• RWCTF 6th RIPTC Write-up zh-CN

    0x00 出题背景

    某日瞥见Breaking the Code - Exploiting and Examining CVE-2023-1829 in cls_tcindex Classifier Vulnerability 这篇文章,讲述了CVE-2023-1829 漏洞成因及利用方法,对应的修复方案是删除整个cls_tcindex.c文件。今年net/sched攻击面在kctf/kernelCTF上大火,引起了安全社区对linux kernel安全的广泛关注,遂以历史遗迹tcindex 为切入点,寻找该文件可能存在的其他安全问题,将这场贴身肉搏的经历献给RWCTF的参赛选手们,望乞海涵。

    Read on →

  • RWCTF 6th RIPTC Write-up

    0x00 Background

    One day, I came across the article Breaking the Code - Exploiting and Examining CVE-2023-1829 in cls_tcindex Classifier Vulnerability, which discusses the cause and exploitation of the CVE-2023-1829. The corresponding remediation is to remove the entire cls_tcindex.c file. The net/sched attack surface has been a hot topic on kctf/kernelCTF since last year, sparking widespread attention from the security community towards the security of the Linux kernel. Therefore, using the historical artifact tcindex as a starting point, I am looking for other potential security issues that may exist in this file. I dedicate this close-quarters combat experience to the ctfers of RWCTF, and hope you enjoy it.

    Read on →

  • RWCTF 5th ShellFind Write-up


    IoT security has attracted the attention of the security industry and security competitions in recent years. When the vulnerabilities we discover are fixed or hit by the official ahead of time, it may make us feel uncomfortable. Therefore, we must start from the unique attack surface to find vulnerabilities and attack paths. This challenge is to use a certain IoT device that the public is more concerned about to map out a certain non-Web network service as the overall background. Because mapping port is a relatively common vulnerability scenario for debugging vulnerabilities or remote configuration services, it is easy to be exploited by malicious attackers, resulting in the formation of botnets. Related references are as follows:

    Read on →

  • Learn Android Application Debuggable

    0x00 漏洞原理


    Read on →

  • 常见嵌入式Web服务器CGI处理功能简要分析

    0x00 背景


    Read on →