Aggregator

利用子域的System权限通往父域

不安全
8 months 2 weeks ago
前言最近翻阅笔记发现一篇文章提到通过子域的System权限可以突破获取到父域权限,本文将对此技术进行尝试复现研究。利用分析环境信息:子域:187、sub.cs.org父域:197

CVE-2003-0813 | Microsoft Windows 2000/XP RPCSS race condition (MS04-012 / VU#547820)

Vuldb Updates
8 months 2 weeks ago
A vulnerability was found in Microsoft Windows 2000/XP. It has been declared as very critical. Affected by this vulnerability is an unknown functionality of the component RPCSS. The manipulation leads to race condition. This vulnerability is known as CVE-2003-0813. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.
vuldb.com

CVE-2003-0807 | Microsoft Windows NT 4.0/2000/XP/Server 2003 RPC over HTTP Reply denial of service (MS04-012 / VU#698564)

Vuldb Updates
8 months 2 weeks ago
A vulnerability, which was classified as critical, was found in Microsoft Windows NT 4.0/2000/XP/Server 2003. This affects an unknown part of the component RPC over HTTP Reply Handler. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2003-0807. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2003-0806 | Microsoft Windows NT 4.0/2000/XP WinLogon Domain Object memory corruption (MS04-011 / VU#471260)

Vuldb Updates
8 months 2 weeks ago
A vulnerability was found in Microsoft Windows NT 4.0/2000/XP. It has been rated as critical. Affected by this issue is some unknown functionality of the component WinLogon Domain Object Handler. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2003-0806. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2003-0719 | Microsoft Windows ME/XP/NT 4.0/2000/Server 2003 memory corruption (VU#586540 / EDB-275)

Vuldb Updates
8 months 2 weeks ago
A vulnerability, which was classified as critical, was found in Microsoft Windows ME/XP/NT 4.0/2000/Server 2003. This affects an unknown part. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2003-0719. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2003-0715 | Microsoft Windows NT 4.0/2000/XP/Server 2003 RPCSS memory corruption (MS03-039 / VU#483492)

Vuldb Updates
8 months 2 weeks ago
A vulnerability was found in Microsoft Windows NT 4.0/2000/XP/Server 2003. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component RPCSS. The manipulation leads to memory corruption. This vulnerability is known as CVE-2003-0715. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

【实战】文件加密器进行逆向

安全脉搏
8 months 2 weeks ago

前言

实战可以大大提高自己,学习技术的目的就是能够在实战中运用。

本次实战与实际息息相关,该软件具有加密某文件的功能。

界面还挺好看的,功能很简单,输入文件和PIN(4位)进加解密。

这是被加密的文件

需要将其进行解密,拿到flag

思路

因为PIN是4位,因此可以写一个python脚本,对其进行爆破。

关键在于得出加密的算法,此时就需要我们进行逆向分析了

分析

先尝试进行加密

根据关键词:encrypted 进行定位

发现是我们需要的信息

跟踪进去,发现了花指令

去花指令

发现堆栈不平衡,将所有代码选中,然后C键,重新分析

发现了单指令花指令,无非nop掉即可

从头选到下一个函数开始的位置

按下C键

analyze即可

还是rust编译的

此时就可以分析函数了。处理其他函数也是相同的道理



初步分析

使用Fincrypto发现了salsa20加密

salsa20:32位字符构成的key,二是随机生成的8位nonce。算法使用key和nonce生成一个2^70长度的序列,并与明文进行异或加密

sub_140073A70

发现main_func就是获取我们的输入的文件内容

sub_140039890

而函数sub_140039890才是关键的加密函数

0x61707865、0x3320646E均为Salsa20算法的固定参数

解密

由于密码只有0000~9999这10000种可能

加密后文件名又是flag.png.enc,所以原文件是个png文件

使用png固有文件头89504E47来判断解密是否成功

 Python
 
 from Cryptodome.Cipher import Salsa20
 
 cipher = open("flag.png.enc", "rb").read()
 for i in range(10000):
 key = str(i).rjust(4, '0').ljust(32, 'x00')
 nonce = b'x24x24x24x24x24x24x24x24'
 sal = Salsa20.new(key=key, nonce=nonce)
 plain = sal.decrypt(cipher)
 if plain.find(b"x89x50x4Ex47")>=0:
 open("flag.png", "wb").write(plain)
 break

  

[email protected]

【实战】文件加密器进行逆向

不安全
8 months 2 weeks ago
前言实战可以大大提高自己,学习技术的目的就是能够在实战中运用。本次实战与实际息息相关,该软件具有加密某文件的功能。界面还挺好看的,功能很简单,输入文件和PIN(4位)进加解密。

技能盛宴,荣耀收官 | 2024年江苏省第六届大学生网络空间安全知识技能大赛圆满落幕

嘶吼
8 months 2 weeks ago

为进一步宣传贯彻《网络安全法》,加速网络安全人才的培养和发展,推动网络安全技术的研究和应用,加强我国网络安全意识和防范能力。2024年江苏省第六届大学生网络空间安全知识技能大赛,12月28日于江苏安全技术职业学院云龙校区举办。

博智安全科技股份有限公司(以下简称“博智安全”)作为本次大赛协办和唯一技术支持单位,将为大赛赛事运营保障、综合流程把控、现场技术支撑等多方面提供全流程支持,充分发挥博智安全在赛事运营与综合实践中积累的丰富经验,有效助力实战环境下高效遂行能源网络安全防护提供有力支撑及人才保障。

比赛环节

本次竞赛包含夺旗解题、渗透测试、应急溯源、安全故障恢复等典型业务场景安全分析模块,各参赛选手依据竞赛模式通过给定赛题进行通过离线分析或在线交互的方式进行解题。

博智安全依托博智孪生仿真靶场,通过构建虚实结合的网络安全环境,提供集教、学、练、赛于一体,基于数字孪生技术,将虚拟网络环境与真实物理环境,以即插即用的方式无障碍连通,实现虚拟与真实融合。通过理论赛、解题赛、闯关赛、攻防赛等多种模式,提供全方位贴近实战的竞赛场景,满足各行业网络安全人才培养及选拔、网络安全大赛平台搭建以及实战对抗演练的需求,锤炼人员实战能力,是网络安全以赛备战的练兵场。

闭幕式

江苏省计算机学会副理事长、中国矿业大学计算机科学与技术学院院长周勇教授和江苏安全技术职业学院校长李桂萍教授在闭幕式上致辞。江苏省计算机学会信息安全专委会主任、南京信息工程大学计算机学院院长付章杰教授,江苏省计算机学会信息安全专委会秘书长、江苏师范大学计算机科学与技术学院刘亚丽教授,博智安全副总裁王路路等专家出席闭幕式,并为获奖队伍颁奖。

博智安全积极推进“网络强国”战略

本次大赛进一步宣传贯彻了《网络安全法》,落实中央网信办、教育部等部门印发的《关于加强网络安全学科建设和人才培养的意见》精神,在实战过程中培养大学生的创新精神和实践能力,形成学会主办、各行业部门深度参与的优秀网络安全人才培养、发现、选拔良性机制,加速网络安全人才的培养和发展,推动网络安全技术的研究和应用,加强我国网络安全意识和防范能力,促进网络安全事业健康、科学、有序发展。

多年来,博智安全高度重视网络安全人才培养。网络安全就是国家安全,培养高素质网络安全人才是根基所在,作为专业网络靶场提供商,博智孪生仿真靶场拥有领先的技术优势及网络安全竞赛服务经验。博智安全将牢记使命,充分发挥自身技术优势,助力政府、高校、产业界培养攻防兼备的网络安全人才,为“网络强国”战略持续供能。

企业资讯

CVE-2012-2693 | Red Hat libvirt up to 0.0.4 access control (RHSA-2013:0127 / Nessus ID 68698)

Vuldb Updates
8 months 2 weeks ago
A vulnerability has been found in Red Hat libvirt up to 0.0.4 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper access controls. This vulnerability is known as CVE-2012-2693. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad