almost 2 years ago

本站之文章皆禁止以任何方式轉載,如有需求,可使用幾種方式來保存:
1. 加到我的最愛
2. 使用連結及標題作為引用
3. 存檔至自己電腦僅供自己離線閱讀

任何未經本人同意對本站文章之轉載、重製、散布等行為皆已違反著作權法,請務必留意。

Read on →
 
6 days ago

密码是flag{Y0u_c4n_und3rst4nd_bin4ry!}

利用IDA PRO分析後發現,輸入的密碼有32個bytes,每個byte分別與key中的每個byte做XOR運算再XOR 1後與result對應的byte比較,可知只要反向將result中的每個byte先XOR 1再XOR key中對應的每個byte就是正確密碼。

我用我熟悉的工具Cheat Enging以匯編寫下了script做解碼,並利用64位特性來簡化動作,最後結果存在result

GlobalAlloc(Main, 10240)
Label(key)
Label(result)
Label(Begin)
Label(End)
registersymbol(result)
CreateThread(Main)

Main:
mov rax, key
mov rbx, result
mov r8, 0101010101010101
xor rdi, rdi
Begin:
cmp rdi, 20
je End
mov rcx, [rbx+rdi] // [result + offset]
xor rcx, r8
xor rcx, [rax+rdi]
mov [rbx+rdi], rcx
add rdi, 08
jmp Begin

End:
ret 08

key:
DB 43 64 38 56 77 30 48 34 48 79 4B 31 6C 31 4F 4F
DB 54 41 71 32 6A 6F 4B 49 77 71 4C 61 6B 4D 6B 61

result:
DB 24 09 58 30 0D 68 79 40 16 1B 7E 5E 32 45 20 2A
DB 66 32 03 47 5F 00 2E 17 14 19 23 54 18 35 4B 1D

 
about 1 month ago

敬請期待

  • 客製化需求
  • 中央控管
  • 自動更新
 
about 2 months ago

Install JAVA Runtime

sudo apt-get update
sudo apt-get install default-jre
java -version

Install Unzip

sudo apt-get install unzip

Setup Firewall

/tmp/v4
*filter

# Allow all loopback (lo0) traffic and reject traffic

# to localhost that does not originate from lo0.

-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -s 127.0.0.0/8 -j REJECT

# Allow ping.

-A INPUT -p icmp -m state --state NEW --icmp-type 8 -j ACCEPT

# Allow SSH connections.

-A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT

# Allow HTTP and HTTPS connections from anywhere

# (the normal ports for web servers).

-A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT
-A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT

# Allow MS Login connections from anywhere

-A INPUT -p tcp --dport 8484 -m state --state NEW -j ACCEPT

# Allow MS Channel connections from anywhere

# Be sure to set the correct port rang based on your settings.

-A INPUT -p tcp --dport 7575:7595 -m state --state NEW -j ACCEPT

# Allow inbound traffic from established connections.

# This includes ICMP error returns.

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Log what was incoming but denied (optional but useful).

-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables_INPUT_denied: " --log-level 7

# Reject all other inbound.

-A INPUT -j REJECT

# Log any traffic that was sent to you

# for forwarding (optional but useful).

-A FORWARD -m limit --limit 5/min -j LOG --log-prefix "iptables_FORWARD_denied: " --log-level 7

# Reject all traffic forwarding.

-A FORWARD -j REJECT

COMMIT

Setup Apache2

sudo iptables-restore < /tmp/v4
sudo apt-get install iptables-persistent
sudo service iptables-persistent save
sudo iptables -vL

sudo apt-get install apache2
sudo cp /etc/apache2/apache2.conf /etc/apache2/apache2.conf.bak
sudo nano /etc/apache2/apache2.conf

apache2.conf
KeepAlive Off

...

<IfModule mpm_prefork_module>
    StartServers 4
    MinSpareServers 20
    MaxSpareServers 40
    MaxClients 200
    MaxRequestsPerChild 4500
</IfModule>

sudo a2dissite *default
cd /var/www/html
sudo mkdir example.com
cd exaple.com
sudo mkdir public_html
sudo mkdir log
sudo mkdir backups
sudo nano /etc/apache2/sites-available/example.com.conf

example.com.conf
# domain: example.com

# public: /var/www/html/example.com/public_html/


<VirtualHost *:80>
  # Admin email, Server Name (domain name), and any aliases

  ServerAdmin webmaster@example.com
  ServerName  example.com
  ServerAlias www.example.com

  # Index file and Document Root (where the public files are located)

  DirectoryIndex index.html index.php
  DocumentRoot /var/www/html/example.com/public_html
  # Log file locations

  LogLevel warn
  ErrorLog  /var/www/html/example.com/log/error.log
  CustomLog /var/www/html/example.com/log/access.log combined
</VirtualHost>

sudo a2ensite example.com.conf
sudo service apache2 restart

Setup MySQL

sudo apt-get install mysql-server
sudo mysql_secure_installation

/etc/mysql/my.cnf
#key_buffer

max_allowed_packet = 1M
thread_stack = 128K
...
max_connections = 75
...
table_open_cache = 32M
key_buffer_size = 32M

sudo service mysql restart
mysql -u root -p
CREATE DATABASE twms;
GRANT ALL ON twms.* TO 'example_user' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
quit

mysql -u example_user -p twms < FILE.sql

Setup PHP5

sudo apt-get install php5 php-pear
sudo apt-get install php5-mysql
sudo nano /etc/php5/apache2/php.ini

max_execution_time = 30
memory_limit = 128M
error_reporting = E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR
display_errors = Off
log_errors = On
error_log = /var/log/php/error.log
# register_globals = Off # REMOVED as of PHP 5.4.0.

sudo mkdir -p /var/log/php
sudo chown www-data /var/log/php
sudo service apache2 restart

Setup TobyShield

cd /var/www/html/example.com/public_html
unzip tobyshield.zip
nano config.php

Setup Server

cd ~
mkdir twms
cd twms
unzip twms.zip
nano settings.ini
chmod +x start.sh
./start.sh

 
2 months ago

開啟登錄編輯程式

進到機碼

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender

新增DWORD值名為DisableAntiSpyware,修改資料為1

Reference:
http://www.tenforums.com/tutorials/5918-windows-defender-turn-off-windows-10-a.html

P.S. 腐源大大沒附來源,我給0分

 
2 months ago

開啟登錄編輯程式

進到機碼

HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft

新增一個機碼Internet Explorer,新增Restrictions機碼到Internet Explorer底下
進入機碼

HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions

新增DWORD值名為NoHelpItemSendFeedback,修改資料為1

Reference:
http://samathalemonseio.com/topic/269886-windows-10-tip-registry-tweak-to-disable-%E2%80%9Csend-feedback%E2%80%9D-smiley-button-in-internet-explorer-toolbar/
http://beatexcel.com/disable-send-a-smile/

 
5 months ago

StringPool::GetInstance 函式

語法

StringPool * StringPool::GetInstance(void);

參數

不帶任何參數。

回傳值

回傳一個StringPool的Instance,若尚未建立則會自動建立一個。

StringPool::GetString 函式

語法

template<typename T>
ZXString<T> * StringPool::GetString(
  ZXString<T> *result, 
  unsigned int nIdx
);

參數

result[out]

用於存放取得的ZXString的指標。

nIdx

用於查詢的ID。[in]

回傳值

回傳一個ZXString的指標,如果該ID不存在,可能導致程式崩潰。

CMsgbox 與 CMsgboxLinkWeb 類別

程式庫提供兩種MsgBox,一個是CMsgbox,另一個是CMsgboxLinkWeb。使用方法都很簡單,參考下面範例就會了。

範例

很簡單的class使用,顯示一個訊息ID是0x102A的訊息窗。

CMsgbox只有一個OK按鈕,若連結網址不為空的話會顯示連結。

ZXString<char> sDesc = ""; // 連結文字
ZXString<char> sLink = ""; // 連結網址
ZXString<char> sMsg;       // 訊息文字
StringPool::GetInstance()->GetString(&sMsg, 0x102A);
TSingleton<CMsgbox>::CreateInstance()->Init(sMsg, sLink, sDesc);

直接使用C-Style字串也是可以的,編譯器會自動配置class。

TSingleton<CMsgbox>::CreateInstance()->Init("Test Text", "http://toby.logdown.com", "Test Link");

寫asm的話參考下面方法:

push ebp
mov ebp,esp
sub ebp,40
call TSingleton<CMsgbox>::CreateInstance
mov esi,eax
xor edi,edi
push ecx
mov ecx,esp
mov [ebp-04],esp
push -01
push sDesc
mov [ecx],edi
call ZXString<char>::Assign
push ecx
mov ecx,esp
mov [ebp-08],esp
push -01
push sLink
mov [ecx],edi
call ZXString<char>::Assign
push ecx
mov ecx,esp
mov [ebp-08],esp
push -01
push sMsg
mov [ecx],edi
call ZXString<char>::Assign
mov ecx,esi
call CMsgbox::Init
pop ebp
ret

台灣楓故事DEMO:

CMsgboxLinkWeb則是Yes-No訊息方塊,按Yes會打開連結。

ZXString<char> sLink = ""; // 連結網址
ZXString<char> sMsg = "";  // 訊息文字
TSingleton<CMsgboxLinkWeb>::CreateInstance()->Init(sMsg, sLink);

台灣楓故事DEMO:

 
7 months ago

可以選遊戲、選帳號,還能登入遊戲的登入器。
目前僅台灣帳號可登入、僅能用帳號密碼登入。

下載點:

Read on →
 
8 months ago
var url = location.href;
var regex;

if (regex = url.match(/m(.gamer.com.tw\/)forum\/(\S*)/))
{
    location.href = "http://forum" + regex[1] + regex[2];
}
else if (regex = url.match(/m(.gamer.com.tw\/)home\/(\S*)/))
{
    location.href = "http://home" + regex[1] + regex[2];
}
Read on →
 
8 months ago

以下操作不保證無風險,請自行評估資料安全並適當做好備份。

下載點:http://www.softpedia.com/get/Others/Signatures-Updates/Windows-XP-SP4-Unofficial.shtml#download

到登錄檔HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Control/NIs/Language
DefaultInstallLanguage改成0409重開機再安裝

語系代碼:
0404 = “zh-tw;Chinese (Taiwan)”
0804 = “zh-cn;Chinese (China)”
0C04 = “zh-hk;Chinese (Hong Kong SAR)”
1004 = “zh-sg;Chinese (Singapore)”
0409 = “en-us;English (United States)”

裝完後會變成英文界面,改回登錄值無效果。

此時請服用語言包:https://mega.nz/#!pQcRgKrD!UmU-DE0fBMFwEwSJVwFCg_0hnLyPeK9k2dwT6PAu7m0

至MUI執行MUISetup.exe,上下都選Chinese (Traditional),然後安裝。
過程中出現錯誤那是說明中心的語言無法安裝沒關係,略過繼續即可。
安裝完會出現一個需要插入XP光碟的畫面,這是因為原本不是英文版系統沒有多國語言的檔案,這時候需要一片英文安裝光碟,完成後重開機就是中文版囉。

Read on →