CVE-2024-0517 (Out of Bounds Write in V8)
1-day
Environment Setting # install depot_tools cd ~ git clone https://chromium.googlesource.com/chromium/tools/depot_tools.git export PATH=$HOME/depot_tools:$PATH echo 'export PATH=$HOME/depot_tools:$PATH' >> ~/.zshrc # get V8 cd ~ mkdir v8 cd v8 fetch v8 cd v8 git checkout d8fd81812d5a4c5c3449673b6a803279c4bdb2f2 gclient sync -D # build V8 ./build/install-build-deps.sh gn gen out/debug --args='v8_no..
OpenVAS 설치, 사용 방법
etc
Installation Setup 우분투에는 죽어도 안 깔리니까 삽질하지 말고 칼리에 설치하자.. sudo apt update -y sudo apt upgrade -y sudo apt dist-upgrade -y sudo apt install openvas -y sudo gvm-setup sudo gvm-setup을 실행했을 때 $ sudo gvm-setup [sudo] password for kali: [>] Starting PostgreSQL service [-] ERROR: The default PostgreSQL version (14) is not 15 that is required by libgvmd [-] ERROR: Use pg_upgradecluster to update your Postg..
[CyberSpace CTF 2024 / beginner] shelltester
CTF
Test your shellcode in my safe program!AttachmentAnalysisARM shellcode를 작성하는 문제이다.Exploitationex.py
[DreamHack] [LINE CTF 2021] babychrome
DreamHack
https://dreamhack.io/wargame/challenges/398/ Another babychrome Environment Setting Install depot_tools cd ~ git clone https://chromium.googlesource.com/chromium/tools/depot_tools.git export PATH=$HOME/depot_tools:$PATH echo -e '\nexport PATH=$HOME/depot_tools:$PATH' >> ~/.bashrc Get V8 source code cd ~ mkdir v8 cd v8 fetch v8 cd v8 git checkout c126700cbc1f7391b8b717f7c54b4f9537355db7 gclient s..
[DreamHack] [wargame.kr] type confusion
DreamHack
https://dreamhack.io/wargame/challenges/329 Simple Compare Challenge. hint? you can see the title of this challenge. :D Analysis $json->key와 $key가 같으면 플래그를 획득할 수 있는데, ==로 loose comparison을 수행합니다. https://www.php.net/manual/en/types.comparisons.php null이 아닌 문자열과 true를 비교하면 true가 됩니다. 따라서 $json->key가 true이면 $key의 값에 관계없이 조건이 참이 됩니다. Exploit 이렇게 입력을 주면 nope이 뜹니다. 그 이유는, 입력한 문자열이 URL encode되기 때문입니다...
h0meb0dy_
h0meb0dy