banner
lca

lca

真正的不自由,是在自己的心中设下牢笼。
HomeArchives图文

渗透测试

cover
cover
cover
cover
cover
cover
cover

mac arm版安卓app抓包环境设置

mumu 模拟器下载后,先进行如下设置 mumu 模拟器版本 1.4.11 开启可写系统盘 开启 root 权限 安装 adb Copy brew install android-platform-tools 查看 adb 的连接端口 列出模拟器设备 Copy adb…
渗透测试
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover

验证码模块常见的一些漏洞

验证码主要用在登陆表单中进行登陆验证,防止表单被暴力破解。如果验证码模块设置不当,如客户端验证、服务端验证码不过期等,验证码就形同虚设。
渗透测试
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover

春秋云镜靶场--Certify记录

Certify是一套难度为中等的靶场环境,完成该挑战可以帮助玩家了解内网渗透中的代理转发、内网扫描、信息收集、特权提升以及横向移动技术方法,加强对域环境核心认证机制的理解,以及掌握域环境渗透中一些有趣的技术要点。该靶场共有4个flag,分布于不同的靶机。
渗透测试
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover

game of active directory(GOAD) part 1 侦查和扫描

前言 最近家里的电脑有时间打开了,就开始做下 GOAD 靶场实验,GOAD 靶场的 writeup 先根据作者的流程走,后期学完可以做些自我理解及补充。 环境搭建参考之前的博客:https://lca.xlog.app/game-of-active-directoryGOAD…
渗透测试
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover

渗透测试从js文件中如何获取敏感信息

对网站的javascript文件进行分析,查找js文件中是否存在敏感信息,有的开发者会将接口、url、参数、accesskey等信息放在js文件中,所以就可以分析js文件查找这些内容。
渗透测试
cover

网络安全名词介绍

刚好要整理一个网络安全名词介绍的课程,参考网络安全中的常用名词,内容基于 gpt 生成。 POC (Proof of Concept) 中文(概念验证),是指验证某个安全漏洞、攻击方式或者技术的可行性的代码或者操作方法。POC 通常用于证明攻击可以成功…
渗透测试
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover

game of active directory(GOAD)域环境搭建

Game Of Active directory的第二个版本,项目地址:https://github.com/Orange-Cyberdefense/GOAD 域靶场环境通过 vagrang 安装 5 个 windows 实例(三个 DC,两个普通域内主机),拓朴图如下: 官…
渗透测试
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover

Flask SSTI靶场记录

https://www.ctfer.vip/problem/13 源码:https://github.com/X3NNY/sstilabs flask SSTI SSTI(Server-Side Template Injection)是一种 web 应用程序漏洞…
渗透测试
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover

SSRF(服务器跨站请求伪造)基础知识

很多 Web 应用都提供了从其他服务器上获取数据的功能,这种功能通常被称为 “外部资源加载”。通过使用用户指定的 URL,Web 应用可以执行各种操作,如获取图片、下载文件、读取文件内容等。然而,如果这个功能被恶意使用,攻击者可以利用存在缺陷的 Web 应用作为代理…
渗透测试
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover

文件包含漏洞从入门到...

文件包含漏洞是指在使用php函数引入文件时没有对传入的文件名进行适当校验,导致了攻击者可以构造恶意参数,可以操作和读取不应被访问的文件,甚至将恶意代码注入到服务器中。
渗透测试
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover

cisp-pte xss考题

Xss 内容主要的考点是在获取管理员的 cookie,然后伪造管理员的 cookie 进行登录。 界面如下 点击上图中的 Test 可进行留言 准备获取 cookie 的 xss payload Copy <script> document.write('<img src…
渗透测试
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover

cisp-pte的一个文件上传题目

来一题 cisp-pte 中的文件上传题目,需要爆破猜解上传文件的路径 打开题目,如下界面 给出了文件上传部分的代码 Copy $filename = $files["name"]; $randnum = rand(1, 99999); $fullpath = '/' . md5…
渗透测试
cover
cover
cover
cover
cover
cover

记一次xxl job拿服务器权限(有手就行序列)

漏洞利用流程简单明了,弱口令 - 后台执行命令,属于有手就行序列。 xxl-jog 弱口令:admin/123456 登录后界面如下 找到任务管理,执行器选择外部接口执行器才能反弹 shell 选中创建的任务,选择操作 - GLUE IDE 打开编辑器窗口,写入命令,保存…
渗透测试
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover

记一次某某公司面试实战题

题目考点包括敏感信息收集、sql注入、cookie处文件包含漏洞
渗透测试
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover

常见的一些解析漏洞

当我们访问 web 服务器时,如:www.example.com/index.php 文件时,向 web 服务器发出请求,访问 php 文件,php 的解析器将 php 文件解析成静态文件,返回给浏览器供用户浏览。 服务器解析漏洞就发生在浏览器向服务器上传文件时…
网络安全
cover
cover
cover
cover

常规测试中url参数测试

常见参数 发现一个这样的项目top25-parameter,统计了常规漏洞的一些利用参数,然后扩展了一下: 最常用的 25 个 xss 参数: Copy Top 25 Cross-Site Scripting (XSS) Parameters for @trbughunters…
渗透测试
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover
cover

内网渗透基础

内网 内网指的是内部局域网,常说的 LAN(local area network)。常见家庭 wifi 网络和小型的企业网络,通常内部计算机直接访问路由器设备,路由器设备接入移动电信的光纤实现上网。 内部局域网可以通过交换机 / 防火墙组成多个网络(局域…
渗透测试
cover
cover
cover
cover
cover

spring4shell环境搭建及漏洞(CVE-2022-22965)复现

spring4shell 环境搭建 docker 搭建,原项目如下:https://github.com/jbaines-r7/spring4shell_vulnapp docker 目录结构如下: src 目录下是编译后的 app 原项目无法构建成功,少了…
漏洞复现
Ownership of this blog data is guaranteed by blockchain and smart contracts to the creator alone.