HackTheBox-Starting Point–Tier 2—Vaccine

Article directory 1 Vaccine testing process 1.1 Management 1.1.1 FTP anonymous login 1.1.2 SQL injection 1.2 Privilege Elevation 2 Topics One Vaccine testing process 1.1 Management 1. Port scan nmap -sV -sC 10.129.191.63 1.1.1 FTP anonymous login 2.FTP allows anonymous login and found backup.zip ftp 10.129.191.63 Unzip backup.zip, but a password is required: 3. Use […]

212 – Use of Hospital Facilities (UVA)

The question link is as follows: Online Judge Simulation questions. I always feel that there is not much point in doing this kind of questions, because I am digging into various format details, which is very annoying. Because there was a place where there should be two spaces, I typed three spaces, presentation error, and […]

Android system properties (SystemProperties)

1. System properties System properties are key-value pairs with special meanings in the system. We sometimes need to use system properties during the development process, such as getting the system software version, getting the device name, etc. Sometimes we also need to set custom properties. System properties are global and easy to access. 2. Get […]

A tool to dig out xss vulnerabilities

xsshelp I just wrote a tool to help mine XSS vulnerabilities when I have nothing to do (mainly because I am lazy and want to save trouble, I simply used a tool to implement a relatively easy-to-use idea for digging XSS every time) xsshelp version: 1.0.0“Usage: [-ut] [-u url] [-t thread] [-h help]“Options:` `-h this […]

How SRC gangsters exploit vulnerabilities

How SRC gangsters exploit vulnerabilities Preliminary information collection As the old saying goes, the essence of penetration testing is information collection. For weak players without 0day, mining SRC feels more like sorting out the company’s assets. We often need to spend a long time to collect information, collect and Information related to this company, includingthe […]

Android–Gradle plug-in gradle-wrapper.properties

1. Android Studio version, Android Gradle plug-in version, Gradle version Android Studio uses Gradle to build code through the Android Gradle plug-in; After each upgrade of Android Studio, the Android Gradle plug-in is automatically updated, and the corresponding Gradle version will also change; Therefore, the following correspondence will be generated: (1) Correspondence between Android Studio […]

Attack and utilization techniques of overflow vulnerabilities in exception handling – Part 1

This article focuses on the exception handling corresponding to C++ under Linux, that is, the study of attack methods for the unwind exception handling process based on eh_frame. Since there are certain differences in the exception handling process and underlying implementation in different operating systems and languages, specific issues need to be dealt with on […]

Principles and practical combat of CSRF vulnerabilities in network security, as well as CSRF vulnerability protection methods

1. Introduction Generally speaking, CSRF is a deceptive behavior and a malicious use of a website. Although it sounds like cross-site scripting (XSS), it is very different from XSS, and the attack method is almost the same. XSS exploits trusted users within a site, while CSRF exploits trusted websites by disguising requests from trusted users. […]

Flutter switches cities

Without further ado, let’s look at the pictures Click on the province to switch to the corresponding province, click on the city, select the city, and multiple selections can be made at the county level. Not much to say, let’s look at the code import ‘package:flutter/material.dart’; class AreaModel { final String id; final String name; […]

Solving errors in web projects, java.io.FileNotFoundException: druid.properties (the system cannot find the specified file); [spring factory decoupling development]

When using Tomcat9.0, spring5.0 framework original factory class decoupling, druid-1.0.9jar version, JDK9, MSQL8 version database to simulate web page login case, an error message that the druid.properties file cannot be found appears, the details are as follows [Case code posted at the end]; Normally speaking, the configuration file is placed under the src directory, and […]