Geekcon jdk高版本利用方式探索
old-loggroovy写的一个web服务,用的框架是Grails,依赖中存在log4j 2.14.1,并且有可控的log参数,那就变成了一个jndi的利用 jdk 1.8jdk 11jdk 17jdk 21
梧桐杯 AWD 复现
梧桐杯决赛的awd题目,一共三台靶机,其中一台靶机上运行了两个java服务,这里做一下awd中java题目的总结 关于patch jar包可以参考 https://github.com/H4cking2theGate/JarPatcher actuator-testbed本题的依赖如下,springboot版本为2.0.5.RELEASE 123456789101112131415161718192021222324252627282930<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId></dependency><dependency> <groupId>org.springframework.boot</groupId> ...
红明谷 赛题复现
Simp1escape题目有一个curl路由,允许访问url,但只能用http或者https协议,这里可以用302来ssrf 123456789101112131415161718192021@RequestMapping({"/curl"})public String curl(@RequestParam String url, HttpServletRequest request, HttpServletResponse response) throws Exception { if (!url.startsWith("http:") && !url.startsWith("https:")) { System.out.println(url.startsWith("http")); return "No protocol: " + url; } else { ...
AliyunCTF2024
chain17agent17依赖如下,给了一个入口的hessian2反序列化,题目自己给了一个Bean,其中的getter可以触发原生反序列化,不过存在很多黑名单 123456789101112131415161718<dependency> <groupId>com.alibaba</groupId> <artifactId>hessian-lite</artifactId> <version>3.2.13</version></dependency><dependency> <groupId>cn.hutool</groupId> <artifactId>hutool-all</artifactId> <version>5.8.16</version></dependency><!--...
qmb 线下java赛题复现
...
Javolution出题小记
Javolution A modern java challenge prepared for u, bypass it and achieve RCE ! 源码 https://github.com/H4cking2theGate/My-CTF-Challenges/tree/main/DubheCTF%202024/Javolution bypass/pal/cheat修改自己的defense为负数,让opponentPower溢出为负值,打败jetragon 升到50级后,传入localhost%00dubhe绕过host检测 123456789def levelup(): r = requests.get(url+"/pal/cheat?defense=-800000") print(r.text) r = requests.get(url+"/pal/battle/jetragon") print(r.text)def deser(): r =...
EKS Cluster Games Walkthrough
一个AWS EKS的靶场,正好学习一下EKS安全,地址https://eksclustergames.com/ Welcome To The ChallengeYou’ve hacked into a low-privileged AWS EKS pod. Use the web terminal below to find flags across the environment. Each challenge runs in a different Kubernetes namespaces with varying permissions. All K8s resources are crucial; challenges are based on real EKS misconfigurations and security issues. Click “Begin Challenge” on your desktop, and for guidance, click the question mark icon for useful cheat...
泛微E-cology 审计笔记
2741b02c3d329547ef81e21cfc3f87ca619ba595e21a074b28b62a6fa683d3d7 Hey, password is required here.
The Big IAM Challenge Walkthrough
地址 https://bigiamchallenge.com/ WIZ IAM挑战赛包含了六个IAM配置错误引发的漏洞,想通过这个小练习来了解一下IAM漏洞的基本原理和aws cli的简单使用,参考了很多wp,记录一下学习的过程。 IAM(Identity and Access Management) IAM security consists of policies and technologies designed to ensure that only authorized individuals gain access to the relevant resources within an organization. AWS IAM(Identity and Access Management)是亚马逊云服务中的身份和访问管理服务,用于管理对AWS资源的访问权限和安全性。IAM允许用户与AWS进行交互,每个用户都被赋予一个唯一的凭证(Access Key ID和Secret Access...
