categories

CVE

• Spring4Shell漏洞原理分析(CVE-2022-22965)
• JNDI注入
• JDBC反序列化
• Shiro反序列化
• CVE-2018-1259复现
• JAVA反序列化CC3
• JAVA反序列化CC1
• JAVA反序列化CC6
• CVE-2017-9430复现
• CVE-2022-3602复现
• CVE-2017-11543复现
• CVE-2019-6250复现

Java

• J-Spring
• mybatis学习

fuzz

• AFL-Dyninst 安装及使用
• 使用 AFL++-QEMU 和 libprotobuf 的高级二进制模糊：语法感知和内存中持续模糊的实际案例

pwn-learning

• 符号表恢复
• checksec与二进制程序保护机制（含PIE和ASLR比较）
• 使用指定版本libc执行/调试二进制文件方法
• ELF文件
• PWN工具

pwn-wp

• swampctf2019-syscaller-wp
• Backdoorctf-funsignals-wp
• nightmare 7.2.3.seccon2019-sum-wp
• nightmare 7.2.1.dcquals2019-speedrun-wp
• StarCTF2018-note-wp
• 网鼎杯2018-blind-wp
• HCTF2018-the_end-wp
• X-CTF Quals2016 b0verfl0w-wp
• nightmare 7.1.1.Hacklu2015-stackstuff-wp
• nightmare 4.4.SwampCTF2019-DreamHeaps-wp
• nightmare 3.4.watevrctf2019-betstar-wp
• nightmare 3.1.Backdoorctf2017 bbpwn-wp
• nightmare 2.15.HS2019-storytime-wp
• nightmare 2.13.Csaw 2017 Quasl SVC-wp
• nightmare 2.11.defcon quals2016 feedme-wp
• nightmare 2.9.Boston Key Part 2016 simplecalc-wp
• 深育杯2021-find_flag-wp
• NISACTF2022-uaf-wp
• NISACTF2022-shoppwn-wp
• GDOUCTF2023-小学数学-wp
• BJDCTF2020 girlfriend-wp
• ciscn2023 shellwego writeup

reverse-learning

• IDA远程连接gdb调试

reverse-wp

• GDOUCTF2023-tea-wp
• zer0pts2020-easystrcmp-wp
• NISACTF2022-string-wp
• ciscn2023 flutterror writeup
• ciscn2023 moveAside writeup(2)
• ciscn2023 moveAside writeup(1)

web-learning

• node反序列化RCE(CVE-2017-5941)
• ejs原型链污染RCE
• xxe
• SSTI模板注入
• 无字母RCE
• 无回显RCE
• upload-labs搭建及攻略
• php弱类型绕过

web-wp

• CISCN2023-DeserBug-wp
• 羊城杯2020-aPieceOfJava-wp
• HTB-bizness-wp
• HNCTF2023-BabyJxVx-wp
• HGAME2023-SharedDiary-wp
• HGAME2023-Designer-wp
• HZNUCTF2023-eznode-wp
• HDCTF2023-YamiYami-wp
• GDOUCTF2023-反方向的钟-wp
• GDOUCTF2023-<ez_ze>-wp
• 安洵杯2020 Normal SSTI-wp
• HNCTF2022-easy_include-wp
• 极客大挑战2020-rceme-wp
• UUCTF2022-ezrce-wp
• CTFSHOW 极限命令执行 wp
• HNCTF2022-week2-Canyource-wp
• SWPUCTF2021-hardrce3-wp
• CTFSHOW-shellmeRevenge-wp
• De1ctf2019 SSRF Me wp
• NISACTF2022-middlerce-wp
• NISACTF2022-isSecret-wp
• 羊城杯2023 Serpent-wp
• 天翼杯2021-esay_eval-wp
• HDCTF2023-SearchMaster-wp
• GKCTF2021-easycms-wp
• NSS2022 Round1-basic-check-wp
• CISCN2019-华北Day2-wp
• NISACTF2022-levelup-wp
• ZJCTF2019-NiZhuanSiWei-wp
• SWPUCTF2021-finalrce-wp
• LitCTF2023-Flag点击就送-wp
• LitCTF2023-1zjs-wp
• HCTF2016-兵者多诡-wp
• D3CTF2019-ezupload
• SWPUCTF2022-ezrce-wp
• UUCTF2022-ez_rce-wp
• SWPUCTF2021-PseudoProtocols
• SWPUCTF2022-easyupload3-wp
• NISACTF2022-babyupload-wp
• GXYCTF2019-BabySqli-wp
• NSSCTF2022-babysql-wp
• HUBUCTF2022-ezsql-wp
• 第五空间2021-yet_another_mysql_injection-wp
• SWPUCTF2022-ezsql-wp
• 鹏城杯2022-简单包含-wp
• SWPUCTF2022-ez_ez_php-wp
• SWPUCTF2021-pop-wp
• 赣网杯2021-web1-wp
• SWPUCTF2021-hardrce-wp
• SWPUCTF2021-no_wakeup-wp
• SWPUCTF2021-sql-wp
• SWPUCTF2021-babyrce-wp
• SWPUCTF2021-ezsql-wp
• SWPUCTF2021-jicao-wp
• SWPUCTF2021-easymd5-wp
• NISACTF2022-babyserialize-wp