-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.html
281 lines (215 loc) · 29.7 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
<!DOCTYPE html><html lang="zh-Hans" data-theme="light"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"><title>Tyaoo's Blog</title><meta name="author" content="Tyaoo"><meta name="copyright" content="Tyaoo"><meta name="format-detection" content="telephone=no"><meta name="theme-color" content="#ffffff"><meta property="og:type" content="website">
<meta property="og:title" content="Tyaoo's Blog">
<meta property="og:url" content="https://tyaoo.github.io/index.html">
<meta property="og:site_name" content="Tyaoo's Blog">
<meta property="og:locale">
<meta property="og:image" content="https://tyaoo.github.io/img/avatar.jpg">
<meta property="article:author" content="Tyaoo">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="https://tyaoo.github.io/img/avatar.jpg"><link rel="shortcut icon" href="/img/favicon.png"><link rel="canonical" href="https://tyaoo.github.io/"><link rel="preconnect" href="//cdn.jsdelivr.net"/><link rel="preconnect" href="//busuanzi.ibruce.info"/><link rel="stylesheet" href="/css/index.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6/css/all.min.css" media="print" onload="this.media='all'"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox.css" media="print" onload="this.media='all'"><script>const GLOBAL_CONFIG = {
root: '/',
algolia: undefined,
localSearch: {"path":"search.xml","languages":{"hits_empty":"We didn't find any results for the search: ${query}"}},
translate: undefined,
noticeOutdate: undefined,
highlight: {"plugin":"highlighjs","highlightCopy":true,"highlightLang":true,"highlightHeightLimit":false},
copy: {
success: 'Copy successfully',
error: 'Copy error',
noSupport: 'The browser does not support'
},
relativeDate: {
homepage: false,
post: false
},
runtime: '',
date_suffix: {
just: 'Just',
min: 'minutes ago',
hour: 'hours ago',
day: 'days ago',
month: 'months ago'
},
copyright: undefined,
lightbox: 'fancybox',
Snackbar: undefined,
source: {
justifiedGallery: {
js: 'https://cdn.jsdelivr.net/npm/flickr-justified-gallery@2/dist/fjGallery.min.js',
css: 'https://cdn.jsdelivr.net/npm/flickr-justified-gallery@2/dist/fjGallery.min.css'
}
},
isPhotoFigcaption: false,
islazyload: false,
isAnchor: false
}</script><script id="config-diff">var GLOBAL_CONFIG_SITE = {
title: 'Tyaoo\'s Blog',
isPost: false,
isHome: true,
isHighlightShrink: false,
isToc: false,
postUpdate: '2023-03-19 10:16:13'
}</script><noscript><style type="text/css">
#nav {
opacity: 1
}
.justified-gallery img {
opacity: 1
}
#recent-posts time,
#post-meta time {
display: inline !important
}
</style></noscript><script>(win=>{
win.saveToLocal = {
set: function setWithExpiry(key, value, ttl) {
if (ttl === 0) return
const now = new Date()
const expiryDay = ttl * 86400000
const item = {
value: value,
expiry: now.getTime() + expiryDay,
}
localStorage.setItem(key, JSON.stringify(item))
},
get: function getWithExpiry(key) {
const itemStr = localStorage.getItem(key)
if (!itemStr) {
return undefined
}
const item = JSON.parse(itemStr)
const now = new Date()
if (now.getTime() > item.expiry) {
localStorage.removeItem(key)
return undefined
}
return item.value
}
}
win.getScript = url => new Promise((resolve, reject) => {
const script = document.createElement('script')
script.src = url
script.async = true
script.onerror = reject
script.onload = script.onreadystatechange = function() {
const loadState = this.readyState
if (loadState && loadState !== 'loaded' && loadState !== 'complete') return
script.onload = script.onreadystatechange = null
resolve()
}
document.head.appendChild(script)
})
win.activateDarkMode = function () {
document.documentElement.setAttribute('data-theme', 'dark')
if (document.querySelector('meta[name="theme-color"]') !== null) {
document.querySelector('meta[name="theme-color"]').setAttribute('content', '#0d0d0d')
}
}
win.activateLightMode = function () {
document.documentElement.setAttribute('data-theme', 'light')
if (document.querySelector('meta[name="theme-color"]') !== null) {
document.querySelector('meta[name="theme-color"]').setAttribute('content', '#ffffff')
}
}
const t = saveToLocal.get('theme')
if (t === 'dark') activateDarkMode()
else if (t === 'light') activateLightMode()
const asideStatus = saveToLocal.get('aside-status')
if (asideStatus !== undefined) {
if (asideStatus === 'hide') {
document.documentElement.classList.add('hide-aside')
} else {
document.documentElement.classList.remove('hide-aside')
}
}
const detectApple = () => {
if(/iPad|iPhone|iPod|Macintosh/.test(navigator.userAgent)){
document.documentElement.classList.add('apple')
}
}
detectApple()
})(window)</script><link rel="stylesheet" href="/css/custom.css"><meta name="generator" content="Hexo 6.3.0"><link rel="alternate" href="/atom.xml" title="Tyaoo's Blog" type="application/atom+xml">
</head><body><div id="sidebar"><div id="menu-mask"></div><div id="sidebar-menus"><div class="avatar-img is-center"><img src="/img/avatar.jpg" onerror="onerror=null;src='/img/friend_404.gif'" alt="avatar"/></div><div class="site-data is-center"><div class="data-item"><a href="/archives/"><div class="headline">Articles</div><div class="length-num">37</div></a></div><div class="data-item"><a href="/tags/"><div class="headline">Tags</div><div class="length-num">11</div></a></div><div class="data-item"><a href="/categories/"><div class="headline">Categories</div><div class="length-num">0</div></a></div></div><hr/></div></div><div class="page" id="body-wrap"><header class="full_page" id="page-header" style="background-image: url('/img/banner.jpg')"><nav id="nav"><span id="blog_name"><a id="site-name" href="/">Tyaoo's Blog</a></span><div id="menus"><div id="search-button"><a class="site-page social-icon search"><i class="fas fa-search fa-fw"></i><span> Search</span></a></div><div id="toggle-menu"><a class="site-page"><i class="fas fa-bars fa-fw"></i></a></div></div></nav><div id="site-info"><h1 id="site-title">Tyaoo's Blog</h1></div><div id="scroll-down"><i class="fas fa-angle-down scroll-down-effects"></i></div></header><main class="layout" id="content-inner"><div class="recent-posts" id="recent-posts"><div class="recent-post-item"><div class="post_cover right"><a href="/2023/03/18/CVE-2023-21839%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/" title="CVE-2023-21839漏洞分析"><img class="post_bg" src="" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="CVE-2023-21839漏洞分析"></a></div><div class="recent-post-info"><a class="article-title" href="/2023/03/18/CVE-2023-21839%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/" title="CVE-2023-21839漏洞分析">CVE-2023-21839漏洞分析</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">Created</span><time datetime="2023-03-18T06:29:36.000Z" title="Created 2023-03-18 14:29:36">2023-03-18</time></span></div><div class="content">
CVE-2023-21839漏洞分析
漏洞描述Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server.
影响版本
Weblogic 12.2.1.3.0
Weblogic 12.2.1.4.0
Weblogic 14.1.1.0.0
漏洞环境docker-compose.yml
123456789version: '2'services: weblogic: image: vulhub/weblogic:12.2.1.3-2018 environment: debugFlag: "true" ports: - "7001:7001" - "8453:8453"
漏洞复现
工具来源:https://github.com/DXask88MA/Weblog ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/2023/03/03/CVE-2022-44268%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/" title="CVE-2022-44268漏洞分析"><img class="post_bg" src="" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="CVE-2022-44268漏洞分析"></a></div><div class="recent-post-info"><a class="article-title" href="/2023/03/03/CVE-2022-44268%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/" title="CVE-2022-44268漏洞分析">CVE-2022-44268漏洞分析</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">Created</span><time datetime="2023-03-03T06:02:07.000Z" title="Created 2023-03-03 14:02:07">2023-03-03</time></span></div><div class="content">
CVE-2022-44268漏洞分析
漏洞描述ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary file (if the magick binary has permissions to read it).
漏洞环境vulhub环境
漏洞复现安装依赖
1pip install pypng
使用poc.py生成poc
1python poc.py generate -o poc.png -r /etc/passwd
上传文件并保存新生成的图片为out.png
使用poc.py提取文件信息
1python poc.py parse -i out.png
PNG组成
最好结合010Editor进行分析
PNG数据块
PNG定义了两种数据块,分别为关键数据块和辅助数据块
...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/2021/12/06/Tomcat%E5%86%85%E5%AD%98%E9%A9%AC/" title="Tomcat内存马"><img class="post_bg" src="" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Tomcat内存马"></a></div><div class="recent-post-info"><a class="article-title" href="/2021/12/06/Tomcat%E5%86%85%E5%AD%98%E9%A9%AC/" title="Tomcat内存马">Tomcat内存马</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">Created</span><time datetime="2021-12-06T07:51:42.000Z" title="Created 2021-12-06 15:51:42">2021-12-06</time></span></div><div class="content">
浅析Tomcat内存马
Web应用初始化流程
部署描述文件中由<listener>元素标记的事件监听器会被创建和初始化,事件监听器如果实现了ServletContextListener接口,将会调用其实现的contextInitialized()方法
部署描述文件中由<filter>元素标记的过滤器会被创建和初始化,并调用其init()方法,每一次请求时都只调用doFilter()方法进行处理
部署描述文件中由<servlet>元素标记的Servlet会根据<load-on-startup>的权值按顺序创建和初始化,并调用其init()方法,Servlet一旦被装入到Web容器之后,一般会长久驻留,直到Web容器停止运行或重新装入Servlet时结束生命周期,Servlet在第一次访问之后都只调用doGet()或doPost()方法
TomcatTomcat体系结构
Server:表示一个Tomcat实例(单例),即整个catalina servlet容器,主要是用来管理容器下各个Serivce组件的生命周期
Servi ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/2021/09/25/Handlebars-AST%E6%B3%A8%E5%85%A5/" title="Handlebars AST注入"><img class="post_bg" src="" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Handlebars AST注入"></a></div><div class="recent-post-info"><a class="article-title" href="/2021/09/25/Handlebars-AST%E6%B3%A8%E5%85%A5/" title="Handlebars AST注入">Handlebars AST注入</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">Created</span><time datetime="2021-09-25T08:34:23.000Z" title="Created 2021-09-25 16:34:23">2021-09-25</time></span></div><div class="content">
详细分析Handlebars AST注入
原理图
handlebars的parser在解析NumberLiteral类型的字符串时会使用Number()函数进行强制转换,正常情况下这个字符串只能数字,但是用过原型链污染我们可以构造一个非数字型的字符串
12345678// node_modules\handlebars\dist\cjs\handlebars\compiler\parser.jscase 35: this.$ = { type: 'StringLiteral', value: $$[$0], original: $$[$0], loc: yy.locInfo(this._$) }; break;case 36: this.$ = { type: 'NumberLiteral', value: Number($$[$0]), original: Number($$[$0]), loc: yy.locInfo(this._$) }; break;
在将AST编 ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/2021/06/30/Dubbo%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E%E7%A0%94%E7%A9%B6/" title="Dubbo反序列化漏洞研究"><img class="post_bg" src="" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Dubbo反序列化漏洞研究"></a></div><div class="recent-post-info"><a class="article-title" href="/2021/06/30/Dubbo%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E%E7%A0%94%E7%A9%B6/" title="Dubbo反序列化漏洞研究">Dubbo反序列化漏洞研究</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">Created</span><time datetime="2021-06-30T05:12:31.000Z" title="Created 2021-06-30 13:12:31">2021-06-30</time></span></div><div class="content">
分析一下CVE-2019-17564和CVE-2020-1849两个漏洞
前置知识简介
Apache Dubbo是一个分布式框架,致力于提供高性能透明化的RPC远程服务调用方案,以及SOA服务治理方案。Apache Dubbo在实际应用场景中主要负责解决分布式的相关需求。
dubbo
dubbo支持多种序列化方式并且序列化是和协议相对应的。比如:Dubbo支持dubbo、rmi、Hessian、http、webservice、thrift、redis等多种协议。
Hessian
Hessian是一种跨语言的高效二进制序列化方式。但这里实际不是原生的Hessian2序列化,而是阿里修改过的Hessian lite,Hessian是二进制的web service协议,官方对Java、Flash/Flex、Python、C++、.NET C#等多种语言都进行了实现。Hessian和Axis、XFire都能实现web service方式的远程方法调用,区别是Hessian是二进制协议,Axis、XFire则是SOAP协议,所以从性能上说Hessian远优于后两者,并且Hess ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/2021/06/03/Yii2%E6%9C%80%E6%96%B0%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96POP%E9%93%BE%E5%88%86%E6%9E%90/" title="Yii2最新反序列化POP链分析"><img class="post_bg" src="" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Yii2最新反序列化POP链分析"></a></div><div class="recent-post-info"><a class="article-title" href="/2021/06/03/Yii2%E6%9C%80%E6%96%B0%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96POP%E9%93%BE%E5%88%86%E6%9E%90/" title="Yii2最新反序列化POP链分析">Yii2最新反序列化POP链分析</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">Created</span><time datetime="2021-06-03T15:09:56.000Z" title="Created 2021-06-03 23:09:56">2021-06-03</time></span></div><div class="content">
Yii2 <= 2.0.42
研究Yii2最新的反序列化RCE,并参考作者思路挖掘新的Gadget
安装环境1composer create-project --prefer-dist yiisoft/yii2-app-basic yii2
把目录放到网站下,访问http://127.0.0.1/yii2/web即可
然后在controllers/SiteController.php文件下添加我们的测试路由:
1234public function actionTest(){ return unserialize(base64_decode($_GET["data"]));}
漏洞利用12345678910111213141516171819202122232425262728293031323334353637<?phpnamespace Faker;class DefaultGenerator{ protected $default ; function __construct($arg ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/2021/05/28/Laravel-Debug-mode-RCE%E5%A4%8D%E7%8E%B0/" title="Laravel Debug mode RCE复现"><img class="post_bg" src="" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Laravel Debug mode RCE复现"></a></div><div class="recent-post-info"><a class="article-title" href="/2021/05/28/Laravel-Debug-mode-RCE%E5%A4%8D%E7%8E%B0/" title="Laravel Debug mode RCE复现">Laravel Debug mode RCE复现</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">Created</span><time datetime="2021-05-28T06:15:46.000Z" title="Created 2021-05-28 14:15:46">2021-05-28</time></span></div><div class="content">
CVE-2021-3129
Laravel <= 8.4.2
Ignition <= 2.5.1
环境搭建
在kali2020下复现
123456789git clone https://github.com/laravel/laravel.git # 下载laravel源码cd laravel # 切换到laravel目录git checkout -b e849812 # 切换到存在漏洞的分支composer update # 更新composercomposer install # composer安装依赖composer require facade/ignition==2.5.1 # 下载存在漏洞版本组件mv .env.example .env # 更改.env文件php artisan key:generate # 生成Application keyphp artisan serve # 启动 ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/2021/05/25/FastJson%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E%E7%A0%94%E7%A9%B6/" title="Fastjson反序列化漏洞研究"><img class="post_bg" src="" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Fastjson反序列化漏洞研究"></a></div><div class="recent-post-info"><a class="article-title" href="/2021/05/25/FastJson%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E%E7%A0%94%E7%A9%B6/" title="Fastjson反序列化漏洞研究">Fastjson反序列化漏洞研究</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">Created</span><time datetime="2021-05-24T17:14:57.000Z" title="Created 2021-05-25 01:14:57">2021-05-25</time></span></div><div class="content">
研究Fastjson各版本系列反序列化漏洞
源码:https://github.com/alibaba/fastjson/wiki/Quick-Start-CN
安装依赖推荐在maven中配置,在pom.xml中添加
12345678<dependencies> <!-- https://mvnrepository.com/artifact/com.alibaba/fastjson --> <dependency> <groupId>com.alibaba</groupId> <artifactId>fastjson</artifactId> <version>1.2.24</version> </dependency></dependencies>
前置知识漏洞原理fastjson通过parse、parseObject处理以json结构传入的类的字符串形时,会默认调用该类的共有s ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/2021/05/12/%E5%86%85%E7%BD%91%E7%A9%BF%E9%80%8F/" title="内网穿透"><img class="post_bg" src="" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="内网穿透"></a></div><div class="recent-post-info"><a class="article-title" href="/2021/05/12/%E5%86%85%E7%BD%91%E7%A9%BF%E9%80%8F/" title="内网穿透">内网穿透</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">Created</span><time datetime="2021-05-12T12:38:28.000Z" title="Created 2021-05-12 20:38:28">2021-05-12</time></span></div><div class="content">
记录内网穿透的一些知识
前置知识内网穿透
利用各种隧道技术,以网络防火墙允许的协议,绕过网络防火墙的封锁,实现访问被封锁的目标网络。
隧道技术
隧道技术是一种通过使用互联网络的基础设施在网络之间传递数据的方式。使用隧道传递的数据(或负载)可以是不同协议的数据帧或包。隧道协议将这些其他协议的数据帧或包重新封装在新的包头中发送。新的包头提供了路由信息,从而使封装的负载数据能够通过互联网络传递。被封装的数据包在隧道的两个端点之间通过公共互联网络进行路由。被封装的数据包在公共互联网络上传递时所经过的逻辑路径称为隧道。一旦到达网络终点,数据将被解包并转发到最终目的地。注意隧道技术是指包括数据封装、传输和解包在内的全过程。
隧道分类
网络层隧道:ICMP等
传输层隧道:TCP、UDP等
应用层隧道:HTTP、DNS、SSH、RDP等
实战环境
在实战环境中,我们要考虑目标机器的出入网情况,有可能只允许ICMP出入网,抑或是只允许HTTP出网,我们需要视特定情况选择对应的隧道,选择反弹shell、代理或者端口转发,选择正向代理或者反向代理等等。
环境目标机器:
Win7
192.168 ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/2021/03/28/babyvm-vm%E9%80%86%E5%90%91/" title="babyvm-vm逆向"><img class="post_bg" src="" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="babyvm-vm逆向"></a></div><div class="recent-post-info"><a class="article-title" href="/2021/03/28/babyvm-vm%E9%80%86%E5%90%91/" title="babyvm-vm逆向">babyvm-vm逆向</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">Created</span><time datetime="2021-03-27T18:57:00.000Z" title="Created 2021-03-28 02:57:00">2021-03-28</time></span></div><div class="content">
题目源于【GWCTF 2019】,考点为vm逆向
记录一道比较典型的vm题
主函数程序主函数如下,下面我们对调用到的3个函数进行分析
vm自定义方法sub_55BE054DCCD1()函数用于存储需要调用到的方法,也可以观察到每调用完一次操作,a1就会自增跳到下一个命令,类似RIP功能
12345678910111213141516171819202122232425262728unsigned __int64 __fastcall sub_55BE054DCCD1(__int64 a1){ unsigned __int64 v2; // [rsp+18h] [rbp-8h] v2 = __readfsqword(0x28u); *(_DWORD *)a1 = 0; *(_DWORD *)(a1 + 4) = 0x12; *(_DWORD *)(a1 + 8) = 0; *(_DWORD *)(a1 + 12) = 0; *(_QWORD *)(a1 + 16) = &unk_55BE056DE060; *(_BYTE *)(a1 + 24) ...</div></div></div><nav id="pagination"><div class="pagination"><span class="page-number current">1</span><a class="page-number" href="/page/2/#content-inner">2</a><span class="space">…</span><a class="page-number" href="/page/4/#content-inner">4</a><a class="extend next" rel="next" href="/page/2/#content-inner"><i class="fas fa-chevron-right fa-fw"></i></a></div></nav></div><div class="aside-content" id="aside-content"><div class="card-widget card-info"><div class="is-center"><div class="avatar-img"><img src="/img/avatar.jpg" onerror="this.onerror=null;this.src='/img/friend_404.gif'" alt="avatar"/></div><div class="author-info__name">Tyaoo</div><div class="author-info__description"></div></div><div class="card-info-data is-center"><div class="card-info-data-item"><a href="/archives/"><div class="headline">Articles</div><div class="length-num">37</div></a></div><div class="card-info-data-item"><a href="/tags/"><div class="headline">Tags</div><div class="length-num">11</div></a></div><div class="card-info-data-item"><a href="/categories/"><div class="headline">Categories</div><div class="length-num">0</div></a></div></div><a id="card-info-btn" target="_blank" rel="noopener" href="https://github.com/Tyaoo"><i class="fab fa-github"></i><span>Follow Me</span></a></div><div class="sticky_layout"><div class="card-widget card-tags"><div class="item-headline"><i class="fas fa-tags"></i><span>Tags</span></div><div class="card-tag-cloud"><a href="/tags/Bypass/" style="font-size: 1.1em; color: #999">Bypass</a> <a href="/tags/CTF/" style="font-size: 1.5em; color: #99a9bf">CTF</a> <a href="/tags/PRACTICE/" style="font-size: 1.26em; color: #999fa8">PRACTICE</a> <a href="/tags/Penertration/" style="font-size: 1.18em; color: #999ca1">Penertration</a> <a href="/tags/Reverse/" style="font-size: 1.34em; color: #99a3b0">Reverse</a> <a href="/tags/Study/" style="font-size: 1.1em; color: #999">Study</a> <a href="/tags/WEB/" style="font-size: 1.1em; color: #999">WEB</a> <a href="/tags/WebLogic/" style="font-size: 1.1em; color: #999">WebLogic</a> <a href="/tags/%E6%B8%97%E9%80%8F/" style="font-size: 1.1em; color: #999">渗透</a> <a href="/tags/%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/" style="font-size: 1.42em; color: #99a6b7">漏洞分析</a> <a href="/tags/%E6%BC%8F%E6%B4%9E%E7%A0%94%E7%A9%B6/" style="font-size: 1.26em; color: #999fa8">漏洞研究</a></div></div><div class="card-widget card-archives"><div class="item-headline"><i class="fas fa-archive"></i><span>Archives</span><a class="card-more-btn" href="/archives/" title="More">
<i class="fas fa-angle-right"></i></a></div><ul class="card-archive-list"><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/03/"><span class="card-archive-list-date">March 2023</span><span class="card-archive-list-count">2</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2021/12/"><span class="card-archive-list-date">December 2021</span><span class="card-archive-list-count">1</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2021/09/"><span class="card-archive-list-date">September 2021</span><span class="card-archive-list-count">1</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2021/06/"><span class="card-archive-list-date">June 2021</span><span class="card-archive-list-count">2</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2021/05/"><span class="card-archive-list-date">May 2021</span><span class="card-archive-list-count">3</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2021/03/"><span class="card-archive-list-date">March 2021</span><span class="card-archive-list-count">6</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2021/02/"><span class="card-archive-list-date">February 2021</span><span class="card-archive-list-count">2</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2020/12/"><span class="card-archive-list-date">December 2020</span><span class="card-archive-list-count">1</span></a></li></ul></div><div class="card-widget card-webinfo"><div class="item-headline"><i class="fas fa-chart-line"></i><span>Info</span></div><div class="webinfo"><div class="webinfo-item"><div class="item-name">Article :</div><div class="item-count">37</div></div><div class="webinfo-item"><div class="item-name">UV :</div><div class="item-count" id="busuanzi_value_site_uv"></div></div><div class="webinfo-item"><div class="item-name">PV :</div><div class="item-count" id="busuanzi_value_site_pv"></div></div><div class="webinfo-item"><div class="item-name">Last Push :</div><div class="item-count" id="last-push-date" data-lastPushDate="2023-03-19T02:16:12.876Z"></div></div></div></div></div></div></main><footer id="footer"><div id="footer-wrap"><div class="copyright">©2020 - 2023 By Tyaoo</div><div class="framework-info"><span>Framework </span><a target="_blank" rel="noopener" href="https://hexo.io">Hexo</a><span class="footer-separator">|</span><span>Theme </span><a target="_blank" rel="noopener" href="https://github.com/jerryc127/hexo-theme-butterfly">Butterfly</a></div></div></footer></div><div id="rightside"><div id="rightside-config-hide"><button id="darkmode" type="button" title="Toggle Between Light And Dark Mode"><i class="fas fa-adjust"></i></button><button id="hide-aside-btn" type="button" title="Toggle between single-column and double-column"><i class="fas fa-arrows-alt-h"></i></button></div><div id="rightside-config-show"><button id="rightside_config" type="button" title="Setting"><i class="fas fa-cog fa-spin"></i></button><button id="go-up" type="button" title="Back To Top"><i class="fas fa-arrow-up"></i></button></div></div><div id="local-search"><div class="search-dialog"><nav class="search-nav"><span class="search-dialog-title">Local search</span><span id="loading-status"></span><button class="search-close-button"><i class="fas fa-times"></i></button></nav><div class="is-center" id="loading-database"><i class="fas fa-spinner fa-pulse"></i><span> Loading the Database</span></div><div class="search-wrap"><div id="local-search-input"><div class="local-search-box"><input class="local-search-box--input" placeholder="Search for Posts" type="text"/></div></div><hr/><div id="local-search-results"></div></div></div><div id="search-mask"></div></div><div><script src="/js/utils.js"></script><script src="/js/main.js"></script><script src="https://cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox.umd.js"></script><script src="/js/search/local-search.js"></script><div class="js-pjax"></div><script async data-pjax src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script></div><script src="/live2dw/lib/L2Dwidget.min.js?094cbace49a39548bed64abff5988b05"></script><script>L2Dwidget.init({"pluginRootPath":"live2dw/","pluginJsPath":"lib/","pluginModelPath":"assets/","tagMode":false,"debug":false,"model":{"jsonPath":"/live2dw/assets/hijiki.model.json"},"display":{"position":"left","width":150,"height":300},"mobile":{"show":false},"log":false});</script></body></html>