Giter VIP home page Giter VIP logo

blog.backup's Introduction

  • 👋 Hi, I’m Mark@BUPT @天枢Dubhe
  • 👀 I’m interested in Information Security.
  • 🌱 I’m currently learning Pwnable.
  • 📫 Email:[email protected]

blog.backup's People

Contributors

mark0519 avatar

Stargazers

avatar avatar avatar

Watchers

avatar avatar

blog.backup's Issues

MTCTF2021

https://blog.mark0519.com/post/wp-%E7%BE%8E%E5%9B%A2CTF2021
[WP]美团CTF2021初赛很可惜没进决赛,还是水平太差QwQ babyrop可以控制rbp和ret的简单栈溢出,没开启PIE 一开始输入name输入25字节带出canary,接下来第一反应时往bss段上栈迁移, 但是ayoung大爹注意到返回到程序段上的printf(“%s”...

pwn-rop_about_x86_and_x64

https://blog.mark0519.com/post/pwn-rop-about-x86-and-x64
32位和64位程序rop的不同传参区别32位程序调用函数时用栈传参,而64位调用参数时,当参数少于7个时, 参数从左到右放入寄存器: rdi, rsi, rdx, rcx, r8, r9。当参数为7个(含)以上时, 前 6 个与前面一样, 但后面的依次从 “右向左” 放入栈中,即...

pwn-House_of_Orange

https://blog.mark0519.com/post/pwn-House-of-Orange
House of Orange记得在虎符的线下赛中就遇到一题需要使用一个被free状态的堆块 (unsorted bin),但是构造了好久也没啥好的思路,当时还不知道有种技巧叫 House of Orange,可以在没有free函数的条件下构造出被free状态的堆块。 0x00 ...

exit_hook在pwn题中的应用

https://blog.mark0519.com/post/pwn-exit-hook
[PWN] exit_hook以前只接触过__malloc_hook,__free_hook,大概意思就是在调用malloc和free的时候会先看看里面有没有东西,有的话就会执行。 前几天做题时遇到了只能修改exit()函数的题目,了解到存在一类指针也可以被称之为exit_hoo...

N1CTF-babyFMT

https://blog.mark0519.com/post/wp-N1ctf-babyfmt
[WP]N1CTF2021-babyFMTNU1L战队举办的N1CTF-2021,由于当天同时有西湖论剑也就没咋看这场比赛,也就只看了看pwn1-babyFMT. 而且截至到现在这题的官方WP还没放出来,但当时调了好久也没逆明白,不过好巧不巧找到了super guesser战队的...

MuslPwn浅析

https://blog.mark0519.com/post/pwn-MuslPwn
musl pwn 浅析​ musl libc 是一个专门为嵌入式系统开发的轻量级 libc 库,以简单、轻量和高效率为特色。有不少 Linux 发行版将其设为默认的 libc 库,用来代替体积臃肿的 glibc ,如Alpine Linux、OpenWrt和 Gentoo 等。 ...

pwn-house_of_husk

https://blog.mark0519.com/post/pwn-house-of-husk
[PWN]House of HuskHECTF上的一题,本以为就是简单的fastbin直接打,但是那题限制了chunk的申请次数. 赛后和出题人对线才知道这题主要考察House of Husk. (但是被有些师傅非预期了hhh,通过主动构造double free也会调用一次mal...

pwn-LargeBinAttack

https://blog.mark0519.com/post/pwn-LargeBinAttack
[PWN]Large Bin Attack 平时做题很少遇到,但是一旦遇到就完全不会 ( Large binlarge bin中一共包括63个bin,每个bin中的chunk大小不一致,而是出于一定区间范围内。此外这63个bin被分成了6组,每组bin中的chunk之间的公差一致...

pwn学习-exp

https://blog.mark0519.com/post/pwn-learn-exp
pwn学习-expexp是exploit的简写,编写exp需要用到pwntools 编写一个exp的基本框架:from pwn import * p = process(bin路径) #在本地调试 else: p = remote(‘ip’, port) # 连接其他主机的服务 ...

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.