-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.xml
634 lines (496 loc) · 37.4 KB
/
index.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>F0rmat's Blog</title>
<link>localhost/</link>
<description>Recent content on F0rmat's Blog</description>
<generator>Hugo -- gohugo.io</generator>
<language>zh-cn</language>
<copyright>&copy; Copyright F0rmat</copyright>
<lastBuildDate>Sun, 16 Jan 2022 11:04:34 +0800</lastBuildDate><atom:link href="localhost/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Powershell在渗透测试中的利用</title>
<link>localhost/posts/powershell-attack/</link>
<pubDate>Sun, 16 Jan 2022 11:04:34 +0800</pubDate>
<guid>localhost/posts/powershell-attack/</guid>
<description>简介 在渗透测试过程中,Powershell越来越成为必不可少的利用工具。</description>
</item>
<item>
<title>Apparmor的绕过</title>
<link>localhost/posts/apparmor_bypass/</link>
<pubDate>Fri, 14 Jan 2022 11:35:33 +0800</pubDate>
<guid>localhost/posts/apparmor_bypass/</guid>
<description>0x00 简介 什么是AppArmor?AppArmor是一项安全功能,可以在许多Linux发行版中找到。SLES(SUSE Linux Enterprise Server),openSUSE和Ubuntu是该产品附带的一些发行版。Apparmor是内核增强功能,旨在将程序限制在有限的资源集中。Apparmor与其他安全工具的不同之处在于,它将访问控制属性绑定到程序而不是单个用户。</description>
</item>
<item>
<title>Linux Capabilities 入门教程:进阶实战篇</title>
<link>localhost/posts/linux_capabilities_2/</link>
<pubDate>Thu, 13 Jan 2022 15:35:33 +0800</pubDate>
<guid>localhost/posts/linux_capabilities_2/</guid>
<description>原文链接:Linux Capabilities In Practice</description>
</item>
<item>
<title>Linux Capabilities 入门教程:基础实战篇</title>
<link>localhost/posts/linux_capabilities_1/</link>
<pubDate>Thu, 13 Jan 2022 14:35:33 +0800</pubDate>
<guid>localhost/posts/linux_capabilities_1/</guid>
<description>管理文件的 capabilities 上篇文章介绍了 Linux capabilities 的诞生背景和基本原理,本文将会通过具体的示例来展示如何查看和设置文件的 capabilities。</description>
</item>
<item>
<title>Linux Capabilities 入门教程:概念篇</title>
<link>localhost/posts/linux_capabilities_0/</link>
<pubDate>Wed, 12 Jan 2022 11:04:34 +0800</pubDate>
<guid>localhost/posts/linux_capabilities_0/</guid>
<description>深入理解 Linux Capabilities 的原理 Linux 是一种安全的操作系统,它把所有的系统权限都赋予了一个单一的 root 用户,只给普通用户保留有限的权限。root 用户拥有超级管理员权限,可以安装软件、允许某些服务、管理用户等。</description>
</item>
<item>
<title>Hyde-Hugo主题修改记录(搜索、分页、TOC、归档)</title>
<link>localhost/posts/hugo_theme_record/</link>
<pubDate>Fri, 07 Jan 2022 11:04:34 +0800</pubDate>
<guid>localhost/posts/hugo_theme_record/</guid>
<description>0x00 基础知识 弄了一天的主题,本身好久都没碰前端的东西,有点生疏,弄完之后感觉还不错,本文主要参考官方的函数文档:https://gohugo.</description>
</item>
<item>
<title>如何使用Hugo+Github搭建一个博客</title>
<link>localhost/posts/hugo_github/</link>
<pubDate>Thu, 06 Jan 2022 04:04:34 +0800</pubDate>
<guid>localhost/posts/hugo_github/</guid>
<description>0x00 配置Hugo环境 本文记录是在macOS的环境下安装的全过程,Windows和Linux用户可以去参考官方的详细文档:https://gohugo.</description>
</item>
<item>
<title>Kali Linux 2020.4安装Parallels Tools</title>
<link>localhost/posts/install-parallels-tools-on-kali-linux-2020.4/</link>
<pubDate>Wed, 30 Dec 2020 01:00:00 +0200</pubDate>
<guid>localhost/posts/install-parallels-tools-on-kali-linux-2020.4/</guid>
<description>0x00 前言 最近在vmware fusion里面用kali实在是太卡了,就想着换到pd会不会快一点呢?</description>
</item>
<item>
<title>关于Kali2020安装Parallels Tools后Chrome显示空白</title>
<link>localhost/posts/pd-chrome-3d/</link>
<pubDate>Wed, 30 Dec 2020 01:00:00 +0200</pubDate>
<guid>localhost/posts/pd-chrome-3d/</guid>
<description>0x00 起因 kali安装好了pdtools,突然发现chrome和edge浏览器打开都是空白</description>
</item>
<item>
<title>Hackthebox-Pathfinder</title>
<link>localhost/posts/pathfinder/</link>
<pubDate>Sat, 19 Dec 2020 01:00:00 +0200</pubDate>
<guid>localhost/posts/pathfinder/</guid>
<description>0x00 前言 前面的所有密码:</description>
</item>
<item>
<title>Windows认证与域渗透</title>
<link>localhost/posts/domain-security/</link>
<pubDate>Wed, 16 Dec 2020 01:00:00 +0200</pubDate>
<guid>localhost/posts/domain-security/</guid>
<description>0x00 Windows系统中的工作组、域、域控、活动目录 1、工作组 工作组是局域网中的一个概念,由许多在同一物理地点,而且被相同的局域网连接起来的用户组成的小组,也可以是遍布一个机构的,但却被同一网络连接的用户构成的逻辑小组。工作组是最常见最简单最普通的资源管理模式,就是将不同的电脑按功能分别列入不同的组中,加入工作组是为了区分用户计算机在网络中的类别,如果用户有工作组的话,在管理上会方便很多,可以共享/使用打印机和协和工作,很多小企业都是用这种方法来管理电脑,共享文件。</description>
</item>
<item>
<title>Hackthebox-Shield</title>
<link>localhost/posts/shield/</link>
<pubDate>Mon, 07 Dec 2020 01:00:00 +0200</pubDate>
<guid>localhost/posts/shield/</guid>
<description>0x01 前言 根据hackthebox的惯性,我在这里收集了前面的所有密码:</description>
</item>
<item>
<title>Hackthebox-Archetype</title>
<link>localhost/posts/archetype/</link>
<pubDate>Sun, 06 Dec 2020 15:30:00 +0000</pubDate>
<guid>localhost/posts/archetype/</guid>
<description>0x01 前言 挺久没接触技术,最近准备考OSCP,就先拿Hack The Box里面的题目先练练手。</description>
</item>
<item>
<title>Hackthebox-Oopsie</title>
<link>localhost/posts/oopsie/</link>
<pubDate>Sun, 06 Dec 2020 12:53:00 +0000</pubDate>
<guid>localhost/posts/oopsie/</guid>
<description>0x01 前言 做完Archetype继续来做Oopsie</description>
</item>
<item>
<title>Hackthebox-Vaccine</title>
<link>localhost/posts/vaccine/</link>
<pubDate>Sat, 05 Dec 2020 00:44:00 +0000</pubDate>
<guid>localhost/posts/vaccine/</guid>
<description>0x01前言 hackthebox练习</description>
</item>
<item>
<title>bc站渗透日记</title>
<link>localhost/posts/bc-penetration-diary/</link>
<pubDate>Sat, 13 Jun 2020 00:24:46 +0000</pubDate>
<guid>localhost/posts/bc-penetration-diary/</guid>
<description>0x01前言 不废话了,反正就是遇到这个网站了哈哈哈</description>
</item>
<item>
<title>Maccms8最新命令执行漏洞</title>
<link>localhost/posts/maccms8-latest-command-execution-vulnerability/</link>
<pubDate>Sun, 22 Dec 2019 11:17:18 +0000</pubDate>
<guid>localhost/posts/maccms8-latest-command-execution-vulnerability/</guid>
<description>0x01 前言 太久太久没写文章。。。最近还发布了一些法律,许多网站都关了,我还在考虑是否去开这个博客,因为分享技术还得承担法律责任,不过不会再公布具有攻击性的工具或者exp。</description>
</item>
<item>
<title>Seacms9.92从变量覆盖到getshell</title>
<link>localhost/posts/seacms9.92-from-variable-override-to-getshell/</link>
<pubDate>Tue, 22 Oct 2019 11:17:18 +0000</pubDate>
<guid>localhost/posts/seacms9.92-from-variable-override-to-getshell/</guid>
<description>文章的markdown的版本弄丢了,之前在知乎写的还在</description>
</item>
<item>
<title>Seacms<=9.92前台Getshell</title>
<link>localhost/posts/seacms-front-desk-getshell/</link>
<pubDate>Fri, 27 Sep 2019 01:01:30 +0000</pubDate>
<guid>localhost/posts/seacms-front-desk-getshell/</guid>
<description>0x01 前言 好久没发代码审计的文章了,最近挺多事情的,无意中看到90Sec上面有一篇seacms前台的getshell,突然就很感兴趣,之前审计这套程序的时候也审计了一下,后面太多事情就搁置了。</description>
</item>
<item>
<title>一次艰难的渗透提权过程</title>
<link>localhost/posts/a-difficult-penetration-process/</link>
<pubDate>Mon, 09 Sep 2019 02:11:19 +0000</pubDate>
<guid>localhost/posts/a-difficult-penetration-process/</guid>
<description>0x01 前言 某日朋友丢了一条shell叫我提权,我拿到shell看了一下,菜刀蚁剑都无法执行命令。 Getshell的漏洞分析在:https://getpass.</description>
</item>
<item>
<title>某云分发APP上传漏洞</title>
<link>localhost/posts/an-app-distribution-system-upload-vulnerability/</link>
<pubDate>Fri, 06 Sep 2019 10:47:03 +0000</pubDate>
<guid>localhost/posts/an-app-distribution-system-upload-vulnerability/</guid>
<description>0x01 前言 大概有几个月没写文章了,最近都在忙(咸鱼),在某此渗透行动中发现的一个洞,感觉是开发留的一个后门。</description>
</item>
<item>
<title>浅析PHP反序列化漏洞</title>
<link>localhost/posts/analysis-of-php-deserialization-vulnerabilities/</link>
<pubDate>Wed, 05 Jun 2019 17:00:57 +0000</pubDate>
<guid>localhost/posts/analysis-of-php-deserialization-vulnerabilities/</guid>
<description>0x01 前言 很久没有些文章了,今天复习了反序列化漏洞的知识,顺便写了一篇文章。</description>
</item>
<item>
<title>zzzphp1.61 代码审计-从SQL注入到Getshell</title>
<link>localhost/posts/zzzphp1.61-code-auditing-from-injecting-to-taking-a-shell/</link>
<pubDate>Sun, 10 Mar 2019 17:56:36 +0000</pubDate>
<guid>localhost/posts/zzzphp1.61-code-auditing-from-injecting-to-taking-a-shell/</guid>
<description>0x01 前言 前天看到zzzphp这一个cms,看着有点像zzzcms,去看了也是zzzcms开发的一套程序,于是就去审计一下,这zzzcms我之前也有审计过 https://bbs.</description>
</item>
<item>
<title>Seacms 8.7版本SQL注入分析</title>
<link>localhost/posts/seacms8.7-sql-injection-analysis/</link>
<pubDate>Mon, 04 Mar 2019 15:49:11 +0000</pubDate>
<guid>localhost/posts/seacms8.7-sql-injection-analysis/</guid>
<description>0x01 前言 好像没发文章了,在t00ls看到一篇seacms8.</description>
</item>
<item>
<title>2019年我来了!</title>
<link>localhost/posts/2019/</link>
<pubDate>Sun, 27 Jan 2019 00:24:46 +0000</pubDate>
<guid>localhost/posts/2019/</guid>
<description>回顾 2018过去了,迎来新的一年,回想过去这一年里面。</description>
</item>
<item>
<title>ThinkPHP5 远程代码执行漏洞动态分析</title>
<link>localhost/posts/thinkphp5-remote-code-execution-vulnerability-dynamic-analysis/</link>
<pubDate>Sat, 22 Dec 2018 11:17:18 +0000</pubDate>
<guid>localhost/posts/thinkphp5-remote-code-execution-vulnerability-dynamic-analysis/</guid>
<description>0x01 前言 这个漏洞已经过去了十多天了,最近比较忙,一直没有写分析的文章。今天抽点时间出来写一篇动态分析的文章,远程执行漏洞用动态分析比较方便也看出整个执行的过程和一些变量参数。</description>
</item>
<item>
<title>upload-labs 通关笔记</title>
<link>localhost/posts/upload-labs/</link>
<pubDate>Sat, 24 Nov 2018 15:41:37 +0000</pubDate>
<guid>localhost/posts/upload-labs/</guid>
<description>upload-labs 通关笔记 前言 把上传的所有类型的漏洞都过一遍,然后做一个笔记,方便以后查看,在此也很感谢c0ny1大佬的平台。</description>
</item>
<item>
<title>Finecms 5.0.10 Multiple vulnerability analysis</title>
<link>localhost/posts/finecms-5.0.10-multiple-vulnerabilities/</link>
<pubDate>Wed, 07 Nov 2018 14:30:25 +0000</pubDate>
<guid>localhost/posts/finecms-5.0.10-multiple-vulnerabilities/</guid>
<description>0x01 前言 已经一个月没有写文章了,最近发生了很多事情,之前的每日一洞、每周一洞,到现在的每月一洞了。感觉去审计多了就好比如去刷题,但是我觉得应该做一个系统化的学习.</description>
</item>
<item>
<title>Python Web学习方法</title>
<link>localhost/posts/python-web-guide/</link>
<pubDate>Mon, 01 Oct 2018 08:49:25 +0000</pubDate>
<guid>localhost/posts/python-web-guide/</guid>
<description>0x01 前言 学习Python Web的时候找到的一篇挺好的文章,里面写的也很实在,所有分享出来。</description>
</item>
<item>
<title>yxcms 1.4.7 最新版漏洞分析</title>
<link>localhost/posts/yxcms-1.4.7-latest-version-of-vulnerability-analysis/</link>
<pubDate>Mon, 17 Sep 2018 13:16:06 +0000</pubDate>
<guid>localhost/posts/yxcms-1.4.7-latest-version-of-vulnerability-analysis/</guid>
<description>0x01前言 在先知看到的,大部分都是后台漏洞,部分厂商对于后台的漏洞都不认可,因为厂商觉得能进入后台这些漏洞都不是漏洞。最恐怖的是厂商否认了漏洞存在,然后偷偷的去修复。</description>
</item>
<item>
<title>动态调试|Maccms SQL 注入分析(附注入盲注脚本)</title>
<link>localhost/posts/maccms-sql-injection-analysis/</link>
<pubDate>Sun, 26 Aug 2018 15:49:02 +0000</pubDate>
<guid>localhost/posts/maccms-sql-injection-analysis/</guid>
<description>0x01 前言 已经有一周没发表文章了,一个朋友叫我研究maccms的代码审计,碰到这个注入的漏洞挺有趣的,就在此写一篇分析文。</description>
</item>
<item>
<title>禅知Pro 1.6 前台任意文件读取分析</title>
<link>localhost/posts/zen-knowledge-pro-1.6-front-end-arbitrary-file-reading-analysis/</link>
<pubDate>Sun, 19 Aug 2018 10:00:02 +0000</pubDate>
<guid>localhost/posts/zen-knowledge-pro-1.6-front-end-arbitrary-file-reading-analysis/</guid>
<description>0x01 前言 这两天看到禅知这个CMS有一个前台的任意文件读取漏洞,就在此写一片分析文章。</description>
</item>
<item>
<title>CVE-2018-1000094-CMSMS 2.2.5代码执行漏洞(每周一洞)</title>
<link>localhost/posts/cve-2018-1000094-cmsms-2.2.5-code-execution-vulnerability/</link>
<pubDate>Sat, 11 Aug 2018 09:31:30 +0000</pubDate>
<guid>localhost/posts/cve-2018-1000094-cmsms-2.2.5-code-execution-vulnerability/</guid>
<description>0x01 前言 CMS Made Simple是一个简单易于使用的内容管理系统。它使用PHP,MySQL和Smarty模板引擎开发。</description>
</item>
<item>
<title>phpok4.9后台getshell(每周一洞)</title>
<link>localhost/posts/phpok4.9-background-getshell/</link>
<pubDate>Mon, 06 Aug 2018 08:19:40 +0000</pubDate>
<guid>localhost/posts/phpok4.9-background-getshell/</guid>
<description>0x01 前言 昨天看到phpok可以申请cve就去审计了一下,存在漏洞的地方还是挺多的,时间不多找了个简单的任意文件上传漏洞。</description>
</item>
<item>
<title>phpok 4.9代码审计(每周一洞)</title>
<link>localhost/posts/phpok-4.9-code-audit/</link>
<pubDate>Sun, 05 Aug 2018 14:54:07 +0000</pubDate>
<guid>localhost/posts/phpok-4.9-code-audit/</guid>
<description>0x01 前言 一放暑假就特别多事情,很多事情都耽误了,看吐司文章看到一篇不错的审计文章,就学习下。</description>
</item>
<item>
<title>DedeCMS V5.7后台过滤不当导致Getshell(每周一洞)</title>
<link>localhost/posts/dedecms-v5.7-background-filtering-improperly-leads-to-getshell/</link>
<pubDate>Fri, 27 Jul 2018 14:14:56 +0000</pubDate>
<guid>localhost/posts/dedecms-v5.7-background-filtering-improperly-leads-to-getshell/</guid>
<description>0x01 前言 前两天看到七月火表哥再先知发的一篇审计文章,感觉不错,是dedecms的getshell。就分析了一下,顺便写一篇文章学习。</description>
</item>
<item>
<title>HDWiki v6.0最新版referer注入漏洞(每周一洞)</title>
<link>localhost/posts/hdwiki-v6.0_latest_version_of_referer_injection_vulnerability/</link>
<pubDate>Sun, 22 Jul 2018 17:13:30 +0000</pubDate>
<guid>localhost/posts/hdwiki-v6.0_latest_version_of_referer_injection_vulnerability/</guid>
<description>0x01 前言 经拖稿一个月了,差了四篇文章没补回来, 现在都补上,虽然说这样没有坚持的按时写下去,但是只要记得要做这个事情就行了,不能中途而废。这个漏洞比较鸡肋,搁现在估计都没戏了,但是这个漏洞的思路可以学习下,积累经验。</description>
</item>
<item>
<title>Wordpress 4.9.6 Arbitrary File-Removal Vulnerability</title>
<link>localhost/posts/wordpress-4.9.6-arbitrary-file-removal-vulnerability/</link>
<pubDate>Sun, 01 Jul 2018 10:07:19 +0000</pubDate>
<guid>localhost/posts/wordpress-4.9.6-arbitrary-file-removal-vulnerability/</guid>
<description>0x01 前言 和预期超了几天,毕业了挺多聚会的,在学校的日子总是过得那么快,一转眼就毕业了。好些东西都没去好好珍惜,大学也不要求有多大的成就,就希望每天都能开开心心就最好的。 今天这篇文章的分析早就有人发过了,不过我觉得我还是得写一下,毕竟我要有我自己的风格。还是老样子,先测试漏洞怎么触发,然后再去做分析。</description>
</item>
<item>
<title>WordPress 4.6 Command Execution Vulnerability(CVE-2016-10033) Analysis</title>
<link>localhost/posts/analysis-of-wordpress4.6-command-execution-vulnerability/</link>
<pubDate>Mon, 18 Jun 2018 12:47:35 +0000</pubDate>
<guid>localhost/posts/analysis-of-wordpress4.6-command-execution-vulnerability/</guid>
<description>0x01 前言 因为去参加比赛,已经有一个月没有写文章了,中间玩了段时间,现在把心收回来了,坚持每周一洞的习惯。废话不多说,下面是复现PHPMailer的详细过程,一步一步来理解这个漏洞的原理。</description>
</item>
<item>
<title>H5神兽棋牌游戏渗透之旅</title>
<link>localhost/posts/h5-beast-game-penetration-journey/</link>
<pubDate>Fri, 11 May 2018 22:14:47 +0000</pubDate>
<guid>localhost/posts/h5-beast-game-penetration-journey/</guid>
<description>0x01 前言 本来不想发的,涉及太多利益了,这些棋牌游戏的源码最高能卖到几万。开发起来不比一个商场程序难。 最近又太忙了,没时间去做代码审计的文章了,但一不小心又抢了个运气王。。。</description>
</item>
<item>
<title>CentOS 5.x 安装Python3和yum源配置</title>
<link>localhost/posts/centos-5.x-yum-source-configuration/</link>
<pubDate>Mon, 07 May 2018 16:15:13 +0000</pubDate>
<guid>localhost/posts/centos-5.x-yum-source-configuration/</guid>
<description>0x01 前言 技能大赛的题目里面用的是CentOS的系统,本来觉得没什么,居然要装上Python3的版本,尝试了各种办法去下载python.</description>
</item>
<item>
<title>用Vulnhub来练习漏洞靶场(爸爸再也不用担心我没有靶场练习了)</title>
<link>localhost/posts/use-vulnhub-to-build-a-variety-of-hole-shooting-range-father-no-longer-have-to-worry-about-i-have-no-practice-range/</link>
<pubDate>Thu, 03 May 2018 17:04:29 +0000</pubDate>
<guid>localhost/posts/use-vulnhub-to-build-a-variety-of-hole-shooting-range-father-no-longer-have-to-worry-about-i-have-no-practice-range/</guid>
<description>0x01 前言 Vulnhub它是一个提供各种漏洞环境的平台,里面大部分的环境是要用VMware或者VirtualBox打开运行的。 如果只是练习一些常见的漏洞可以看我另一篇用[Docker来搭建各种漏洞靶场(妈妈再也不用担心我没有靶场练习了)](https://getpass.</description>
</item>
<item>
<title>Thinkphp框架 3.2.x sql注入漏洞分析(每周一洞)</title>
<link>localhost/posts/thinkphp-framework-3.2.x-sql-injection-vulnerability-analysis/</link>
<pubDate>Wed, 18 Apr 2018 15:20:50 +0000</pubDate>
<guid>localhost/posts/thinkphp-framework-3.2.x-sql-injection-vulnerability-analysis/</guid>
<description>0x01 前言 Thinkphp 3.</description>
</item>
<item>
<title>再一次Hello-World,迁移博客到coding.net</title>
<link>localhost/posts/hello-world/</link>
<pubDate>Fri, 13 Apr 2018 09:29:23 +0000</pubDate>
<guid>localhost/posts/hello-world/</guid>
<description>原来一直在用github pages,但是访问速度有点慢,所以决定换到coding.</description>
</item>
<item>
<title>Thinkphp框架 < 5.0.16 sql注入漏洞分析(每日一洞)</title>
<link>localhost/posts/thinkphp-framework-_-5.0.16-sql-injection-vulnerability-analysis/</link>
<pubDate>Wed, 11 Apr 2018 09:34:29 +0000</pubDate>
<guid>localhost/posts/thinkphp-framework-_-5.0.16-sql-injection-vulnerability-analysis/</guid>
<description>0x01 前言 前天在公众号看到石大神发的一篇审计thinkphp的文章,就想写一个分析流程,delay到了今天。昨天在先知也看到了chybeta发的一篇分析文章感觉也不错。分析过程,我也会做thinkphp部分功能的解析。 废话不多说,开始吧!</description>
</item>
<item>
<title>利用phpstorm+xdebug进行断点调试</title>
<link>localhost/posts/breakpoint-debugging-with-phpstorm+xdebug/</link>
<pubDate>Tue, 10 Apr 2018 10:17:16 +0000</pubDate>
<guid>localhost/posts/breakpoint-debugging-with-phpstorm+xdebug/</guid>
<description>0x01 前言 在代码审计中,有些程序用到框架之类的要想去分析一个一个看和输出调试比较麻烦,如今有了xdebug神器,就比较方便了。</description>
</item>
<item>
<title>由kali执行apt-get update 报错-GPG error引起数字签名的问题</title>
<link>localhost/posts/kali-implementation-of-update-source-error-gpg-error-caused-deep-understanding-of-digital-signature/</link>
<pubDate>Mon, 09 Apr 2018 21:00:52 +0000</pubDate>
<guid>localhost/posts/kali-implementation-of-update-source-error-gpg-error-caused-deep-understanding-of-digital-signature/</guid>
<description>0x01 前言 今天想去更新一下Kali,怎么换源都是会报错,换官方源都不行。 然后去百度了一下,参考了大神给出的方案,重新添加kali的数字签名: https://blog.</description>
</item>
<item>
<title>About Me</title>
<link>localhost/about/</link>
<pubDate>Mon, 09 Apr 2018 00:00:00 +0000</pubDate>
<guid>localhost/about/</guid>
<description>Nothing</description>
</item>
<item>
<title>从用CentOS安装Docker靶场到Joomla 3.4.5 反序列化漏洞复现(每日一洞)</title>
<link>localhost/posts/install-docker-from-centos-to-build-loopholes-to-joomla-3.4.5-replay-of-deserialization-loopholes/</link>
<pubDate>Sat, 07 Apr 2018 09:02:12 +0000</pubDate>
<guid>localhost/posts/install-docker-from-centos-to-build-loopholes-to-joomla-3.4.5-replay-of-deserialization-loopholes/</guid>
<description>0x01 前言 最近天气突然变凉,导致我直接病倒在床,今天才缓过来。</description>
</item>
<item>
<title>osCommerce 2.3.4.1 - 远程代码执行漏洞(每日一洞)</title>
<link>localhost/posts/oscommerce-2.3.4.1-remote-code-execution-vulnerability/</link>
<pubDate>Mon, 02 Apr 2018 11:18:58 +0000</pubDate>
<guid>localhost/posts/oscommerce-2.3.4.1-remote-code-execution-vulnerability/</guid>
<description>0x01 前言 好几天没有写了,前两天又去Boom了,差点没缓过来。今天在exploit-db逛看到一个洞,也是install的地方,想去利用上次那个远程数据库技巧来尝试下,发现这个洞根本用不到,不过新手可以学习下哈,也可以收藏下,因为有时候在ctf线下赛的时候官方会拿一些国外的程序给你玩,最近也在写python的漏洞利用工具,欢迎关注我的github。</description>
</item>
<item>
<title>漏洞预警|Windows 7 Meltdown 补丁发现漏洞,允许任意进程读写内核</title>
<link>localhost/posts/vulnerability-alert_windows-7-meltdown-patch-discovery-vulnerability-allows-any-process-to-read-and-write-kernels/</link>
<pubDate>Thu, 29 Mar 2018 10:16:39 +0000</pubDate>
<guid>localhost/posts/vulnerability-alert_windows-7-meltdown-patch-discovery-vulnerability-allows-any-process-to-read-and-write-kernels/</guid>
<description>前言 今晚本来想养生睡个早觉的,睡前浏览了下twitter,看到大佬的高危漏洞,看着有点好笑,微软拿起自己的石头砸自己的脚操作哈哈,这个洞在27号就已经出来了。 今年1月份英特尔确认了在自家CPU中发现两个安全漏洞,而这些漏洞将会使得数十亿设备面临受到攻击的风险“Meltdown”和“Spectre”两个漏洞让不少人感觉恐慌,因为他们发现这些漏洞几乎影响到过去20年制造的每一种计算设备,无论是手机还是个人电脑。他们允许恶意程序窃取在受影响机器上处理的敏感数据。</description>
</item>
<item>
<title>MIPCMS V3.1.0 远程写入配置文件Getshell(每日一洞)</title>
<link>localhost/posts/mipcms-v3.1.0-remotely-writing-the-configuration-file-getshell/</link>
<pubDate>Mon, 26 Mar 2018 01:09:26 +0000</pubDate>
<guid>localhost/posts/mipcms-v3.1.0-remotely-writing-the-configuration-file-getshell/</guid>
<description>0x01 前言 今天翻了下CNVD,看到了一个MIPCMS的远程代码执行漏洞,然后就去官网下载了这个版本的源码研究了下。 看下整体的结构,用的是thinkPHP的架构,看到了install这个文件没有可以绕过install.</description>
</item>
<item>
<title>Wordpress Plugin Site Editor 1.1.1 - 本地文件包含漏洞分析(每日一洞)</title>
<link>localhost/posts/wordpress-plugin-site-editor-1.1.1-local-file-inclusion-analysis/</link>
<pubDate>Sun, 25 Mar 2018 13:45:14 +0000</pubDate>
<guid>localhost/posts/wordpress-plugin-site-editor-1.1.1-local-file-inclusion-analysis/</guid>
<description>0x01 前言 大概有一周没有写文章了,比赛完嗨皮了两天,喝酒喝到半夜回来继续看文章,看到了exploit的关于wordpress一个漏洞信息CVE-2018-7422 ,下面就来分析一下这个本地文件包含的漏洞代码,如果权限够的话是可以读取系统的一些敏感的文件例如:/etc/passwd、/etc/shadow等。</description>
</item>
<item>
<title>Deepin Linux install Metasploit</title>
<link>localhost/posts/deepin-linux-install-metasploit/</link>
<pubDate>Sat, 24 Mar 2018 12:46:22 +0000</pubDate>
<guid>localhost/posts/deepin-linux-install-metasploit/</guid>
<description>前言 最近换了个系统,觉得国内的Deepin Linux还是比较符合日常适合和编程的。之前用ThinkPad装Ubuntu都崩好几次了,比较笔记本性能不太好。</description>
</item>
<item>
<title>用Docker来搭建各种漏洞靶场(妈妈再也不用担心我没有靶场练习了)</title>
<link>localhost/posts/use-docker-to-build-a-variety-of-loopholes-my-mother-no-longer-has-to-worry-about-not-having-practiced-in-the-shooting-range/</link>
<pubDate>Wed, 14 Mar 2018 16:49:17 +0000</pubDate>
<guid>localhost/posts/use-docker-to-build-a-variety-of-loopholes-my-mother-no-longer-has-to-worry-about-not-having-practiced-in-the-shooting-range/</guid>
<description>1. 前言 最近练习也在搭建这个漏洞环境,但是很费时间,然后就想到用Docker搭建比较快,又方便。不多废话,直接开始吧!</description>
</item>
<item>
<title>Flash 0day漏洞(CVE-2018-4878)复现(每日一洞)</title>
<link>localhost/posts/recurrence-of-flash-0day-vulnerability-cve-2018-4878/</link>
<pubDate>Tue, 13 Mar 2018 10:16:27 +0000</pubDate>
<guid>localhost/posts/recurrence-of-flash-0day-vulnerability-cve-2018-4878/</guid>
<description>前言 这几天很忙,已经有两天没有更新文章了,最近CVE-2018-4878挺火的,还有群里的人也问这个怎么复现。今天就献丑复现一下,大表哥别喷,虽然我还没研究到这方面的漏洞分析,我会努力的,相信不久我也能写出二进制漏洞分析的文章。</description>
</item>
<item>
<title>DedeCMS V5.7 SP2后台Getshell 代码执行漏洞(每日一洞)</title>
<link>localhost/posts/dedecms-v5.7-sp2-background-getshell-code-execution-vulnerability/</link>
<pubDate>Sat, 10 Mar 2018 00:11:57 +0000</pubDate>
<guid>localhost/posts/dedecms-v5.7-sp2-background-getshell-code-execution-vulnerability/</guid>
<description>前言 这两天费劲脑力去撩小姐姐,感觉好难啊,还不如审计代码。 环境 Web: phpstudy System: Windows 10 X64 Browser: Firefox Quantum Python version : 2.</description>
</item>
<item>
<title>MetInfo5.3.19安装过程过滤不严导致Getshell(每日一洞)</title>
<link>localhost/posts/metinfo5.3.19-installation-process-is-not-strict-lead-to-getshell/</link>
<pubDate>Tue, 06 Mar 2018 22:41:35 +0000</pubDate>
<guid>localhost/posts/metinfo5.3.19-installation-process-is-not-strict-lead-to-getshell/</guid>
<description>前言 前几天在先知看到的漏洞,就很想写个分析过程了的,因为比赛培训和在审计一个CMS拖到了今天。</description>
</item>
<item>
<title>ZZCMS8.2任意文件删除至getshell(每日一洞)</title>
<link>localhost/posts/zzcms8.2-any-file-deleted-to-getshell/</link>
<pubDate>Tue, 06 Mar 2018 22:41:35 +0000</pubDate>
<guid>localhost/posts/zzcms8.2-any-file-deleted-to-getshell/</guid>
<description>前言 今天就审计一个洞,时间不够用了。明天或者周末看看有空有拿一些难的漏洞来审计复现一下。</description>
</item>
<item>
<title>ZZCMS8.2任意用户密码修改漏洞代码分析(每日一洞)</title>
<link>localhost/posts/zzcms-any-user-password-changes-loopholes-code-points/</link>
<pubDate>Tue, 06 Mar 2018 00:03:07 +0000</pubDate>
<guid>localhost/posts/zzcms-any-user-password-changes-loopholes-code-points/</guid>
<description>前言 这几天感冒很难受,再加上比赛的培训,估计后面会两天一篇。 这个小型CMS前段时间我也挖到了很多洞,这次就找seebug发的一篇来做审计。</description>
</item>
<item>
<title>SeaCMS v6.54和v6.55前台Getshell 代码执行漏洞(每日一洞)</title>
<link>localhost/posts/seacms-v6.54-and-v6.55-front-desk-getshell-code-execution-vulnerability-one-hole-a-day/</link>
<pubDate>Sat, 03 Mar 2018 23:32:41 +0000</pubDate>
<guid>localhost/posts/seacms-v6.54-and-v6.55-front-desk-getshell-code-execution-vulnerability-one-hole-a-day/</guid>
<description>前言 这两个版本修复上次的v6.</description>
</item>
<item>
<title>SeaCMS v6.45前台Getshell 代码执行漏洞(每日一洞)</title>
<link>localhost/posts/seacms-v6.45-front-desk-getshell-code-execution-vulnerability-one-hole-a-day/</link>
<pubDate>Fri, 02 Mar 2018 19:28:36 +0000</pubDate>
<guid>localhost/posts/seacms-v6.45-front-desk-getshell-code-execution-vulnerability-one-hole-a-day/</guid>
<description>前言 昨晚审计到了三点,今天还要整理宿舍就没有写文章。这个CMS没有用框架,漏洞的执行过程我看了很久才看完,下面就写漏洞执行过程和POC构造还有用Python编写批量Getshell脚本。</description>
</item>
<item>
<title>通杀FineCMS5.0.8及版本以下getshell的漏洞(每天一洞)</title>
<link>localhost/posts/kill-the-vulnerabilities-of-getshell-v.-finecms-5.0.8-and-below-1-hole-per-day/</link>
<pubDate>Wed, 28 Feb 2018 22:23:23 +0000</pubDate>
<guid>localhost/posts/kill-the-vulnerabilities-of-getshell-v.-finecms-5.0.8-and-below-1-hole-per-day/</guid>
<description>前言 这几天都挺忙的,刚开学也在做比赛的培训,每天一洞这个事情一定得坚持下去,跟着上次的finecms,在漏洞时代又找了一个漏洞来审计。但是他改了函数里面的传参,我也弄了一阵子才搞明白这个传参原来需要加密过的参数,还有就是这个远程下载再上传,有个小问题,那篇文章没有说明,等下再系统说下。</description>
</item>
<item>
<title>DVWA之Brute Force更新</title>
<link>localhost/posts/dvwa-brute-force-update-/</link>
<pubDate>Wed, 28 Feb 2018 00:18:00 +0000</pubDate>
<guid>localhost/posts/dvwa-brute-force-update-/</guid>
<description>前言 今天又练习了一遍DVWA,发现了一些小问题。</description>
</item>
<item>
<title>FineCMS最新版5.0.8两处getshell(每天一洞)</title>
<link>localhost/posts/the-latest-version-of-finecms-5.0.8-getshell-daily-two-holes/</link>
<pubDate>Tue, 30 Jan 2018 00:06:41 +0000</pubDate>
<guid>localhost/posts/the-latest-version-of-finecms-5.0.8-getshell-daily-two-holes/</guid>
<description>前言 要专心学习代码审计了,看看能不能坚持每天去分析一个漏洞,我会去按照大神们分析的代码去读懂代码逻辑然后再写上自己的理解放在我的博客上面。在文章的末尾我会贴上文章的链接,尊重原作者的版权!</description>
</item>
<item>
<title>IIS6.0远程命令执行漏洞(CVE-2017-7269)</title>
<link>localhost/posts/iis6.0-remote-command-execution-vulnerability-cve-2017-7269/</link>
<pubDate>Tue, 16 Jan 2018 19:10:45 +0000</pubDate>
<guid>localhost/posts/iis6.0-remote-command-execution-vulnerability-cve-2017-7269/</guid>
<description>漏洞信息 漏洞编号:CVE-2017-7269 发现人员:Zhiniang Peng和Chen Wu(华南理工大学信息安全实验室,计算机科学与工程学院) 漏洞简述:开启WebDAV服务的IIS 6.</description>
</item>
<item>
<title>Struts2漏洞POC汇总</title>
<link>localhost/posts/struts2-vulnerability-poc-summary/</link>
<pubDate>Wed, 30 Aug 2017 07:12:56 +0000</pubDate>
<guid>localhost/posts/struts2-vulnerability-poc-summary/</guid>
<description><p>免责申明:文章中的工具以及POC等仅供个人测试研究,请在下载后24小时内删除,不得用于商业或非法用途,否则后果自负,如有使用于黑产者,与本文无关
Struts2框架漏洞不断,鉴于struts2使用之广泛,本文汇总Struts2系列漏洞的Poc,给网络管理员或者站长提供查询便利,以便更好的检测自身网站存在的漏洞,也可以让安全从业者更好的了解此漏洞。</p></description>
</item>
<item>
<title>Struts2 S2-045 Jakarta插件远程代码执行漏洞利用与修补</title>
<link>localhost/posts/struts2-s2-045-jakarta-plug-in-remote-code-execution-vulnerability-exploitation-and-repair/</link>
<pubDate>Tue, 29 Aug 2017 22:53:58 +0000</pubDate>
<guid>localhost/posts/struts2-s2-045-jakarta-plug-in-remote-code-execution-vulnerability-exploitation-and-repair/</guid>
<description><p>近日,安恒信息安全研究院WEBIN实验室高级安全研究员nike.zheng发现著名J2EE框架-Struts2存在远程代码执行的严重漏洞。</p></description>
</item>
<item>
<title>aa Hugo</title>
<link>localhost/archives/</link>
<pubDate>Wed, 09 Apr 2014 00:00:00 +0000</pubDate>
<guid>localhost/archives/</guid>
<description>Hugo is a static site engine written in Go.</description>
</item>
</channel>
</rss>