向日葵RCE漏洞复现分析
复现基本参考:space老哥的《向日葵远程命令执行漏洞分析》 复现环境漏洞范围:小于或等于11.x复现的版本:11.0.0.33162 复现过程这里跟踪了check接口、路由接口、认证接口这三个首先脱壳,向日葵加了UPX,upx -d脱掉即可 向日葵对应的端口,找到S ...
syscall学习
好久没写博客了,工作和在学校的自由完全比不了。怀念初中的她怀念大学无拘无束的生活….如今大家都各自毕业,今生能否相见仍成问题 syscall和正常调用的区别正常使用WIN API:ntdll->kernelBase.dll->kerlnel32.dllSYSCALL:内核函数直接调用 (不会 ...
CVE-2022-30190 样本分析与漏洞复现
前言近期新爆出的漏洞office的day,利用msdt+远程加载CVE:CVE-2022-30190样本地址:https://app.any.run/tasks/713f05d2-fe78-4b9d-a744-f7c133e3fafb/# 简单分析无VBA,远程加载 doc改名zip解压,搜索远程加载的地址定位到word_relsdocument.xml. ...
python bypss 第二弹
前言没什么技术含量,响应群友要求水一篇 shellcode处理生成python的payload 取出shellcode去掉”x”就是这个样子 base64编码一下,当然还可以继续加密,异或或者aes等等,自写加密也行 保存为一个,或者多个txt文件,或者图片隐写,都可以,这里只提供一 ...
iscsicpl.exe ByPassUac复现
前言上午在推特逛街,看到了个这个bypassuac。复现了一下,写个笔记 正文lnk:https://www.ddosi.org/iscsicpl-bypassuac/poc:https://github.com/hackerhouse-opensource/iscsicpl_bypassUAC/archive/refs/heads/main.zip c:Windowssyswow64iscsic ...
CVE-2025-20002: Addressing Error Message Vulnerabilities in GMOD Apollo
Overview of CVE-2025-20002In early 2025, a security vulnerability identified as CVE-2025-20002 was disclosed, affecting GMOD Apollo versions lower than 2.8.0. This vulnerability, assigned to ICS-CERT, allows local path informatio ...
htb打靶-apt
简介Hackthebox名为APT靶机的域渗透,即动态目录渗透,Insane级别即疯狂难度级别 信息收集连接上vpn后的攻击机ip ping一下测试靶机是否通 nmap端口信息收集同时进行tcp和udp的全端口扫描 1234nmap --min-rate 10000 -p- 10.129.96.60nmap --min- ...
Addressing CVE-2025-1964: SQL Injection Vulnerability in Projectworlds Online Hotel Booking
CVE-2025-1964 presents a critical security vulnerability affecting Projectworlds Online Hotel Booking version 1.0. Identified as an SQL Injection via the /booknow.php?roomname=Duplex endpoint, this vulnerability allows unauthoriz ...
Understanding and Mitigating CVE-2025-1965: SQL Injection in Projectworlds Online Hotel Booking
Overview of CVE-2025-1965CVE-2025-1965 is a critical security vulnerability found in the projectworlds Online Hotel Booking application version 1.0. This vulnerability resides in the /admin/login.php file and stems from improper ...
Comprehensive Analysis and Mitigation of CVE-2025-1966 SQL Injection Vulnerability
IntroductionIn March 2025, a significant vulnerability identified as CVE-2025-1966 was discovered in PHPGurukul Pre-School Enrollment System version 1.0. This vulnerability arises from a SQL Injection flaw, exposing critical soft ...