口确定开放,且用网上的在线端口扫描是可以扫描到的,但是 nmap 就是无法扫出来,因此花了些时间写了 2 个基于 python 端口扫描工具。 基于在线网站调用扫描工具 截图 代码 # -*- ...