-
Java反序列化 Commons-Collections01-cc1链
https://drun1baby.top/2022/06/06/Java%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96Commons-Collections%E7%AF%8701-CC1%E9%93%BE/ https://github.com/Drun1baby/JavaSecurityLearning?tab=readme-ov-file 前置cc1对于 jd... -
Java_Sec 类的动态加载
https://drun1baby.top/2022/06/03/Java%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%9F%BA%E7%A1%80%E7%AF%87-05-%E7%B1%BB%E7%9A%84%E5%8A%A8%E6%80%81%E5%8A%A0%E8%BD%BD/ 类加载器及双亲委派什么是类加载器类加载器, Java ClassLoade... -
Java_Sec 基础
https://drun1baby.tophttps://www.bilibili.com/video/BV16h411z7o9?spm_id_from=333.788.player.switch&vd_source=d51dbb41ef00391c5c021ee533eafd8e&p=2https://github.com/Drun1baby/JavaSecurityLea... -
Java_SSM Learn
SpringSpring 是一个框架 Spring 注解开发 SpringConfig.java 【代替原先 XML】 1234@Configuration @ComponentScan("com.xekoner") public class SpringConfig { } @Configuration 注解用于设定当前类为配置类@Compon... -
Java_Web Learn
MySQL 相关 创建一个表 1234567891011121314mysql> create table tb_user( -> id int, -> username varchar(20), -> password varchar(32) -> ); mysql> desc tb_user;+----------+--... -
CTFShow_pwnX_wp
pwn37ret2text 32bit 123456789101112131415from pwn import *context(log_level='debug',arch='i386', os='linux')pwnfile= './pwn'# io = process(pwnfile)io = rem... -
CTFshow_pwn142_堆块重叠_wp
pwn142堆块重叠off-by-one 漏洞伪造 chunk header size 大小, free后再次malloc相同内存地址的chunk, UAF漏洞导致可以任意执行chunk content中的指令;输出free@got address , 计算base_addr 以及 system_addr , edit_heap函数体功能修改指针指向的内存地址数据(free@got) 为 s... -
ez_pz_hackover_2016_wp
buuctf pwn 板块下的 ez_pz_hackover_2016 12345678910❯ checksec ./ez_pz_hackover_2016[*] '/mnt/hgfs/0x9C_CTF_And_Study_Note/Pwn_Study/pwn_exercise/BUUCTF/ez_pz_hackover_2016' Arch: i38... -
ciscn_2019_s_3_ret2csu/SROP
1234567[*] '/mnt/hgfs/0x9C_CTF_And_Studay_Note/Pwn_Study/pwn_exercise/BUUCTF/ciscn_s_3' Arch: amd64-64-little RELRO: Partial RELRO Stack: No canary found NX: ... -
buuctf_pwn_picoctf-2018-rop-chain_writeup
i386 小端序程序, IDA32打开 main 12345678910int __cdecl main(int argc, const char **argv, const char **envp){ int v4; // [esp+Ch] [ebp-Ch] setvbuf(_bss_start, 0, 2, 0); v4 = getegid(); setresgid...
