• RWCTF 6th RIPTC Write-up zh-CN

    0x00 出题背景

    某日瞥见Breaking the Code - Exploiting and Examining CVE-2023-1829 in cls_tcindex Classifier Vulnerability 这篇文章,讲述了CVE-2023-1829 漏洞成因及利用方法,对应的修复方案是删除整个cls_tcindex.c文件。今年net/sched攻击面在kctf/kernelCTF上大火,引起了安全社区对linux kernel安全的广泛关注,遂以历史遗迹tcindex 为切入点,寻找该文件可能存在的其他安全问题,将这场贴身肉搏的经历献给RWCTF的参赛选手们,望乞海涵。

    Read on →

  • RWCTF 6th RIPTC Write-up

    0x00 Background

    One day, I came across the article Breaking the Code - Exploiting and Examining CVE-2023-1829 in cls_tcindex Classifier Vulnerability, which discusses the cause and exploitation of the CVE-2023-1829. The corresponding remediation is to remove the entire cls_tcindex.c file. The net/sched attack surface has been a hot topic on kctf/kernelCTF since last year, sparking widespread attention from the security community towards the security of the Linux kernel. Therefore, using the historical artifact tcindex as a starting point, I am looking for other potential security issues that may exist in this file. I dedicate this close-quarters combat experience to the ctfers of RWCTF, and hope you enjoy it.

    Read on →

  • RWCTF 5th ShellFind Write-up

    Background

    IoT security has attracted the attention of the security industry and security competitions in recent years. When the vulnerabilities we discover are fixed or hit by the official ahead of time, it may make us feel uncomfortable. Therefore, we must start from the unique attack surface to find vulnerabilities and attack paths. This challenge is to use a certain IoT device that the public is more concerned about to map out a certain non-Web network service as the overall background. Because mapping port is a relatively common vulnerability scenario for debugging vulnerabilities or remote configuration services, it is easy to be exploited by malicious attackers, resulting in the formation of botnets. Related references are as follows:

    Read on →

  • Learn Android Application Debuggable

    0x00 漏洞原理

    如果对于已经发布的Android应用,在AndroidManifest.xml中设置了android:debuggabletrue意味着应用程序可以被调试,因此会引入安全风险。后文通过搭建环境调试应用程序,实现漏洞的简单利用。

    Read on →

  • 常见嵌入式Web服务器CGI处理功能简要分析

    0x00 背景

    在一些中小型的IoT设备中,当需要使用Web界面管理设备时,开发者可能会选取合适的开源嵌入式Web服务器进行二次开发,实现单纯的Web服务器中间件,或者将转发请求功能和后端处理功能融合在一个二进制文件当中。二次开发的特定功能如身份认证等和后端的CGI功能,在缺乏安全开发的意识之下很容易出现问题,因此了解熟悉嵌入式设备中常用的Web服务器和其CGI处理功能的实现方式,有助于快速发现设备Web端的审计或测试点。

    Read on →