Hexo
C++逆向学习
Posted on: 2024-04-26 Edited on: 2024-04-27 In: 

1.string分析

以下面的代码作为例子

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
#include <iostream>
#include <string>
#include <stdlib.h>

using namespace std;
int main(int argc, char const *argv[])
{
    string str;
    for (int i = 0; i < 0x200; i++)
    {
        str += 'a';
        std::cout << "size : " << str.size() << "   capacity : " << str.capacity() << std::endl;
    }
    return 0;
}

Read More
linux高性能服务器开发
Posted on: 2024-01-15 Edited on: 2024-03-15 In: 

1.项目需求

使用C语言作为开发语言实现了一个高性能的webserver——shttpd,实现的功能有:

  • select IO多路复用
  • 动态配置
  • CGI支持
  • HTTP1.1支持
  • 静态网页响应
  • 文件下载

Read More

兄弟7180分析
Posted on: 2024-01-09 Edited on: 2024-03-14 In: 

1.固件提取

咸鱼上淘了一块板子,直接吹下flash提取,8pin SPI flash,16MB

2.固件分析

binwalk分析

Read More

刷题记录
Posted on: 2024-01-09 Edited on: 2024-04-06 In: 

0x1.CISCN2022 newest_note 【整数溢出,UAF】

libc是2.34,由于glibc-all-in-one拉下来的libc没有调试符号,所以看堆特别不方便,因此我们需要手动编译glibc2.34的源码,得到调试符号,然后patch。...

Read More
某云盘分析
Posted on: 2024-01-09 Edited on: 2024-03-14 In: 

1.攻击面分析

扫描所有的TCP端口

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
$ nmap -A -p- 192.168.124.14
Starting Nmap 7.93 ( https://nmap.org ) at 2023-08-13 19:53 CST
Nmap scan report for 192.168.124.14
Host is up (0.035s latency).
Not shown: 65522 closed tcp ports (conn-refused)
PORT      STATE SERVICE     VERSION
80/tcp    open  http        nginx 1.16.1
|_http-server-header: nginx/1.16.1
|_http-title: 403 Forbidden
111/tcp   open  rpcbind     2 (RPC #100000)
| rpcinfo: 
|   program version    port/proto  service
|   100000  2            111/tcp   rpcbind
|_  100000  2            111/udp   rpcbind
139/tcp   open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
443/tcp   open  ssl/http    nginx 1.16.1
|_http-server-header: nginx/1.16.1
| tls-nextprotoneg: 
|_  http/1.1
|_ssl-date: TLS randomness does not represent time
| ssl-cert: Subject: organizationName=Internet Widgits Pty Ltd/stateOrProvinceName=Some-State/countryName=AU
| Not valid before: 2021-11-01T08:48:38
|_Not valid after:  2021-12-01T08:48:38
| tls-alpn: 
|_  http/1.1
|_http-title: 403 Forbidden
445/tcp   open  netbios-ssn Samba smbd 4.6.11 (workgroup: WORKGROUP)
1883/tcp  open  mqtt?
| mqtt-subscribe: 
|_  ERROR: 
6900/tcp  open  http        nginx 1.16.1
|_http-title: 502 Bad Gateway
|_http-server-header: nginx/1.16.1
6901/tcp  open  http        nginx 1.16.1
|_http-server-header: nginx/1.16.1
|_http-title: Site doesn't have a title (text/debug).
7000/tcp  open  http        nginx 1.16.1
|_http-title: Site doesn't have a title (text/debug).
|_http-server-header: nginx/1.16.1
16800/tcp open  ssl/http    nginx 1.16.1
| tls-nextprotoneg: 
|_  http/1.1
|_ssl-date: TLS randomness does not represent time
|_http-server-header: nginx/1.16.1
|_http-title: 502 Bad Gateway
| ssl-cert: Subject: organizationName=Internet Widgits Pty Ltd/stateOrProvinceName=Some-State/countryName=AU
| Not valid before: 2021-11-01T08:48:38
|_Not valid after:  2021-12-01T08:48:38
| tls-alpn: 
|_  http/1.1
16900/tcp open  ssl/http    nginx 1.16.1
| tls-nextprotoneg: 
|_  http/1.1
|_ssl-date: TLS randomness does not represent time
| ssl-cert: Subject: organizationName=Internet Widgits Pty Ltd/stateOrProvinceName=Some-State/countryName=AU
| Not valid before: 2021-11-01T08:48:38
|_Not valid after:  2021-12-01T08:48:38
| tls-alpn: 
|_  http/1.1
|_http-server-header: nginx/1.16.1
|_http-title: 502 Bad Gateway
17000/tcp open  ssl/http    nginx 1.16.1
|_http-server-header: nginx/1.16.1
| tls-alpn: 
|_  http/1.1
| tls-nextprotoneg: 
|_  http/1.1
|_http-title: Site doesn't have a title (text/debug).
| ssl-cert: Subject: organizationName=Internet Widgits Pty Ltd/stateOrProvinceName=Some-State/countryName=AU
| Not valid before: 2021-11-01T08:48:38
|_Not valid after:  2021-12-01T08:48:38
|_ssl-date: TLS randomness does not represent time
20223/tcp open  unknown
Service Info: Host: N1CLOUD

Host script results:
| smb2-time: 
|   date: 2016-09-30T16:08:46
|_  start_date: N/A
| smb-security-mode: 
|   account_used: guest
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: disabled (dangerous, but default)
| smb-os-discovery: 
|   OS: Windows 6.1 (Samba 4.6.11)
|   Computer name: n1cloud
|   NetBIOS computer name: N1CLOUD\x00
|   Domain name: \x00
|   FQDN: n1cloud
|_  System time: 2016-10-01T00:08:42+08:00
|_nbstat: NetBIOS name: N1CLOUD, NetBIOS user: <unknown>, NetBIOS MAC: 000000000000 (Xerox)
| smb2-security-mode: 
|   311: 
|_    Message signing enabled but not required
|_clock-skew: mean: -2507d22h26m57s, deviation: 4h37m07s, median: -2507d19h46m58s

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 163.26 seconds

Read More
TS3480折腾记录
Posted on: 2024-01-09 Edited on: 2024-03-14 In: 

端口扫描,TCP端口

1
2
3
4
5
6
PORT     STATE SERVICE    VERSION
80/tcp   open  http
443/tcp  open  ssl/https?
515/tcp  open  printer
631/tcp  open  ssl/ipp
9100/tcp open  jetdirect?
Read More
musl pwn
Posted on: 2023-09-14 Edited on: 2024-01-09 In: 

早就该学musl pwn,之前学了一点又没学了,还是得学的

1.musl 1.1.24

1.1 结构体

老版本的musl,其中涉及到的几个主要的结构体如下

1
2
3
4
struct chunk {
	size_t psize, csize;
	struct chunk *next, *prev;
};
Read More
qiling框架学习
Posted on: 2023-07-07 Edited on: 2023-07-07 In: 

Qiling是一款功能强大的高级代码模拟框架

很早就知道了qiling框架,一直想学但一直都忙于别的事情,这段时间打算开始学习qiling框架,记录一下学习的历程

0x1.运行程序

编写一个简单的hello world程序,交叉编译为mipsel架构的,使用qiling来运行,脚本如下

1
2
3
4
5
6
7
8
9
10
import sys

from qiling.const import QL_VERBOSE
sys.path.append("..")
from qiling import *

if __name__ == "__main__":
    ql=Qiling(["./hello"],"/usr/mipsel-linux-gnu",verbose=QL_VERBOSE.DEFAULT)
    ql.run()
Read More