Aggregator

A vulnerability classified as critical has been found in Rtomayko Rack-cach up to 1.1. This affects the function Rack::Cache. The manipulation leads to Remote Code Execution. This vulnerability is uniquely identified as CVE-2012-2671. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical has been found in Boehm-Demers-Weiser Garbage Collector. This affects the function GC_generic_malloc_ignore_off_page of the file malloc.c of the component malloc. The manipulation leads to numeric error. This vulnerability is uniquely identified as CVE-2012-2673. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in boost pool 1.0.0/2.0.0 and classified as critical. Affected by this vulnerability is the function ordered_malloc of the component malloc. The manipulation leads to numeric error. This vulnerability is known as CVE-2012-2677. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft Internet Explorer up to 6.0 SP1. It has been classified as critical. This affects an unknown part of the component JavaScript. The manipulation of the argument href leads to improper privilege management. This vulnerability is uniquely identified as CVE-2003-0814. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

引言

题目给了小明的机器码：1653643685031597

用户user_id：xiaoming

可以看到题目采用了SIMD指令集

该指令格式在CTF和攻防对抗中经常出现，可以提高执行效率的同时也可以增加逆向的难度。

对于此类指令和题目，我们分析的方法是：遇到查意思，查的多了就跟看正常代码一样，采用动态分析。

机器码修改

将内置的机器码改为题目给的：1653643685031597

修改成功：

得到flag的时候跟machine这个有很大关系。

动态分析

machine_id处理

在这个加密函数中

发现了MD5特征

经过动调拿到函数加密后的结果

与我们的猜测是相符的

可以发现最终md5(机器码)变成

user_id处理

和调试machine加密一样，最终MD5(user_id)变成：

最终处理

经过之前相同的加密

变成这个数字：1228240365737281

然而这还没完，居然进行两次相同加密

再次加密后的结果：0502036271810858

可以发现此题出的很好，利用了密码比较的漏洞，没有将密文给出，而是将生成的密文在中间给出，从而造成了数据泄露。

得到flag

回顾加密流程，可以发现

f(key) = f( f( f(md5(machine)) + f(md5(user_id)) ) )

那么题目给了得到flag的machine和user_id，可以得出

Key =f( f(md5(machine)) + f(md5(user_id)) )

所以最终flag：

flag{1228240365737281}

引言题目给了小明的机器码：1653643685031597用户user_id：xiaoming可以看到题目采用了SIMD指令集该指令格式在CTF和攻防对抗中经常出现，可以提高执

While most of us are preparing the switch to a new year (If it’s already the case for you: Happy Ne

A vulnerability was found in Nagios Nagios XI up to 2012r1.3 and classified as critical. Affected by this issue is some unknown functionality of the component NagiosQL. The manipulation of the argument tfPassword leads to sql injection. This vulnerability is handled as CVE-2013-6875. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

2024年最后一套英语阅读理解，要试试吗？

2024年最后一套英语阅读理解，要试试吗？

2024年最后一套英语阅读理解，要试试吗？

2024年最后一套英语阅读理解，要试试吗？

2024年最后一套英语阅读理解，要试试吗？

2024年最后一套英语阅读理解，要试试吗？

篇首语：2024年底，最忙碌的第二届BUGPWN国际反窃听检测赛事已顺利结束，似乎转眼间，眼睛睁开就是2025~在2024的最后一天，这个广大的初高中大学生即将期末考试的时间，不妨杨叔也出几篇阅读理解

2024年马上要和我们说再见了！回首这一年，我们心里有太多感慨和感谢。

2024年马上要和我们说再见了！回首这一年，我们心里有太多感慨和感谢。

2024年马上要和我们说再见了！回首这一年，我们心里有太多感慨和感谢。

2024年马上要和我们说再见了！回首这一年，我们心里有太多感慨和感谢。