Because Nacos is well known, give the following tips directly
FST deserialization
Do Better in Collection of information
做好信息收集嗷
Dockerfile of this challenge, use it in your case. This is pull from instance container host and just replace replace flag with fake one:)
靶机的 Dockerfile,刚从宿主机上拖下来,新鲜热乎,只是换了下 flag。
Due to amount of malicious requests the disk was full, and we have set the permission to 755 for /var/www/html,and You can get flag in this case, keep up~
由于有人写入大量文件搅屎,靶机网站目录(/var/www/html)调整为文件不能落地(755)了,已同步到上面的 Dockerfile,请继续尝试,你可以在这种情况下攻击成功的。:)
Do you know redis?
你了解redis吗?
Nginx features
https://wmctf2021-1251267611.file.myqcloud.com/LiHua_Sniff.pcapng.zip
Hacker L1near sniffed LiHua's traffic. Hope this can help.
著名黑客L1near嗅探到了LiHua的流量包,希望能帮到你。The domain penetration portal temporarily adds a user whose user name and password are admin, so that you can judge whether your SQL injection statement is correct. The domain penetration machine has only one web port open. Please do not use nmap or other tools to scan the entry IP.
域渗透入口临时加了一个 admin admin 的用户,让各位判断自己的语句是否正确。域渗透机器只有唯一web端口开放,请不要使用nmap等其他工具扫描入口ip了。
caught the villain of l1near. Although a new user was used when configuring the database, it seems that the call DBMS was executed call dbms_java.grant_Permission ('system ',' sys: Java. Io. Filepermission ',' all files > >,'execute ') please come and see what this is for.
抓住L1near的坏人在配置数据库的时候虽然用了全新的用户,但是似乎执行了call dbms_java.grant_permission( 'SYSTEM', 'SYS:java.io.FilePermission', '<
If fake check function is real and code is hide,what will you do?
https://blog.tst.sh/reverse-engineering-flutter-apps-part-1/
https://blog.tst.sh/reverse-engineering-flutter-apps-part-2/
smarty 3.1.39
After a day-long interrogation by the police, L1near confessed that he had manipulated the victim's computer remotely.
经过警方长达一天的审讯,L1near交代他曾经对受害人的电脑远程操控过。
The trick to breaking the limitations of Android 11 is in targetSdk.