math1as.com
Blog of MathiasWeb Securtiy&Deep Learning
http://www.math1as.com/
Web Securtiy&Deep Learning
http://www.math1as.com/
TODAY'S RATING
>1,000,000
Date Range
HIGHEST TRAFFIC ON
Friday
LOAD TIME
1 seconds
PAGES IN
THIS WEBSITE
19
SSL
EXTERNAL LINKS
63
SITE IP
157.7.108.29
LOAD TIME
1.026 sec
SCORE
6.2
Blog of Mathias | math1as.com Reviews
https://math1as.com
Web Securtiy&Deep Learning
math1as.com
利用某些数据库函数发起dns解析的特性来进行sql注入 - Blog of Mathias
http://www.math1as.com/index.php/archives/61
本文由 mathias 发表于 2015 年 05 月 17 日. DNS渗出,如预期那样,比最快的inband error-based 慢,但比最快的推断方法 布尔型盲注 还快。 这里注释一点自己的粗鄙理解:无论是Inband中的error-based还是OOB技术,它们的核心都是把数据库查询的表达式作为一个参数,传递到某些函数或者功能里,让这些函数来得到查询表达式的结果,并且利用本身的报错功能,或者远程访问,总之把这个结果传递了出来。 那么,从这里我们可以知道,这个问题的核心是我们要能找到一个能接受远程地址,或者说,能引发网络请求的函数,这样我们才能够利用它来得到查询表达式的结果。 这个函数在 Windows 下可以用来访问类似于 10.211.55.3 ipc$ 这样的地址。 附带: / 会被当成http:/ 的缩写, 则是file:。 因此目标的环境要求比较苛刻,需要 Windows 服务器,并且 MySQL 需要是 root 权限。 Http:/ drops.wooyun.org/tips/5283 感谢Knight的翻译和无私贡献。 Return to dl-resolve 技术分析.
西点札记-蛋糕篇(入门) - Blog of Mathias
http://www.math1as.com/index.php/archives/79
本文由 mathias 发表于 2015 年 07 月 14 日. 这里主要是关于基础蛋糕(戚风,天使) 自己总结出来的一点烘焙手法(更多的是自己的note作用,太容易忘了。 Linux function hook笔记 - LD PRELOAD. Return to dl-resolve 技术分析. Pwnable.kr Rookiss pt75 dragon. Pwnable.kr Rookiss pt33 ascii easy. Pwnable.kr Rookiss pt30 tiny easy. Pwnable.kr Rookiss pt50 simple-login. Tensorflow lstm for mnist. Tensorflow cnn 卷积神经网络入门 mnist. 为什么学长你 ML 这么熟练啊 你到底 ML 了多少次啊 (逃. PHP 中 Session 反序列化机制 R11; 码农网. Web3 session反序列化 http:/ www. 4CCTF Web Writeup[.]. 2016 Blog of Mathias.
关于 - Blog of Mathias
http://www.math1as.com/index.php/start-page.html
April 30th, 2015 at 01:47 am. August 18th, 2015 at 06:15 pm. From Crypto.Cipher import AES. Iv = " x8C xAE x65 x24 xA8 x63 xE3 x0F x9B x9D x8D xA2 xED x05 xAA x48". Ciphertext = " x16 xD0 x7A x30 x8E x24 xED xF8 xE7 x71 x57 x03 xC5 x74 xB6 xE3 x26 x40 x56 xE7 xE9 x56 xCF x76 x61 xBD x72 xE3 xC7 xFC x6C x15 x27 x3D x2A xED xA6 xB6 xEA x04 xF1 xCC xFE xF6 x77 xB4 x41 x66". Const = " x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00 x00". For x in range( 0, 255 ):. For y in range( 0, 255 ):.
Blog of Mathias
http://www.math1as.com/index.php/page/1
Linux function hook笔记 - LD PRELOAD. 比如 export ld preload=/home/xxx.so. Include stdio.h #include string.h int test(void) { char str1[20]; char str2[20]; sprintf(str1,test); sprintf(str2,test); if(strcmp(str1,str2)= 0) { printf(equal! Return 0; } int main(void) { test(); return 0; } 在我们的共享库中写如下代码 int strcmp(char * str1,char * str2) { return 1; }. 使用export LD PRELOAD=./test.so. Gcc -shared -o test.so test.c. Return to dl-resolve 技术分析. Return to dl-solve也是一种用于绕过aslr dep的技术. 使用readelf -r查看.rel.plt信息. 3再进行一次jm...
WebSec学习笔记之一:SQL注入 - Blog of Mathias
http://www.math1as.com/index.php/archives/53
本文由 mathias 发表于 2015 年 05 月 15 日. 1SQL注入 将着重介绍四种SQL注入(报错注入,联合查询,基于逻辑的盲注,基于时间的盲注)以及它们的原理,和应用范围. 2XSS跨站脚本攻击 将着重介绍四种XSS方式(反射XSS,存储XSS,Dom-XSS,Flash-XSS)以及它们的原理,和应用范围. 3PHP代码审计 将介绍笔者目前所掌握的几种主流的漏洞类型和审计方法(逻辑漏洞,sql注入,lfi本地包含,rcs远程命令执行). SQL注入攻击是一种很古老的攻击方式了,到现在其实已经有很多完美的解决方案,比如说预编译,比如owasp给出的处理函数. 现在,对于SQL注入,普遍来说有4种分类,报错注入,联合查询,基于逻辑的盲注,基于时间的盲注。 简单的说一下分类的依据. 其实这里进行分类,除了数据库本身的原因外,还有配套的脚本语言的关系。 而是要能够有完整的错误信息,例如unexpected xxxxx而不是一片空白(那是由于关闭了错误显示,查询返回了一个null结果). 在没有错误显示的情况下,只能通过返回的页面是否为null,来判断某个表达式是否正确,按每位来注入出结果。
TOTAL PAGES IN THIS WEBSITE
19
分类 CTF 下的文章 - Rj1ng's Blog
http://www.rj1ng.com/category/CTF
The ring of fortune&Coding the world&Clear mind. 首先说的就是它的第一关- 登录 开个玩笑 ,官方说明是平台被D了:-(,但是第二天做了负载均衡不是还挺顺的么。 再吐槽一下它的开题形式- 买题 并且不知道题目类型,于是我这个web狗连开几个re和pwn后,被杜神吐槽 最佳开pwn手。 一个小题目,送分题,但刚开始平台太卡 杜神curl了一下看到flag 听说这题是反spider的,所以curl很有效,其实直接复制粘贴链接 不得已 ,也是可以的,这是后来的笑谈。 看起来是base64,于是decode,然后去一个 = ,base32,再hex- ascii,ok,得到flag。 第四题,nes,赤色要塞,无聊打游戏通关了,看到了flag,但flag被挡了, 同时也被隐藏了一个字母 ,杜神说不方 分析色盘读出了flag。 Https:/ www.zybuluo.com/lightless/note/183904. Http:/ bobao.360.cn/ctf/learning/157.html. Id=1 AND 3720=IF( ORD(MID( SELE...
Gundams – Inory
http://inory.org/gundam/gundams
It's All About Moe,Programing,Webtest. 四月 10, 2015. 四月 28, 2015. Srun-3000-14.17.41.6. Ulysses' Brain Holes.
PHP – Inory
http://inory.org/tag/php
It's All About Moe,Programing,Webtest. 写着玩的舰娘服务器模拟 = = = = = = = = = = 02-25-2015 = = = = = […]. Ulysses' Brain Holes.
srun – Inory
http://inory.org/tag/srun
It's All About Moe,Programing,Webtest. 源码在此 链接 http:/ pan.baidu.com/s/1o6BLwKy 密 […]. Ulysses' Brain Holes.
Python – Inory
http://inory.org/category/python
It's All About Moe,Programing,Webtest. Ulysses' Brain Holes.
Gundam – Inory
http://inory.org/tag/gundam
It's All About Moe,Programing,Webtest. Ulysses' Brain Holes.
bilitest – Inory
http://inory.org/bilitest
It's All About Moe,Programing,Webtest. Ulysses' Brain Holes.
About – Inory
http://inory.org/about
It's All About Moe,Programing,Webtest. Ulysses' Brain Holes.
Python – Inory
http://inory.org/tag/python
It's All About Moe,Programing,Webtest. Ulysses' Brain Holes.
2015年4月 – Inory
http://inory.org/2015/04
It's All About Moe,Programing,Webtest. 写着玩的舰娘服务器模拟 = = = = = = = = = = 02-25-2015 = = = = = […]. Srun-3000-14.17.41.6. 源码在此 链接 http:/ pan.baidu.com/s/1o6BLwKy 密 […]. Ulysses' Brain Holes.
TOTAL LINKS TO THIS WEBSITE
63
Son Profil - Math1998 - Skyrock.com
Mot de passe :. J'ai oublié mon mot de passe. La position des blocs a été enregistrée. Tu n'as pas accès au profil de Math1998 car tu n'es pas connecté. Clique ici pour te connecter. Poster sur mon blog.
math19ln26's blog - vive les simpsons, les sims 2 et tokio hotel ! - Skyrock.com
Vive les simpsons, les sims 2 et tokio hotel! Simpsons,sims 2, Tokio Hotel, nos goûts,nos délires. 14/09/2007 at 12:24 PM. 27/09/2007 at 10:06 AM. Subscribe to my blog! Horrible le visage et surtout trop marrant! Don't forget that insults, racism, etc. are forbidden by Skyrock's 'General Terms of Use' and that you can be identified by your IP address (66.160.134.11) if someone makes a complaint. Please enter the sequence of characters in the field below. Posted on Friday, 21 September 2007 at 11:19 AM.
math1acceleratedcalendar.blogspot.com
Math 1 Accelerated Calendar (Semester 1)
Math 1 Accelerated Calendar (Semester 1). Mr Lakey's Main Blog Page. Semester 1 Begins - First Day of Parent meetings. August 26 - Car and Ramp Project (Linear Equations). Collection of Summer Work. Intro to Car and Ramp. Syllabus cut out by Friday. 2 Video notes on chapter 5.3 and 5.2. 27 - Car and Ramp Project (Linear Equations). SWBAT = Understand how to derive equations using point slope form and slope intercept form (Ch 5.3/5.2). Get out chapter 5.3 and 5.2 Notes. Continue with Car and Ramp Benchmark.
math1acceleratedcalendarsemester2.blogspot.com
Math 1 Accelerated Calendar Semester 2
Math 1 Accelerated Calendar Semester 2. Mr Lakey's Main Blog Page. Feburary 11th - Triangle Congruence through Transformations. SWBAT = Perform Transformations on the coordinate plane. Powerpoint on Transformations (Click on for powerpoint). 2 videos on Translations (Click here for videos). Notes must be completed on graph paper). Rocket Funds due ($10) by 3-16-15. Triangle Congruence through Transformations. SWBAT = Perform Transformations on the coordinate plane. Complete in table rotations). Review ea...
MATHEMATICS BILINGUAL SECTION COURSE 2010-2011
MATHEMATICS BILINGUAL SECTION COURSE 2010-2011. IES ELVIÑA (A CORUÑA); 1ST AND 2ND LEVELS OF ESO;. Welcome to the blog of the bilingual section of mathematics! Thursday, June 23, 2011. The course is over. We close the blog with this wonderful puzzle by Ignacio from 1ª A. Wednesday, June 22, 2011. A rhombus whose diagonals are 9 cm and 12 cm. A= 9x12:2= 54 cm cuadrados. Posted by ESO-FIRST COURSE A. Labels: 1 ESO A. This is a video of pitagoras theorem. Posted by ESO-FIRST COURSE A. Labels: 1 ESO A. A per...
Blog of Mathias
这里主要是关于基础蛋糕(戚风,天使) 自己总结出来的一点烘焙手法(更多的是自己的note作用,太容易忘了。 Ng-app 指令定义一个 AngularJS 应用程序。 Ng-model 指令把元素值 比如输入域的值 绑定到应用程序。 Ng-bind 指令把应用程序数据绑定到 HTML 视图。 之所以是mvc. 是因为这里Html视图的输入操作,可以传递到ng-model里,影响变量. Ng-app 指令告诉 AngularJS,某元素是 AngularJS 应用程序 的所有者。 Ng-bind 指令把应用程序变量 name 绑定到某个段落的 innerHTML。 Ng-bind本身打印到innerHtml,也就是说和直接在innerHtml中使用表达式{ 变量名} 是等效的。 使用data-ng- 来让网页对 HTML5 有效,在使用angular的同时,让这里值能被data取到. 对于表达式来说,当bind到html元素的时候,不需要加 }符号,当直接用到html视图中的时候,则需要添加. 控制器是 JavaScript 对象,由标准的 JavaScript 对象的构造函数 创建。 库呢主要就是jQu...
MATH1AS's blog - journal d'un étudiant de poitiers - Skyrock.com
Journal d'un étudiant de poitiers. Juste un journal, pour laisser une trace sur la toile, et plus tard dans quelques années le relire pour mieux voir le chemin parcourus. 15/12/2007 at 11:17 AM. 04/01/2014 at 8:49 AM. You can not see the blog of MATH1AS because you are not friends. Start with following MATH1AS to become friends. Post to my blog. Here you are free.
Math 1 Calendar (First Semester)
Math 1 Calendar (First Semester). Mr Lakey's Main Blog Page. Semester 1 Begins - First Day of Parent meetings. August 26 - Car and Ramp Project (Linear Equations). 27 - Car and Ramp Project (Linear Equations). Start Car and Ramp. Notes on Chapter 5.3/5.2 From my blog. Ch 53/5.2 Practice Work. 28 - Car and Ramp Project (Linear Equations). 2 Video Notes on Chapter 5.3/5.2 From my blog. Ch 53/5.2 Practice Work. 29 - Car and Ramp Project (Linear Equations). Review Ch 5.3/5.2 Practice Work. Review 5.3/5&#...
math1calendarsecondsemester.blogspot.com
Math 1 Calendar Second Semester
Math 1 Calendar Second Semester. SWBAT: Students will understand how to solve problems within the 6 strands of the C.A.H.S.E.E exam. Organize C.A.H.S.E.E folder. Start taking C.A.H.S.E.E. practice exam (if time). Khan Academy C.A.H.S.E.E Videos. Look at your 7th Period Math 1 document to find the videos that line up with the "Mathematical Strand" you are currently working on). SWBAT: Students will understand how to solve problems within the 6 strands of the C.A.H.S.E.E exam. Khan Academy C.A.H...Look ...
Math 1 Content
Mr Lakey's Main Blog Page. Math 1/Math 1 Accelerated Calendars. Math 1 Calendar (Second Semester). Math 1 Accelerated Calendar (Second Semester). Math 1 Calendar (First Semester). Math 1 Accelerated Calendar (First Semester). Car and Ramp Benchmark (Links to Review and New Material). Connecting Algebra and Geometry Through Coordinates. Exploring Exponential Equations through Savings and Credit Cards. Quadratics, Trigonometry, Physics, and Rockets. Exponents, Polynomials and Complex Numbers. I played high...
math1d's blog - so proud of them :)xx - Skyrock.com
More options ▼. Subscribe to my blog. Created: 03/01/2014 at 9:24 PM. Updated: 09/10/2014 at 3:44 PM. So proud of them :)xx. Zayn Malik - Liam Payne - Louis Tomlinson - Niall Horan and Harry Style. 5 boys who completly changed and saved our lives. Vous avez des fictions a me proposer :). Qu'elle soit sur larry ou sur un des boys en particulier ça ne me derrange pas :). The author of this blog only accepts comments from friends. You haven't logged in. Posted on Friday, 03 January 2014 at 11:18 PM.
