H4cking to the Gate .

Simp1escape题目有一个curl路由，允许访问url，但只能用http或者https协议，这里可以用302来ssrf 123456789101112131415161718192021@RequestMapping({"/curl"})public String curl(@RequestParam String url, HttpServletRequest request, HttpServletResponse response) throws Exception { if (!url.startsWith("http:") && !url.startsWith("https:")) { System.out.println(url.startsWith("http")); return "No protocol: " + url; } else { ...

chain17agent17依赖如下，给了一个入口的hessian2反序列化，题目自己给了一个Bean，其中的getter可以触发原生反序列化，不过存在很多黑名单 123456789101112131415161718<dependency> <groupId>com.alibaba</groupId> <artifactId>hessian-lite</artifactId> <version>3.2.13</version></dependency><dependency> <groupId>cn.hutool</groupId> <artifactId>hutool-all</artifactId> <version>5.8.16</version></dependency><!-- https://mvnrepository.com/artifact/com.h2database/h ...

2741b02c3d329547ef81e21cfc3f87ca057b45f395de86174a8274c661e2f800e6ea3ff035727570ae522fb43dbd3d02009d2f4284e243f5e83ddc3dd191a15eb42a39c2f77e3369d280f4207b91ebbc15d6167d36e577174c7f940ed507d56e7795f8f54e9b7aec52d3e4507c276892160ce816d63ddbd3f417420fcede4ebe3ddf4bcf7cb40d8afc07e7e06d0439a2d2933a383d1aa6a3ebb57341d8578ac5417433526ff63b60c3a777c6f9861c015591e4b3cf6abea71170899f8a11ccf2de13ee879bde980e82bf13def78671e4ea369fe38fb9935996d526c7ebabb2390fb79b3dea96acac37bf7e31614a486fb62b21e28237e872e ...

Javolution A modern java challenge prepared for u, bypass it and achieve RCE ! 源码 https://github.com/H4cking2theGate/My-CTF-Challenges/tree/main/DubheCTF%202024/Javolution bypass/pal/cheat修改自己的defense为负数，让opponentPower溢出为负值，打败jetragon 升到50级后，传入localhost%00dubhe绕过host检测 123456789def levelup(): r = requests.get(url+"/pal/cheat?defense=-800000") print(r.text) r = requests.get(url+"/pal/battle/jetragon") print(r.text)def deser(): r = requests.post(url+&q ...

一个AWS EKS的靶场，正好学习一下EKS安全，地址https://eksclustergames.com/ Welcome To The ChallengeYou’ve hacked into a low-privileged AWS EKS pod. Use the web terminal below to find flags across the environment. Each challenge runs in a different Kubernetes namespaces with varying permissions. All K8s resources are crucial; challenges are based on real EKS misconfigurations and security issues. Click “Begin Challenge” on your desktop, and for guidance, click the question mark icon for useful cheat sheet. Good l ...

2741b02c3d329547ef81e21cfc3f87ca619ba595e21a074b28b62a6fa683d3d7 Hey, password is required here.

地址 https://bigiamchallenge.com/ WIZ IAM挑战赛包含了六个IAM配置错误引发的漏洞，想通过这个小练习来了解一下IAM漏洞的基本原理和aws cli的简单使用，参考了很多wp，记录一下学习的过程。 IAM（Identity and Access Management） IAM security consists of policies and technologies designed to ensure that only authorized individuals gain access to the relevant resources within an organization. AWS IAM（Identity and Access Management）是亚马逊云服务中的身份和访问管理服务，用于管理对AWS资源的访问权限和安全性。IAM允许用户与AWS进行交互，每个用户都被赋予一个唯一的凭证（Access Key ID和Secret Access Key），以便使用API或SDK调用与AWS服务进行交互。 我理解的IAM就是云服务 ...

Derby题目pom如下，依赖druid和derby，jdk版本为17 12345678910111213141516171819<properties> <java.version>17</java.version></properties><dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>com.alibaba</groupId> <artifactId>druid</artifactId> <version>1.2.21< ...

未经身份验证的远程攻击者通过构造恶意请求可在一定程度绕过目标系统身份验证，并通过后台接口获得接管服务器的权限，最终可实现远程代码执行，由于攻击者无法泄露任何系统数据，因此不会影响机密性；但该漏洞利用会导致 Confluence 数据清空，对数据完整性产生不可逆的影响。 受影响版本 Atlassian confluence < 7.19.16 Atlassian confluence < 8.3.4 Atlassian confluence < 8.4.4 Atlassian confluence < 8.5.3 Atlassian confluence < 8.6.1 不受影响版本 Atlassian confluence >= 7.19.16 Atlassian confluence >=< 8.3.4 Atlassian confluence >= 8.4.4 Atlassian confluence >= 8.5.3 Atlassian confluence > ...