-
RWCTF 6th RIPTC Write-up zh-CN
0x00 出题背景
某日瞥见Breaking the Code - Exploiting and Examining CVE-2023-1829 in cls_tcindex Classifier Vulnerability 这篇文章,讲述了CVE-2023-1829 漏洞成因及利用方法,对应的修复方案是删除整个
cls_tcindex.c
文件。今年net/sched
攻击面在kctf/kernelCTF
上大火,引起了安全社区对linux kernel安全的广泛关注,遂以历史遗迹tcindex
为切入点,寻找该文件可能存在的其他安全问题,将这场贴身肉搏的经历献给RWCTF的参赛选手们,望乞海涵。 -
RWCTF 6th RIPTC Write-up
0x00 Background
One day, I came across the article Breaking the Code - Exploiting and Examining CVE-2023-1829 in cls_tcindex Classifier Vulnerability, which discusses the cause and exploitation of the CVE-2023-1829. The corresponding remediation is to remove the entire
cls_tcindex.c
file. Thenet/sched
attack surface has been a hot topic onkctf/kernelCTF
since last year, sparking widespread attention from the security community towards the security of the Linux kernel. Therefore, using the historical artifacttcindex
as a starting point, I am looking for other potential security issues that may exist in this file. I dedicate this close-quarters combat experience to the ctfers of RWCTF, and hope you enjoy it. -
RWCTF 5th ShellFind Write-up
Background
IoT security has attracted the attention of the security industry and security competitions in recent years. When the vulnerabilities we discover are fixed or hit by the official ahead of time, it may make us feel uncomfortable. Therefore, we must start from the unique attack surface to find vulnerabilities and attack paths. This challenge is to use a certain IoT device that the public is more concerned about to map out a certain non-Web network service as the overall background. Because mapping port is a relatively common vulnerability scenario for debugging vulnerabilities or remote configuration services, it is easy to be exploited by malicious attackers, resulting in the formation of botnets. Related references are as follows:
-
Learn Android Application Debuggable
0x00 漏洞原理
如果对于已经发布的Android应用,在AndroidManifest.xml中设置了
android:debuggable
为true
,意味着应用程序可以被调试,因此会引入安全风险。后文通过搭建环境调试应用程序,实现漏洞的简单利用。 -
常见嵌入式Web服务器CGI处理功能简要分析
0x00 背景
在一些中小型的IoT设备中,当需要使用Web界面管理设备时,开发者可能会选取合适的开源嵌入式Web服务器进行二次开发,实现单纯的Web服务器中间件,或者将转发请求功能和后端处理功能融合在一个二进制文件当中。二次开发的特定功能如身份认证等和后端的CGI功能,在缺乏安全开发的意识之下很容易出现问题,因此了解熟悉嵌入式设备中常用的Web服务器和其CGI处理功能的实现方式,有助于快速发现设备Web端的审计或测试点。