發表文章

目前顯示的是 三月, 2013的文章

Hackthissite Programming 第1關心得

圖片
題目網址:https://www.hackthissite.org/missions/prog/1/

本關重點:字串處理、搜尋

題目:Unscramble the words

You have to find the original (unscrambled) words, which were randomly taken from a wordlist. This level is about unscrambling words. Find the original (unscrambled) words, which were randomly taken from a wordlist. Send a comma separated list of the original words, in the same order as in the list below. You have 30 seconds time to send the solution.
List of scrambled words:
tsreaeh erxotp rtoatrc pdazoh abomob stieccl ruconyt sbownr kmfcue swleov (重新排列的十個單字)
題目會先給你一千多個單字的題庫,每個單字之間以換行字元隔開。接著會要求你在30秒之內把重新排列過的其中10個單字(如題)找出來,最後以逗點方式隔開答案。

整理單字題庫的字元數和ASCII碼,

一千多個單字,解題時間卻只有30秒,如果逐個字元比對,平均7個字元長度的10個重新排列單字需要 (1000+500+250+125+62+31+15)*字元比對*7*10,再加上暫存題庫的空間。我想可能不是個有效率的方法。因此我們先將題庫整理一下,列出所有單字的字元數和ascii碼然後以相同順序儲存到暫存陣列。依序進行字元數比對、ascii比對、逐字元比對,我估計計算時間可以減少為 (1000*字元長度比對+200*acii碼比對+5*字元比對*7)*10。

32 bits Windows 8 如何使用 4GB 以上記憶體(windows 8.1更新)

圖片
原始網頁:PAE patch updated for Windows 8 by wj32

PAE技術出現之後,很多人質疑 32 bits Windows OS 為什麼不能像32 bits linux 使用4 GB以上的記憶體,為什麼 XP sp1 曾經支援過 PAE 後來sp 2、sp 3卻被封印,面對問題微軟只有笑而不答。因此網路上很多解決方案(How to Enable PAE on a 32 Bit Windows XPWindows 7 32-bit with full 4 GB or 8 GB RAM support),只為了開啟被微軟封印的 PAE 技術。其中Windows 8 的解決方案卻付之闕如,有些人像我一樣因為透過 微軟 Windows 8 促銷 買到經濟實惠的作業系統。但是升級過程卻沒得選擇,只能直接從 32 bit XP 到 32 bit Windows 8。這下可好了,揪竟該如何讀取4 GB以上的記憶體呢?

32 bit Windows 8 專用Patch

神人 wj32 提出的 Patch 正好可以解決這個問題,使用前請先移除所有你曾用過的RAM Patch,並記得先備份系統。

Hackthissite Realistic 第15關心得

圖片
網址:http://www.hackthissite.org/missions/realistic/15

本關重點:耐心、zip檔解密、php可變變數、雜湊值還原、Linux指令、C語言緩衝區溢位

題目:Simple Mail
Message: Hi, please help me if you are against war like me. Rumours are saying that the seculas Ltd. company is developing an awful new laser aided weapon, and that they already have patents pending. Please try to find out what their latest patents are about. People say you know your shit and that you are an amazingly good hacker. It should not be a prob for someone with your skills. What I know is that seculas Ltd. hired a new programmer who is responsible for the server, and he passworded everything and always with different passwords. I heard about him, he is one the kind who locks the front door twice and leaves the back-door open.
If you think like me please help me and fight those people that make money with war. 大意就是, 某軍火商正在製造可怕的雷射武器,希望你阻止軍火商申請新的專利,並查出他們的專利內容有哪些。題目透漏一個有用的情報,維護官網的工程師雖然都有將資料加密,但卻是個粗心的人。

搜尋重要目錄和程式

就跟所有web滲透的題目一樣,先找出重要的目錄、或程式。並且尋找可以注入變數的欄位。
index.php
prod…