$

Featured image of post 软件系统安全决赛-student-management
软件系统安全赛

软件系统安全决赛-student-management

memset未归零导致的内容复用可供伪造堆块实现arb read,还原学生结构体后构造合理堆风水通过unsorted bin切分实现overlapping chunk,通过arb write覆写二级指针get shell

最后更新于:
|
|
|
Featured image of post 软件系统安全赛 - mailsystem
软件系统安全赛

软件系统安全赛 - mailsystem

通过结构体逆向后分析出用户槽位越权漏洞覆盖管理员指针,结合管理员函数负索引覆盖IO结构体FSOP orw

最后更新于:
|
|
|
Featured image of post dicectf-pwn/message-store
DiceCTF

dicectf-pwn/message-store

利用usize索引和gadget桥接,绕过rust from_utf8_lossy()检测进行ret2syscall

最后更新于:
|
|
|
Featured image of post FILE101
BlackHat MEA

FILE101

BLACK HAT MEA2025-Qualification

最后更新于:
|
|
|
2025羊城杯

2025羊城杯-stack & malloc

沙箱检测绕过,泄漏PIE进行ogw & openat read sendifles; 构建双向链表,利用魔改的malloc和delete打出malloc_hook后orw

最后更新于:
|
|
|
Featured image of post moectf2025-pwn_re
Moectf2025

moectf2025-pwn_re

ak,想给学弟讲题做的,题目感觉不如去年好玩,但还是很适合新人的

最后更新于:
|
|
|
Featured image of post 剖析ret2dlresolve
study

剖析ret2dlresolve

你说你懂动态链接?讲来听听

最后更新于:
|
|
|