Prologue Chinese Remainder Theorem (CRT) is also known as Sun zi’s Theorem. It first appear on the Chinese book called Sūnzǐ Suànjīng, literally The Mathematical Classic of Master Sun/Master Sun’s Mathematical Manual. Here’s the math question in that book. 今有物不知其數，三三數之餘二，五五數之餘三，七七數之餘二，問物幾何？ There is something, but we do not know its exact quantity. When divided by 3, the remainder is 2; when divided by 5, the remainder is 3; when divided by 7, the remainder is 2. What is the quantity? To solve ...

Prologue This article is mainly intended to serve as my own cheat sheet and notes, but if it can also help you, that would be great. The content is summarized from the original document, so you can regard this article as an TL;DR version of the document per se. I will consistently update the content if I find something missing or something worth to be noted. You can also contact me to update the content. Types of SQL Injection There’re 5 types of SQLi vulnerability or 5 ways that SQLMap can test ...

0x00 Challenge Info You are after an organised crime group which is responsible for the illegal weapon market in your country. As a secret agent, you have infiltrated the group enough to be included in meetings with clients. During the last negotiation, you found one of the confidential messages for the customer. It contains crucial information about the delivery. Do you think you can decrypt it? This is the description of the challenge, let’s see the encrypting script and try to decrypt it! 0 ...

0x00 Challenge Info As usual, let’s see the challenge desciption first. I missed my flag It’s a really simple description lol. Let’s directly dive into the analyzation part. 0x01 Reconnaissance Checksec ┌──(kali㉿kali)-[~/CTF/HTB/You know 0xDiablos] └─$ pwn checksec vuln [*] '/home/kali/CTF/HTB/You know 0xDiablos/vuln' Arch: i386-32-little RELRO: Partial RELRO Stack: No canary found NX: NX unknown - GNU_STACK missing PIE: No PIE (0x8048000) Stack: ...

Discalimer ⚠️ The resources for this article are from Stack-Based Buffer Overflows on Linux x86, and this article is intended only for personal review. It is advisable to consult the original resource for more detailed information. CPU Registers Registers are the essential parts of CPU. Almost every register have a small amout of storage space to store data temporarily. These registers can be classified as General registers, Control registers, Segment registers. The one we care the most is Gen ...

前言 寫這篇呢，主要是因為當初自己在選填大學志願的階段，翻了很多的成大不分系的文章，但是一直找不太到很確切的資訊。這讓我當初很糾結（因為我在入學前就很明確的知道自己的目標，這我後面會提），所以想要寫下這篇來回饋給後面的學弟妹們可以參考，希望對各位有幫助。 有句話我一直非常喜歡，是辯論圈中一個很厲害的學長說的。共勉之。 「知識是甚麼？知識就是我們迎風撒出一把沙，然後沙會瀰散在每個前行人的衣領中」　—　林聖偉 我的高中 我高中讀的是台中的明道中學，因為我們私校的系統和一般公立不太一樣，所以其實我們要在國中滿早的時候就決定高中要念文組還是理組。雖然我國中的時候理科成績比文科好，但是我在進入高中的時候卻是選擇了念文組。這是因為我當時一直想要念法律系，所以我也在高中的時候參加了很多法律相關的活動，包括辯論競賽等等。 但我記得我小時候（小學）一直有一個想要當駭客的夢想，只是小時候常常覺得這離自己太過於遙遠，所以從未嘗試去實現。直到高三學測前的四五十天前，我莫名其妙地接觸到了 Python（當時候女朋友說工程師很帥所以去學，愛情真偉大），也接觸到了 Kali Linux。我慢慢發現我自己相較於法 ...

Challenge 1 - pwn101 First, we use IDA to decompile the binary it gave us. We can see that the program declare a 60 bytes array for char v4. And the winnning condition is to use v4 to overflow and cover the value of v5, which is 1337 initially. Since it didn’t ask us to make v5 to a specific value, we can just make sure it not equal to 1337. To do that, I use a Python script to do it. from pwn import * r = remote("10.10.153.228", 9001) r.recvuntil("Type the required ingredients to make briyan ...