Contract Call Injection Vulnerability write in front This article is written to summarize some of the problems the blogger encountered when doing a shooting range question in the past two days, as well as some insights into call injection. Call function First, let’s take a look at the call function:There are two ways to call between contracts: the underlying call method and the new contract method... »
Table of contents 1. Introduction 1.1 Overview 1.2 Introduction to Cisco Packet Tracer Simulator 1.3 Preparing tools 2. Packet Tracer simulator installation 2.1 Simulator installation 2.2 Chinese simulator 2.3 The last step, I won’t say what the specific purpose is. Cisco simulator Cisco Packet Tracer 7.3.0 installation and configuration Installation package link Link:https://pan.baidu.com/s/1KZpi... »
1 Overview (1) metasploitable-linux-2.0.0.zip download:Link:https://pan.baidu.com/s/1wb3z1oFNTO9DQY7RoQ4rUw?pwd=1111 Extraction code: 1111(2) VMware version: VMware Workstation 15 Pro (15.5.0 build-14665864) 2. Installation process(1) Directly decompress the compressed package: metasploitable-linux-2.0.0.zip. Double-click to select the extracted .vmx file (2) Modify the network configuration of th... »
Summary:Gas safety is related to the safety of life and property of thousands of households. The advantage of using Huawei Cloud IoT platform to build smart gas is that it can effectively monitor and control gas supply, realize remote alarm and control, automatic triggering and other emergency functions, and avoid the risk of human factors. security issues. This article is shared from Huawei Cloud... »
Welcome to follow the subscription column!The WEB security series includes the following three columns: “WEB Security Basics-Server-Side Vulnerabilities”“WEB Security Basics-Client Vulnerabilities”“Advanced WEB Security – Comprehensive Utilization” The knowledge points are comprehensive and detailed, the logic is clear, combined with actual combat, and equ... »
Table of contents 1. Principle 2. Rights escalation steps 1.Information collection (1) User permission collection (whoami&id) (2) SUID permission file collection (find / -user root -perm -4000 -exec ls -ldb {} \;) 2. Elevate privileges (1) Directory switching (cd /tmp) (2) Arbitrary file creation (touch file name) (3) Specific SUID privilege escalation (find/nmap/bash, etc. file name-exec whoa... »
People engaged in information security work often experience anxiety and irritability when faced with complex problems. Part of it may come from actual loopholes in the system and process. On the other hand, it may be due to some shortcomings in one’s own capabilities. Many people think that complex problems are more or less difficult to solve. If there is a good way to solve these two probl... »
MD5 encryption basic concept information **First of all, what is encryption? **Encryption uses a special algorithm to change the original information data, so that even if unauthorized users obtain the encrypted information, they still cannot understand the content of the information because they do not know the decryption method. **Symmetric encryption? **Symmetric encryption uses the same key fo... »
Take cloud database products as an example for in-depth comparative analysis: Is Huawei Cloud more secure or Alibaba Cloud? Blogger introductionCurrent market cloudAli CloudAlibaba Cloud cloud-native relational database PolarDB MySQL engineWhat is PolarDBProduct advantagesproduct architectureWrite once, read manySeparation of computing and storageRead and write separationHigh-speed link interconne... »
1. HFish honeypot Official introductionHFish is a community-based free honeypot that focuses on enterprise security scenarios. Starting from three scenarios: internal network compromise detection, external network threat perception, and threat intelligence production, it provides users with independently operable and practical functions. Through security, agility, and Reliable low- to medium-inter... »
