Kali Linux Practical: Comprehensive Operating System Vulnerability Mining and Defense System Construction

Kali Linux Practical: Comprehensive Operating System Vulnerability Mining and Defense System Construction

1. Technical System for Operating System Vulnerability Mining Operating system vulnerability mining is a core aspect of network security, encompassing the entire process from basic information gathering to deep vulnerability exploitation. Kali Linux, as the standard toolkit in penetration testing, integrates tools such as Nmap, Metasploit, and SQLmap, forming a vulnerability mining ecosystem that covers … Read more

Bypassing WAF at the HTTP Protocol Level

Bypassing WAF at the HTTP Protocol Level

PS: This article is for technical analysis only and is prohibited for other illegal uses. First, let me introduce myself. I’m a novice who started learning Web penetration testing in 2017. The reason? Of course, my own website was hacked… Getting to the point, as security awareness increases, enterprises are paying more attention to the … Read more

CVE-2025-0566 Stack Overflow Vulnerability Reproduction on A15-MIPS Architecture

CVE-2025-0566 Stack Overflow Vulnerability Reproduction on A15-MIPS Architecture

Vulnerability Overview The wechatLoginHelper.do interface of Landray OA has an SQL injection vulnerability, allowing attackers to exploit the SQL injection to obtain information from the database (such as administrator backend passwords and user personal information). In high privilege situations, attackers can even write a trojan to the server, further gaining system permissions. Asset Mapping Search … Read more

Wireshark – HTTP Protocol (Part 9)

Wireshark - HTTP Protocol (Part 9)

HTTP Hypertext Transfer Protocol(HyperText Transfer Protocol)Introduction to Principles The HTTP protocol is a transmission protocol used to transfer hypertext from WWW servers to local browsers. It enables browsers to operate more efficiently and reduces network transmission. It not only ensures that computers transmit hypertext documents correctly and quickly but also determines which part of the … Read more

Java Encryption and Security Defense: 20 Best Practices from National Secret Algorithms to Defending Against SQL Injection

Java Encryption and Security Defense: 20 Best Practices from National Secret Algorithms to Defending Against SQL Injection

At three in the morning, I was staring at the abnormal login records suddenly appearing on the production environment monitoring screen— a test account attempted to log in with a password 300 times within 5 minutes. This reminded me of a data breach incident I personally experienced three years ago: an e-commerce system used MD5 … Read more

When SQL Injection Encounters Strange Encoding Issues

When SQL Injection Encounters Strange Encoding Issues

Introduction Recently, during a penetration test for a client, I discovered a peculiar SQL injection. It was peculiar because the database connection encoding of the system was inconsistent with the actual database encoding, and the database table field names used Chinese characters, making it impossible to retrieve database data through normal means. The Story Begins … Read more

The Art of Chain Attacks in Internal Network Penetration

The Art of Chain Attacks in Internal Network Penetration

The Art of Chain Attacks in Internal Network Penetration This article is based on a simulated practical environment assessment conducted by Master Z for his apprentice 007, aimed at evaluating his thought process and capabilities in penetrating entry-level environments. The content is derived from 007’s retelling and records the entire chain attack path he took … Read more