My name is chensihan,my online username is sxsymxsyy,a human,December 30,2009,you can find me in WGS84.

I speak six programming languages and two markup languages,that is about it. I was never herded into any kids coding farms.I dont have any hardware skills either.

I once milk china mobie,sanjiang shopping club,granesposa dry,not much,just a few million RMB(all gone now,sob sob sob.)
Use multiple zero-day vulnerabilities,I hacked into school routers and switches(2025/05/24),the optical modem(2025/6/3); and the JINGHUA city education bureasus XiaoYi AI educational assistant(2025/6/8 Ollama misconfiguration,2025/06/15,the education bureau did not respond,so I XSSed them combined with privilege escalation and deleted their models); Compromised serval library accounts; automatically bypassed bilibili text/click captchas (Using pytorch model+selenium+bilibili_api/geetest to automatically bypass v2 click captchas,see MgArcher/Text_select_captcha. My model will remain private.) to conduct sms bombing; I am also the mastermind behind a few trojan.

One of my virus release ran on smartboard OS at school.I patched the ps1 module(imagine a fireworks show),then a genius forward video to headmaster.
I explain it If a human assigns a drive letter to a removable drive,New-Object a COM object and call its eject method(2024/10/20). In the ps1 file,checking $null -ne $vollist inside the while-loops if-statement is more memory-efficient. As for the bat file,missing executionPolicy parameter,just set-executionpolicy bypass and we are good.
Oops,thanks to the so-called IT guru a.k.a dumbass J. His mindless routine,with mad flurry of clicks,now Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run entry delete? Nope!they skipp merrily acrross the address range from 0x0000 to 0xFFFF. however,the output of Test-Path C:\Windows\1.bat is a boolean object,which is $true.

One of the public 0day description
A vulnerability was found in H3C Magic NX15,Magic NX30 Pro,Magic NX400,Magic R3010 and Magic BE18000 up to V100R014.
Affected by this issue is some unkown functionality of the file /api/wizard/getWifiNeighbour of the component HTTP POST Request Handler.
The manipulation leads to command injection.
The attack needs to be initated within the local network.
Download NX15V100R012.bin.
It is a Squashfs file system,little-endian,version 4.0,compressed with xz.
Use binwalk to extract the firmware.the ELF header of the busybox has a fifth byte of the magic value equal to 01,so it is 32-bit,MIPS32 architecture,dynamically linked.
SHA-1 hash is 4a0fc68b2286fe3c504f48c3cb21174d12c33d43.
Open /www/api with an interactive disassembler,press ALT+T,input the string getWifiNeighbour,and precess enter to go into the FCGI_WizardProcess function.
Among the parameters of snprintf there is v14,which contains form data. By inserting the meta-character semicolon into v14,arbitray code can be executed after the lua command.

Basic.
When we open an application on a mobie phone,such as WeChat,what happens at this moment?
At this moment,the mobie phones sends several requests to the server(this requests is not the everydat meaning of asking someone for a favtor;it is a noun and can also be used as a verb).
After receiving the requests,the server sends back several responses.
Some of these responses correspond to the content we see,such as images,audio,and text,These responses are referred to as hypertext.
How are these requests actually sent?
When the mobie phone is connected to a wireless network,the requests are generally transmitted as follows
The mobile phone forwards the requests to a router,which then passes through multiple routers(different from the home router) before finally reaching the server of Tencent. How can we monitor these requests?
A long time ago,these requests could be observed by anyone with Internet access,but this is no longer possibe.(Why?)
To view and modify these requests(the purpose),it is necessary to perform packet capturing.
The term packet capturing refers to capturing requests;requests are sometimes referred to as packets,although the scope of packets is broader.
Ordinary packet capturing can only reveal meaningless content.
We need to install a cerificate on the mobile phone,and then run several programs on a computer to view the requests.The primary function of these programs is to forward our requests in order to achieve the purpose.
The certificate here is not the type that proves one's personal qualifications;due to time constraints,we will not discuss its specfics for now.
Targets of requests:
We can abstract a request from the client to the client to the server as a tuple,which is a data type known as an immutable list.
The length of this tuple is two:the zeroth element is the server's address,and the first element is the server's port number.
This tuple is referred to as a socket.
For example,accessing Baidu would be represented as(Baidu's address,port number). Port numbers are generally 80 or 443,especially when accessing websites. Next,let's discuss the format of a request.
Just as a human has head and a body,a request also has a head and a body. which are referred to as the request header and the request body,respectively. Next,let's take an example:
When we open Wechat on a newly purchased mobile phone,it will prompt us to log in.Why?Or,in other words,how does WeChat know that we are not currently logged in? The answer is found in the request header.
After logging,the server,in order to recognize our logged-in state,will add a piece of data in the subsequent request headers.
This data is referred to as a cookie.
The text in the requests must follow a specific syntax for proper composition. The syntax is omitted here.
Request are divided into several methods.
When a browser accesses a URL,it generally uses the GET method.When logging in to WeChat,the POST method is used,and so on.
I dont have time.