Aggregator

Rebound，以域控环境为基础的疯狂难度靶机。关键是在逐步完成基础信息的枚举时，还要将密码喷洒拷票攻击、影子凭据技术、还有更高级别的委派攻击RBCD等技术结合到一起。甚至在靶机的部署中还开启了 LDAP 签名要求和通道绑定等加固手段，加大了脚本和自动化攻击的使用门槛。其中所涉及的技术是红队攻击的典型手段，是必须掌握的关键技能。

在没有机器用户创建权限下通过impacket包进行远程利用

LatePoint WordPress 插件通过其布局参数包含本地文件包含漏洞。这种安全漏洞使攻击者能够直接在服务器上包含和执行 PHP 文件，从而可能允许在这些文件中执行恶意代码。

SQL order by 大小比较盲注 在做ctfshow web入门 的 web691时遇到了SQL order by 大小比较盲注问题。因为是第一次遇到，记录一下

在不可转发约束委派下，难以正常利用约束委派对目标进行攻击，我们可以通过绕过不可约束这一步来进行正常的攻击

如何监控一个濒临内战的冲突地区，尤其是在一个交通不便、互联网频繁中断、虚假信息泛滥的地区？

这是本次初赛的仅有的一个困难标注的题目，本题是常规的堆题目，但是没给libc文件，猜测libc成为本题最大的难点，然后就是从堆上打到栈上，从栈上绕过沙箱

​Apple has released security updates to backport patches released last month to older iPhones and iPads, addressing a zero-day bug that was exploited in "extremely sophisticated" attacks. [...]

A vulnerability, which was classified as problematic, was found in Dolusoft Omaspot. This impacts an unknown function. Such manipulation leads to cleartext transmission of sensitive information. This vulnerability is referenced as CVE-2025-7743. The attack needs to be initiated within the local network. No exploit is available. This product is a managed service. It is not possible for users to maintain vulnerability countermeasures themselves. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Dolusoft Omaspot. This affects an unknown function. This manipulation causes sql injection. The identification of this vulnerability is CVE-2025-7744. It is possible to initiate the attack remotely. There is no exploit available. This product is available as a managed service. Users are not able to maintain vulnerability countermeasures themselves. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Dolusoft Omaspot. The impacted element is an unknown function. The manipulation results in cross site scripting. This vulnerability was named CVE-2025-6575. The attack may be performed from remote. There is no available exploit. This product is a managed service. This means that users are not able to maintain vulnerability countermeasures themselves. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in ArgusTech BILGER up to 2.4.5. The affected element is an unknown function. The manipulation leads to insertion of sensitive information into sent data. This vulnerability is uniquely identified as CVE-2025-5519. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in Ubit Information STOYS up to 20250916. Impacted is an unknown function. Executing manipulation can lead to cross site scripting. This vulnerability is handled as CVE-2025-2404. The attack can be executed remotely. There is not any exploit available.

A vulnerability marked as problematic has been reported in Sparkle up to 2.7.1. This issue affects some unknown processing of the component Installer XPC Service. Performing manipulation results in incorrect authorization. This vulnerability is known as CVE-2025-10016. Attacking locally is a requirement. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in Form to Database Extension up to 2.2.4/3.2.1/4.2.2/5.0.1 on TYPO3. This vulnerability affects unknown code. Such manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-10316. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in Sparkle up to 2.7.1. This affects an unknown part of the file Downloader.xpc of the component XPC Service. This manipulation causes incorrect authorization. This vulnerability appears as CVE-2025-10015. The attack requires local access. There is no available exploit. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Edimax BR-6473AX 1.0.28. Affected by this issue is the function openwrt_getConfig. The manipulation results in privilege escalation. This vulnerability is reported as CVE-2025-56706. The attack can be launched remotely. No exploit exists.