• Learn Corelan Exploit Writing Part 1

    0x00 环境搭建

    茅盾说:我从来不梦想,我只是在努力认识现实。所以经典的Corelan Team漏洞利用教程还是要先过一遍的。Part 1只是以一个现实漏洞为例,介绍了栈溢出的原理和基本的利用过程。学习别人的东西我也就不用英文装模作样了,还能提高一下效率/笑哭。

    Read on →

  • Reviewing Netgear WNR2200 Heap Overflow

    0x00 Preface

    Although the security protection on routers is relatively poor, it is also necessary to learn some attack surfaces and how to exploit them on different platforms. Porting exploits to a Netgear WNR2200 is an example of using the exp in MSF to compromise easily the router with old version samba. While the cross platform exploitation has been completed, it can be known that the function pointer of the structure is covered due to a heap overflow, with the executable permissions and brute force on the heap, the shellcode in different architectures is carried out. There is a Netgear WNR2200 on in my hand, and the firmware version is the same as the one in the text. Therefore, it is a good chance to analyze the exploitation of CVE-2007-2446 on the router.

    Read on →

  • Basic ROP Write Up

    0x00 Abstract

    When I learn about basic rop technology, doing some exercises is necessary. The website not only summarizes the pwn experience but also provides corresponding ctf subjects. To perfect, I practice.

    Read on →

  • ROP Emporium Write Up

    0x00 Abstract

    It has been a long time since I stopped doing pwn exercises. I solved some basic challenges of ROP Emporium this time, which is a good place to practice your ability constructing write4, xor or pivot ROP chain. I believe that you should know the usage of ROPgadget before reading this write up.

    Read on →

  • CVE-2018-11013 D-Link DIR-816 OOB BoF

    0x00 Abstract

    Well, it is time to practice my poor English by writing internationalized post, not in the future. I would appreciate it if you could point me out the inappropriate usage of English. Return to the rop, CVE-2018-11013 is a stack based BoF in D-Link DIR-816 router, the author has exploited it in an interesting way, which is so abstract that I explored as fllows.

    Read on →